Blog RSSExploits RSSFacebook
CVE Certified

The Exploit Database

GHDB

 

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D   Description Plat. Author
2018-12-29   Hashicorp Consul Rexec Remote Command Execution 1105 REMOTE Quentin Kaiser
2018-12-29   Hashicorp Consul Services API Remote Command Execution 186 REMOTE Quentin Kaiser
2018-12-25   Kubernetes - (Authenticated) Arbitrary Requests 88 REMOTE evict
2018-12-25   Kubernetes - (Unauthenticated) Arbitrary Requests 94 REMOTE evict
2018-12-25   Netatalk - Bypass Authentication 105 REMOTE Tenable NS
2018-12-24   Netatalk Authentication Bypass 55 REMOTE Jacob Baines
2018-12-20   Erlang Port Mapper Daemon Cookie Remote Code Execution 68 REMOTE Milton Valencia
2018-12-20   Rukovoditel Project Management CRM 2.3.1 Remote Code Execution 53 REMOTE AkkuS
2018-12-17   Cisco RV110W Password Disclosure / Command Execution 196 REMOTE RySh
2018-12-14   Safari Proxy Object Type Confusion 59 REMOTE saelo

Local Exploits

Date D   Description Plat. Author
2019-01-03   Ayukov NFTP FTP Client 2.0 Buffer Overflow 467 LOCAL Uday Mittal
2018-12-28   Terminal Services Manager 3.1 Local Buffer Overflow 71 LOCAL bzyo
2018-12-28   Iperius Backup 5.8.1 Buffer Overflow 43 LOCAL bzyo
2018-12-28   MAGIX Music Editor 3.1 Buffer Overflow 27 LOCAL bzyo
2018-12-25   Keybase keybase-redirector - '$PATH' Local Privilege Escalation 71 LOCAL mirchr
2018-12-24   ATool 1.0.0.22 Buffer Overflow 62 LOCAL Aloyce J. Makalanga
2018-12-24   AnyBurn 4.3 Local Buffer Overflow 32 LOCAL Matteo Malvica
2018-12-24   GIGABYTE Driver Privilege Escalation 62 LOCAL SecureAuth
2018-12-24   ASUS Driver Privilege Escalation 61 LOCAL http://www.secureauth.com/
2018-12-21   XMPlay 3.8.3 Local Stack Overflow 26 LOCAL s7acktrac3

Web Applications

Date D   Description Plat. Author
2019-01-04   Apache CouchDB 2.3.0 Cross Site Request Forgery 580 WEB Ozer Goker
2019-01-03   Vtiger CRM 7.1.0 Remote Code Execution 227 WEB Ozkan Mustafa Akkus
2018-12-25   phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read 481 WEB VulnSpy
2018-12-17   Huawei Router HG532e Command Execution 215 WEB Rebellion
2018-12-12   ThinkPHP 5.x Remote Code Execution 612 WEB VulnSpy
2018-12-12   WordPress Snap Creek Duplicator Code Injection 209 WEB Julien Legras
2018-12-12   PrestaShop 1.6.x / 1.7.x Remote Code Execution 114 WEB farisv
2018-12-10   i-doit CMDB 1.11.2 - Remote Code Execution 89 WEB AkkuS
2018-12-06   HasanMWB 1.0 SQL Injection 127 WEB Ihsan Sencan
2018-12-05   NUUO NVRMini2 3.9.1 - Authenticated Command Injection 46 WEB Artem Metla

DoS/PoC

Date D   Description Plat. Author
2019-01-03   EZ CD Audio Converter 8.0.7 Denial Of Service 175 DOS Achilles
2019-01-03   NetworkSleuth 3.0.0.0 Denial Of Service 91 DOS Luis Martinez
2019-01-03   NBMonitor Network Bandwidth Monitor 1.6.5.0 Denial Of Service 107 DOS Luis Martinez
2018-12-29   WebKit JSC AbstractValue::set Use-After-Free 61 DOS lokihardt
2018-12-29   WebKit JSC JSArray::shiftCountWithArrayStorage Out-Of-Band Read / Write 44 DOS lokihardt
2018-12-28   Armitage 1.14.11 Denial Of Service 33 DOS Mr Winst0n
2018-12-28   NetShareWatcher 1.5.8 Denial Of Service 28 DOS T3jv1l
2018-12-28   ShareAlarmPro 2.1.4 Denial Of Service 33 DOS T3jv1l
2018-12-28   Product Key Explorer 4.0.9 Denial Of Service 42 DOS T3jv1l
2018-12-25   Google Chrome 70 - SQLite Magellan Crash (PoC) 125 DOS zhuowei

Shellcode

Date D   Description Plat. Author
2018-12-25   Linux/x86 - Kill All Processes Shellcode (14 bytes) 276 SHELLCODE strider
2018-12-20   Linux/x64 - Disable ASLR Security Shellcode (93 Bytes) 57 SHELLCODE Kağan Çapar
2018-12-12   Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 87 SHELLCODE T3jv1l
2018-12-05   Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes) 74 SHELLCODE Kağan Çapar
2018-12-05   Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes) 39 SHELLCODE Nelis
2018-11-14   Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shel 300 SHELLCODE Javier Tello
2018-11-01   Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator) 148 SHELLCODE Roziul Hasan Khan Shifat
2018-10-25   Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes 79 SHELLCODE Goutham Madhwaraj
2018-10-09   Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shel 88 SHELLCODE cq674350529
2018-10-09   Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 byt 80 SHELLCODE Kartik Durg

Papers

Date D   Description Plat. Author
2018-11-16   The Powerful Resource of PHP Stream Wrappers 143 PAPERS Netsparker
2018-11-01   Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam 49 PAPERS phrack
2018-10-09   A Red Teamer’s guide to pivoting 61 PAPERS Artem Kondratenko
2018-10-08   Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise) 41 PAPERS phrack
2018-01-15   Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata 787 PAPERS phrack
2017-08-28   Abusing Token Privileges For LPE 520 PAPERS drone and breenmachine
2017-01-12   OpenSSL - Weak KDF 523 PAPERS anonymous
2014-08-27   SSDP Amplification Scanner 361 PAPERS SaMaN
2014-06-26   [Hacking-Contest] SSH Server wrapper 356 PAPERS Jakob Lell
2012-03-20   Full MSSQL Injection PWNage 538 PAPERS CWH Underground