
The Exploit Database
The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.
Remote Exploits
Date | D | Description | Plat. | Author | |
---|---|---|---|---|---|
2025-05-29 |
![]() |
SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal | 15 | REMOTE | brahimsql |
2025-05-29 |
![]() |
Automic Agent 24.3.0 HF4 - Privilege Escalation | 6 | REMOTE | Flora Schfer |
2025-05-29 |
![]() |
SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal | 6 | REMOTE | Ibrahimsql |
2025-05-29 |
![]() |
Windows File Explorer Windows 11 (23H2) - NTLM Hash Disclosure | 4 | REMOTE | Mohammed Idrees Banyamer |
2025-05-29 |
![]() |
Automic Agent 24.3.0 HF4 - Privilege Escalation | 6 | REMOTE | Flora Sch鋐er |
2025-05-29 |
![]() |
Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass | 4 | REMOTE | Ibrahimsql |
2025-05-25 |
![]() |
ABB Cylon Aspect 3.08.03 - Guest2Root Privilege Escalation | 4 | REMOTE | LiquidWorm |
2025-05-25 |
![]() |
Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow | 3 | REMOTE | Pepelux |
2025-05-25 |
![]() |
Windows 2024.15 - Unauthenticated Desktop Screenshot Capture | 5 | REMOTE | Chokri Hammedi |
2025-05-21 |
![]() |
Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE) | 7 | REMOTE | Chokri Hammedi |
Local Exploits
Date | D | Description | Plat. | Author | |
---|---|---|---|---|---|
2025-05-25 |
![]() |
ABB Cylon Aspect Studio 3.08.03 - Binary Planting | 4 | LOCAL | LiquidWorm |
2025-05-25 |
![]() |
Microsoft Windows Server 2016 - Win32k Elevation of Privilege | 8 | LOCAL | Milad karimi |
2025-05-18 |
![]() |
Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation | 5 | LOCAL | Marco Ivaldi |
2025-05-13 |
![]() |
TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow | 3 | LOCAL | Mohamed Maatallah |
2025-05-13 |
![]() |
RDPGuard 9.9.9 - Privilege Escalation | 4 | LOCAL | Ahmet 躮it BAYRAM |
2025-05-09 |
![]() |
VirtualBox 7.0.16 - Privilege Escalation | 4 | LOCAL | Milad karimi |
2025-05-09 |
![]() |
Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege | 2 | LOCAL | Milad karimi |
2025-05-01 |
![]() |
Microsoft - NTLM Hash Disclosure Spoofing (library-ms) | 2 | LOCAL | hyp3rlinx |
2025-05-01 |
![]() |
ZTE ZXV10 H201L - RCE via authentication bypass | 4 | LOCAL | tasos meletlidis |
2025-05-01 |
![]() |
Daikin Security Gateway 14 - Remote Password Reset | 3 | LOCAL | LiquidWorm |
Web Applications
DoS/PoC
Date | D | Description | Plat. | Author | |
---|---|---|---|---|---|
2024-08-28 | ![]() |
Windows TCP/IP - RCE Checker and Denial of Service | 2 | DOS | Photubias |
2024-03-28 | ![]() |
RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service | 2 | DOS | ice-wzl |
2024-02-26 | ![]() |
Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS' | 3 | DOS | hyp3rlinx |
2024-02-19 | ![]() |
XAMPP - Buffer Overflow POC | 3 | DOS | Talson |
2024-02-13 | ![]() |
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service | 1 | DOS | LiquidWorm |
2024-02-09 | ![]() |
Elasticsearch - StackOverflow DoS | 3 | DOS | TOUHAMI Kasbaoui |
2024-02-02 | ![]() |
Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS | 4 | DOS | LiquidWorm |
2023-10-09 | ![]() |
OpenPLC WebServer 3 - Denial of Service | 4 | DOS | Kai Feng |
2023-10-09 | ![]() |
Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service | 1 | DOS | LiquidWorm |
2023-09-08 | ![]() |
SyncBreeze 15.2.24 - 'login' Denial of Service | 1 | DOS | mohamed youssef |
Shellcode
Date | D | Description | Plat. | Author | |
---|---|---|---|---|---|
2025-05-21 | ![]() |
Windows 11 x64 - Reverse TCP Shellcode (564 bytes) | 6 | SHELLCODE | Victor Huerlimann |
2025-05-21 | ![]() |
Linux/x86 - Reverse TCP Shellcode (95 bytes) | 5 | SHELLCODE | Al Baradi Joy |
2025-05-21 | ![]() |
Linux/x86-64 - execve(_/bin/sh_) Shellcode (36 bytes) | 2 | SHELLCODE | Sayan Ray |
2023-09-08 | ![]() |
Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes) | 3 | SHELLCODE | Senzee |
2023-08-21 | ![]() |
Linux/x64 - memfd_create ELF loader Shellcode (170 bytes) | 3 | SHELLCODE | Ivan Nikolsky |
2023-07-28 | ![]() |
Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes) | 2 | SHELLCODE | Senzee |
2023-04-25 | ![]() |
Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode | 3 | SHELLCODE | Nayani |
2023-04-05 | ![]() |
Linux/x86_64 - bash Shellcode with xor encoding | 3 | SHELLCODE | Jeenika Anadani |
2023-04-03 | ![]() |
Windows/x86 - Create Administrator User / Dynamic PEB & EDT method null-free She | 4 | SHELLCODE | Xavi Beltran |
2023-04-01 | ![]() |
FlipRotation v1.0 decoder - Shellcode (146 bytes) | 2 | SHELLCODE | Eduardo Silva |
Papers
Date | D | Description | Plat. | Author | |
---|---|---|---|---|---|
2018-11-16 | ![]() |
The Powerful Resource of PHP Stream Wrappers | 611 | PAPERS | Netsparker |
2018-11-01 | ![]() |
Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam | 556 | PAPERS | phrack |
2018-10-09 | ![]() |
A Red Teamer’s guide to pivoting | 463 | PAPERS | Artem Kondratenko |
2018-10-08 | ![]() |
Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise) | 1488 | PAPERS | phrack |
2018-01-15 | ![]() |
Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata | 1362 | PAPERS | phrack |
2017-08-28 | ![]() |
Abusing Token Privileges For LPE | 849 | PAPERS | drone and breenmachine |
2017-01-12 | ![]() |
OpenSSL - Weak KDF | 944 | PAPERS | anonymous |
2014-08-27 | ![]() |
SSDP Amplification Scanner | 707 | PAPERS | SaMaN |
2014-06-26 | ![]() |
[Hacking-Contest] SSH Server wrapper | 667 | PAPERS | Jakob Lell |
2012-03-20 | ![]() |
Full MSSQL Injection PWNage | 864 | PAPERS | CWH Underground |