Blog RSSExploits RSSFacebook
CVE Certified

The Exploit Database

GHDB

 

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D   Description Plat. Author
2018-02-11   JBoss 4.2.x/4.3.x - Information Disclosure 10 REMOTE JameelNabbo
2018-02-11   HPE iLO 4 < 2.53 - Add New Administrator User 1 REMOTE skelsec
2018-02-08   HiSilicon DVR Devices - Remote Code Execution 9 REMOTE Istvan Toth
2018-02-08   Dahua Generation 2/3 - Backdoor Access 12 REMOTE bashis
2018-02-08   Herospeed - 'TelnetSwitch' Remote Stack Overflow / Overwrite Password / Enable T 7 REMOTE bashis
2018-02-08   Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Cod 5 REMOTE Faisal Tameesh
2018-02-08   Geovision Inc. IP Camera & Video - Remote Command Execution 3 REMOTE bashis
2018-02-08   Geovision Inc. IP Camera/Video/Access Control - Multiple Remote Command Executio 4 REMOTE bashis
2018-02-05   MS17-010 EternalRomance / EternalSynergy / EternalChampion SMB Remote Windows Co 26 REMOTE sleepya
2018-02-05   Flexense SyncBreeze Enterprise 10.3.14 Buffer Overflow 4 REMOTE ryantzj

Local Exploits

Date D   Description Plat. Author
2018-02-12   Juju-run Agent Privilege Escalation 2 LOCAL Brendan Coles
2018-02-11   glibc '$ORIGIN' Expansion Privilege Escalation 1 LOCAL Brendan Coles
2018-02-11   glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation 1 LOCAL Brendan Coles
2018-02-11   Marked2 - Local File Disclosure 1 LOCAL Corben Leo
2018-02-08   MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation 3 LOCAL Souhail Hammou
2018-02-06   BOCHS 2.6-5 - Buffer Overflow 4 LOCAL Juan Sacco
2018-02-06   MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation 3 LOCAL Souhail Hammou
2018-02-05   Apport / ABRT chroot Privilege Escalation 8 LOCAL Brendan Coles
2018-02-05   Microsoft Windows Subsystem for Linux - 'execve()' Local Privilege Escalation 5 LOCAL Saar Amar
2018-02-01   systemd Local Privilege Escalation 12 LOCAL Michael Orlitzky

Web Applications

Date D   Description Plat. Author
2018-02-07   Hava Tahmin 1.0 Database Disclosure 5 WEB indoushka
2018-02-07   Hazir Site 2.2 Database Disclosure 3 WEB indoushka
2018-02-07   Gateway 1.0 Database Disclosure 4 WEB indoushka
2018-02-07   iPortalx Portal Scripti Database Disclosure 3 WEB indoushka
2018-02-06   Online Voting System - Authentication Bypass 6 WEB Giulio Comi
2018-02-05   Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal 7 WEB Dmitry Chastuhin
2018-01-31   BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure 17 WEB Paul Taylor
2018-01-30   Advantech WebAccess < 8.3 - SQL Injection 13 WEB Chris Lyne
2018-01-29   Asus Router Cross Site Script / Authentication Bypass 15 WEB 4TT4CK3R
2018-01-29   ASUS DSL-N14U B1 Router 1.1.2.3_345 - Change Administrator Password 15 WEB Víctor Calvo

DoS/PoC

Date D   Description Plat. Author
2018-02-11   Trend Micro IMSVA Management Portal 9.1.0.1600 Authentication Bypass 4 DOS Matthew Bergin
2018-02-11   macOS Kernel - Use-After-Free Due to Lack of Locking in 'AppleEmbeddedOSSupportH 2 DOS Google Security Research
2018-02-08   Asterisk 13.17.2 - 'chan_skinny' Remote Memory Corruption 3 DOS Juan Sacco
2018-02-08   Cisco ASA - Crash PoC 4 DOS Sean Dillon
2018-02-06   Claymore Dual GPU Miner 10.5 - Format String 4 DOS res1n
2018-02-06   WordPress Core - 'load-scripts.php' Denial of Service 3 DOS Barak Tawily
2018-02-02   WebKit - 'WebCore::FrameView::clientToLayoutViewportPoint' Use-After-Free 7 DOS Google Security Research
2018-02-02   WebKit - 'detachWrapper' Use-After-Free 5 DOS Google Security Research
2018-01-30   LabF nfsAxe 3.7 TFTP Client - Local Buffer Overflow 14 DOS Miguel Mendez Z
2018-01-30   macOS - 'sysctl_vfs_generic_conf' Stack Leak Through Struct Padding 11 DOS Google Security Research

Shellcode

Date D   Description Plat. Author
2018-02-05   Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode 6 SHELLCODE 0x4ndr3
2018-02-05   Linux/x64 - Custom Encoded XOR + Polymorphic + execve(/bin/sh) Shellcode (Genera 5 SHELLCODE 0x4ndr3
2018-02-05   Linux/x64 - Custom Encoded XOR + execve(/bin/sh) Shellcode 5 SHELLCODE 0x4ndr3
2018-02-05   Linux/x64 - Egghunter (0xbeefbeef) Shellcode (34 bytes) 5 SHELLCODE 0x4ndr3
2018-02-05   Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567 6 SHELLCODE 0x4ndr3
2018-02-05   Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode ( 3 SHELLCODE 0x4ndr3
2018-01-29   Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) Null Free Shellco 11 SHELLCODE rtmcx
2018-01-29   Linux/x86 - Egghunter Shellcode (12 Bytes) 11 SHELLCODE Nipun Jaswal
2018-01-29   Linux/x86 - Disable ASLR Security + Obfuscated Shellcode (23 bytes) 9 SHELLCODE 0xAlaufi
2018-01-24   Linux/x86 ROT-N + Shift-N + XOR-N Encoded /bin/sh Shellcode (77 bytes) 7 SHELLCODE Hashim Jawad

Papers

Date D   Description Plat. Author
2018-01-15   Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata 15 PAPERS phrack
2017-08-28   Abusing Token Privileges For LPE 64 PAPERS drone and breenmachine
2017-01-12   OpenSSL - Weak KDF 83 PAPERS anonymous
2014-08-27   SSDP Amplification Scanner 153 PAPERS SaMaN
2014-06-26   [Hacking-Contest] SSH Server wrapper 139 PAPERS Jakob Lell
2012-03-20   Full MSSQL Injection PWNage 279 PAPERS CWH Underground
2011-10-12   Reverse Shell Cheat Sheet 172 PAPERS pentestmonkey
2011-10-09   Beyond SQLi: Obfuscate and Bypass 149 PAPERS ZeQ3uL
2011-06-02   Local File Inclusion to Remote Command Execution using SSH 206 PAPERS LaNMaSteR53
2011-04-27   offsec官方渗透测试报告 599 PAPERS admin