Blog RSSExploits RSSFacebook
CVE Certified

The Exploit Database

GHDB

 

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D   Description Plat. Author
2017-02-23   Disk Savvy Enterprise 9.4.18 - Buffer Overflow (SEH) 0 REMOTE Peter Baris
2017-02-20   Microsoft SQL Server Clr Stored Procedure Payload Execution 9 REMOTE OJ Reeves
2017-02-20   WordPress 4.7 / 4.7.1 REST API Content Injection Exploit 8 REMOTE wvu
2017-02-20   Advantech WebAccess 8.1 Post Authentication Credential Collector Exploit 4 REMOTE sinn3r
2017-02-16   OpenText Documentum D2 - Remote Code Execution 21 REMOTE Andrey B. Panfilov
2017-02-15   Piwik 2.14.0 / 2.16.0 / 2.17.1 / 3.0.1 - Superuser Plugin Upload (Metasploit) 7 REMOTE FireFart
2017-02-13   F5 BIG-IP SSL Virtual Server - Memory Disclosure 6 REMOTE Ege Balci
2017-02-13   HP Smart Storage Administrator 2.30.6.0 - Remote Command Injection (Metasploit) 2 REMOTE Nicolas Mattiocco
2017-02-10   Apache OpenOffice Text Document Malicious Macro Execution 15 REMOTE sinn3r
2017-02-10   Microsoft Office Word Malicious Macro Execution 13 REMOTE sinn3r

Local Exploits

Date D   Description Plat. Author
2017-02-15   ShadeYouVPN Client 2.0.1.11 - Privilege Escalation 6 LOCAL Kacper Szurek
2017-02-09   GNU / Bash v4.4 autocompletion Code Execution Vulnerability 9 LOCAL Jens Heyens
2017-02-08   Zoom Player 12.7 / 13 Buffer Overflow 10 LOCAL sultan
2017-02-07   IVPN Client 2.6.1 - Privilege Escalation 3 LOCAL Kacper Szurek
2017-02-04   Debian 9 ntfs-3g - Privilege Escalation 5 LOCAL Kristian Erik Hermansen
2017-02-03   Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Privilege Escalation (PoC) 8 LOCAL Wolfgang Hotwagner
2017-02-03   Palo Alto Networks Terminal Services Agent 7.0.3-13 - Integer Overflow 1 LOCAL Parvez Anwar
2017-02-03   OpenSSH 6.8 < 6.9 - 'PTY' Privilege Escalation 7 LOCAL Federico Bento
2017-02-03   Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Privilege Escalation (PoC) 2 LOCAL Sebastian Krahmer
2017-02-03   Man-db 2.6.7.1 - Privilege Escalation (PoC) 0 LOCAL halfdog

Web Applications

Date D   Description Plat. Author
2017-02-23   Teradici Management Console 2.2.0 - Privilege Escalation 0 WEB hantwister
2017-02-22   AlienVault OSSIM/USM <= 5.3.1 - Remote Code Execution (Metasploit) 4 WEB Mehmet Ince
2017-02-22   Sonicwall 8.1.0.2-14sv - 'viewcert.cgi' Remote Command Injection (Metasploit) 3 WEB xort
2017-02-22   Sonicwall 8.1.0.2-14sv - 'extensionsettings.cgi' Remote Command Injection (Metas 2 WEB xort
2017-02-22   Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metaspl 3 WEB xort
2017-02-22   Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploi 4 WEB xort
2017-02-20   NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution 7 WEB SivertPL
2017-02-20   TI Online Examination System 2.0 Admin Password Changer Exploit 6 WEB StAkeR
2017-02-17   dotCMS 3.6.1 - Blind Boolean SQL Injection 12 WEB Ben Nott
2017-02-16   Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit) 7 WEB Davy Douhine

DoS/PoC

Date D   Description Plat. Author
2017-02-23   Google Chrome - 'layout' Out-of-Bounds Read 0 DOS Google Security Research
2017-02-23   EasyCom For PHP 4.0.0 - Denial of Service 0 DOS hyp3rlinx
2017-02-23   EasyCom For PHP 4.0.0 - Buffer Overflow (PoC) 1 DOS hyp3rlinx
2017-02-15   Microsoft Edge - TypedArray.sort Use-After-Free (MS16-145) 6 DOS Google Security Research
2017-02-15   Linux Kernel 3.10.0 (CentOS7) - Denial of Service 4 DOS FarazPajohan
2017-02-15   Tor Browser 6.0.5 remote Denial of Service Exploit 6 DOS sultan albalawi
2017-02-08   Zookeeper 3.5.2 - Denial of Service Exploit 4 DOS Brandon Dennis
2017-02-08   OpenBSD HTTPd < 6.0 - Memory Exhaustion Denial of Service Exploit 4 DOS Pierre Kim
2017-02-03   Microsoft Windows 10 - SMBv3 Tree Connect (PoC) 12 DOS laurent gaffie
2017-02-03   Apple WebKit - Type Confusion in RenderBox with Accessibility Enabled 12 DOS Google Security Research

Shellcode

Date D   Description Plat. Author
2017-02-21   Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes) 4 SHELLCODE Krzysztof Przybylski
2017-02-20   Linux - Reverse Shell Shellcode (66 bytes) 3 SHELLCODE Robert L. Taylor
2017-02-20   Windows x86 - Protect Process Shellcode (229 bytes) 4 SHELLCODE Ege Balci
2017-02-17   Linux - Dual/Multi mode Bind Shell Shellcode (156 bytes) 3 SHELLCODE odzhancode
2017-02-09   Linux/x86 - Reverse TCP Alphanumeric Staged Shellcode (103 bytes) 5 SHELLCODE Snir Levi
2017-02-03   Linux - Multi/Dual mode Reverse Shell Shellcode (129 bytes) 8 SHELLCODE odzhancode
2017-02-03   Linux - Multi/Dual mode execve("/bin/sh", NULL, 0) Shellcode (37 bytes) 0 SHELLCODE odzhancode
2017-02-03   Linux/x86_64 - execve /bin/sh Shellcode (22 bytes) 2 SHELLCODE Robert L. Taylor
2017-01-22   Linux/x86_64 - Bind 5600 TCP Port - Shellcode (87 bytes) 6 SHELLCODE Ajith Kp
2017-01-22   Linux/x86-64 - mkdir Shellcode (25 bytes) 5 SHELLCODE Ajith Kp

Papers

Date D   Description Plat. Author
2017-01-12   OpenSSL - Weak KDF 20 PAPERS anonymous
2014-08-27   SSDP Amplification Scanner 121 PAPERS SaMaN
2014-06-26   [Hacking-Contest] SSH Server wrapper 92 PAPERS Jakob Lell
2012-03-20   Full MSSQL Injection PWNage 225 PAPERS CWH Underground
2011-10-12   Reverse Shell Cheat Sheet 131 PAPERS pentestmonkey
2011-10-09   Beyond SQLi: Obfuscate and Bypass 116 PAPERS ZeQ3uL
2011-06-02   Local File Inclusion to Remote Command Execution using SSH 148 PAPERS LaNMaSteR53
2011-04-27   offsec官方渗透测试报告 379 PAPERS admin