Blog RSSExploits RSSFacebook
CVE Certified

The Exploit Database

GHDB

 

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D   Description Plat. Author
2018-04-23   ASUS infosvr Authentication Bypass Command Execution 10 REMOTE Brendan Coles
2018-04-19   Easy File Sharing Web Server 7.2 - Stack Buffer Overflow 23 REMOTE rebeyond
2018-04-19   Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Meta 12 REMOTE José Ignacio Rojo
2018-04-13   F5 BIG-IP 11.6 SSL Virtual Server - 'Ticketbleed' Memory Disclosure 25 REMOTE 0x00string
2018-04-08   Adobe Flash 28.0.0.137 Remote Code Execution 44 REMOTE SyFi
2018-04-04   Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection 24 REMOTE Talos
2018-04-03   Nginx 1.13.10 Accept-Encoding Line Feed Injection 71 REMOTE Keiliikoa Kirland
2018-04-02   Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Bu 20 REMOTE Chris Lyne
2018-03-30   ManageEngine Application Manager Remote Code Execution 35 REMOTE Mehmet Ince
2018-03-30   Exodus Wallet (ElectronJS Framework) - Remote Code Execution (Metasploit) 23 REMOTE Daniel Teixeira

Local Exploits

Date D   Description Plat. Author
2018-04-23   lastore-daemon D-Bus Privilege Escalation 52 LOCAL Brendan Coles
2018-04-19   AMD Plays.tv 1.27.5.0 - 'plays_service.exe' Arbitrary File Execution 4 LOCAL Securifera
2018-04-19   Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service 3 LOCAL Sahil Tikoo
2018-04-19   Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service 3 LOCAL Sahil Tikoo
2018-04-19   CloudMe Sync 1.11.0 Local Buffer Overflow 2 LOCAL Prasenjit Kanti Paul
2018-04-19   Zortam MP3 Media Studio 23.45 Buffer Overflow 2 LOCAL Kevin McGuigan
2018-04-19   Microsoft Window Manager (Windows 7 x86) - Menu Management Component UAF Privile 4 LOCAL xiaodaozhi
2018-04-19   Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS17-017) 8 LOCAL xiaodaozhi
2018-04-19   Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS16-039) 5 LOCAL xiaodaozhi
2018-04-16   GNU Beep 1.3 - 'HoleyBeep' Local Privilege Escalation 5 LOCAL Pirhack

Web Applications

Date D   Description Plat. Author
2018-04-19   Lutron Quantum 2.0 - 3.2.243 - Information Disclosure 7 WEB SadFud
2018-04-16   MikroTik 6.41.4 - FTP daemon Denial of Service PoC 3 WEB FarazPajohan
2018-04-16   Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execut 13 WEB Hans Topo
2018-04-16   Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execut 8 WEB Vitalii Rudnykh
2018-04-10   CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Executi 11 WEB RedTeam Pentesting
2018-04-04   ProcessMaker Plugin Code Execution 22 WEB Brendan Coles
2018-04-04   DuckDuckGo 4.2.0 WebRTC Private IP Leakage 19 WEB Brendan Coles
2018-04-02   Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload (Metasploit) 29 WEB Touhid M.Shaikh
2018-04-02   osCommerce 2.3.4.1 - Remote Code Execution 20 WEB Simon Scannell
2018-04-02   Homematic CCU2 2.29.23 - Remote Command Execution 21 WEB Gregor Kopf

DoS/PoC

Date D   Description Plat. Author
2018-04-23   Chrome V8 JIT NodeProperties::InferReceiverMaps Type Confusion 4 DOS lokihardt
2018-04-23   Microsoft Internet Explorer 11.371.16299.0 Denial Of Service 2 DOS hyp3rlinx
2018-04-19   VX Search 10.6.18 - 'directory' Local Buffer Overflow 2 DOS Kevin McGuigan
2018-04-19   Facebook Graph Groups Crosswalk User Metadata Mapping Weakness 1 DOS Todor Donev
2018-04-19   Facebook Graph Phone Number Metadata Crosswalk Mapping Proof Of Concept 1 DOS Todor Donev
2018-04-19   Facebook Graph Metadata Crosswalk Mapping Proof Of Concept 1 DOS Todor Donev
2018-04-17   Barco ClickShare CSE-200 - Remote Denial of Service 4 DOS Florian Hauser
2018-04-11   Google Chrome V8 JIT - 'LoadElimination::ReduceTransitionElementsKind' Type Conf 7 DOS Google Security Research
2018-04-10   CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure 6 DOS RedTeam Pentesting
2018-04-08   Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods 10 DOS Google Security Research

Shellcode

Date D   Description Plat. Author
2018-04-12   Linux/x64 - x64 Assembly Shellcode (Generator) 11 SHELLCODE 0x4ndr3
2018-03-26   Linux/x86 - EggHunter Shellcode (11 Bytes) 25 SHELLCODE Anurag Srivastava
2018-03-21   Linux/x86 - execve(/bin/sh) Shellcode (18 bytes) 29 SHELLCODE Anurag Srivastava
2018-02-26   Linux/ARM - Bind TCP (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) 69 SHELLCODE rtmcx
2018-02-05   Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode 69 SHELLCODE 0x4ndr3
2018-02-05   Linux/x64 - Custom Encoded XOR + Polymorphic + execve(/bin/sh) Shellcode (Genera 64 SHELLCODE 0x4ndr3
2018-02-05   Linux/x64 - Custom Encoded XOR + execve(/bin/sh) Shellcode 66 SHELLCODE 0x4ndr3
2018-02-05   Linux/x64 - Egghunter (0xbeefbeef) Shellcode (34 bytes) 59 SHELLCODE 0x4ndr3
2018-02-05   Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567 68 SHELLCODE 0x4ndr3
2018-02-05   Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode ( 73 SHELLCODE 0x4ndr3

Papers

Date D   Description Plat. Author
2018-01-15   Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata 111 PAPERS phrack
2017-08-28   Abusing Token Privileges For LPE 155 PAPERS drone and breenmachine
2017-01-12   OpenSSL - Weak KDF 148 PAPERS anonymous
2014-08-27   SSDP Amplification Scanner 223 PAPERS SaMaN
2014-06-26   [Hacking-Contest] SSH Server wrapper 235 PAPERS Jakob Lell
2012-03-20   Full MSSQL Injection PWNage 348 PAPERS CWH Underground
2011-10-12   Reverse Shell Cheat Sheet 239 PAPERS pentestmonkey
2011-10-09   Beyond SQLi: Obfuscate and Bypass 206 PAPERS ZeQ3uL
2011-06-02   Local File Inclusion to Remote Command Execution using SSH 307 PAPERS LaNMaSteR53
2011-04-27   offsec官方渗透测试报告 685 PAPERS admin