A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb

Find a file

Offensive Security 0be1ea959a DB: 2016-09-09 11 new exploits Samba 3.0.4 - SWAT Authorization Buffer Overflow Samba 3.0.4 SWAT - Authorisation Buffer Overflow Apache OpenSSL - 'OpenFuckV2.c' Remote Exploit Apache/mod_ssl (< 2.8.7) OpenSSL - 'OpenFuckV2.c' Remote Exploit (2) HP-UX FTP Server - Pre-Authentication Directory Listing Exploit (Metasploit) HP-UX FTP Server - Unauthenticated Directory Listing Exploit (Metasploit) WinEggDropShell 1.7 - Multiple Pre-Authentication Remote Stack Overflow (PoC) WinEggDropShell 1.7 - Multiple Unauthenticated Remote Stack Overflow (PoC) FileCOPA FTP Server 1.01 - (USER) Remote Pre-Authentication Denial of Service FileCOPA FTP Server 1.01 - (USER) Remote Unauthenticated Denial of Service Multiple Applications - Local Credentials Disclosure Asterisk 1.2.15 / 1.4.0 - Pre-Authentication Remote Denial of Service Asterisk 1.2.15 / 1.4.0 - Unauthenticated Remote Denial of Service IBM Lotus Domino Server 6.5 - Pre-Authentication Remote Exploit IBM Lotus Domino Server 6.5 - Unauthenticated Remote Exploit Frontbase 4.2.7 - Post-Authentication Remote Buffer Overflow (2.2) Frontbase 4.2.7 - Authenticated Remote Buffer Overflow (2.2) IBM Tivoli Provisioning Manager - Pre-Authentication Remote Exploit IBM Tivoli Provisioning Manager - Unauthenticated Remote Exploit Mercury SMTPD - Remote Pre-Authentication Stack Based Overrun (PoC) Mercury SMTPD - Remote Unauthenticated Stack Based Overrun (PoC) Mercury/32 4.51 - SMTPD CRAM-MD5 Pre-Authentication Remote Overflow Mercury/32 4.51 - SMTPD CRAM-MD5 Unauthenticated Remote Overflow SIDVault LDAP Server - Pre-Authentication Remote Buffer Overflow Mercury/32 3.32-4.51 - SMTP Pre-Authentication EIP Overwrite SIDVault LDAP Server - Unauthenticated Remote Buffer Overflow Mercury/32 3.32-4.51 - SMTP Unauthenticated EIP Overwrite Hexamail Server 3.0.0.001 - (pop3) Pre-Authentication Remote Overflow (PoC) Hexamail Server 3.0.0.001 - (pop3) Unauthenticated Remote Overflow (PoC) Airsensor M520 - HTTPD Remote Pre-Authentication Denial of Service / Buffer Overflow (PoC) Airsensor M520 - HTTPD Remote Unauthenticated Denial of Service / Buffer Overflow (PoC) Mercury/32 4.52 IMAPD - SEARCH command Post-Authentication Overflow Mercury/32 4.52 IMAPD - SEARCH command Authenticated Overflow SAP MaxDB 7.6.03.07 - Pre-Authentication Remote Command Execution McAfee E-Business Server - Remote Pre-Authentication Code Execution / Denial of Service (PoC) SAP MaxDB 7.6.03.07 - Unauthenticated Remote Command Execution McAfee E-Business Server - Remote Unauthenticated Code Execution / Denial of Service (PoC) MailEnable Pro/Ent 3.13 - (Fetch) Post-Authentication Remote Buffer Overflow MailEnable Pro/Ent 3.13 - (Fetch) Authenticated Remote Buffer Overflow NetWin Surgemail 3.8k4-4 - IMAP Post-Authentication Remote LIST Universal Exploit NetWin Surgemail 3.8k4-4 - IMAP Authenticated Remote LIST Universal Exploit HP OpenView NNM 7.5.1 - OVAS.exe SEH Pre-Authentication Overflow HP OpenView NNM 7.5.1 - OVAS.exe SEH Unauthenticated Overflow BigAnt Server 2.2 - Pre-Authentication Remote SEH Overflow BigAnt Server 2.2 - Unauthenticated Remote SEH Overflow Joomla Component JPad 1.0 - Post-Authentication SQL Injection Joomla Component JPad 1.0 - Authenticated SQL Injection CMS Made Simple 1.2.4 - (FileManager module) File Upload CMS Made Simple 1.2.4 - (FileManager module) Arbitrary File Upload freeSSHd 1.2.1 - Remote Stack Overflow PoC (Post-Authentication) freeSSHd 1.2.1 - Remote Stack Overflow PoC (Authenticated) freeSSHd 1.2.1 - (Post-Authentication) Remote SEH Overflow freeSSHd 1.2.1 - (Authenticated) Remote SEH Overflow vsftpd 2.0.5 - (CWD) Post-Authentication Remote Memory Consumption Exploit vsftpd 2.0.5 - (CWD) Authenticated Remote Memory Consumption Exploit Surgemail 39e-1 - Post-Authentication IMAP Remote Buffer Overflow Denial of Service Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow Denial of Service Debian OpenSSH - (Post-Authentication) Remote SELinux Privilege Elevation Exploit Debian OpenSSH - (Authenticated) Remote SELinux Privilege Elevation Exploit Oracle Internet Directory 10.1.4 - Remote Pre-Authentication Denial of Service Oracle Internet Directory 10.1.4 - Remote Unauthenticated Denial of Service AvailScript Jobs Portal Script - (Post-Authentication) (jid) SQL Injection AvailScript Jobs Portal Script - (Authenticated) (jid) SQL Injection AvailScript Jobs Portal Script - (Post-Authentication) File Upload AvailScript Jobs Portal Script - (Authenticated) Arbitrary File Upload Serv-U 7.3 - (Post-Authentication) (stou con:1) Denial of Service Serv-U 7.3 - (Post-Authentication) Remote FTP File Replacement Serv-U 7.3 - (Authenticated) (stou con:1) Denial of Service Serv-U 7.3 - (Authenticated) Remote FTP File Replacement Microsoft PicturePusher - ActiveX Cross-Site File Upload Attack (PoC) Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload Attack (PoC) Noticeware E-mail Server 5.1.2.2 - (POP3) Pre-Authentication Denial of Service Noticeware E-mail Server 5.1.2.2 - (POP3) Unauthenticated Denial of Service freeSSHd 1.2.1 - (Post-Authentication) SFTP rename Remote Buffer Overflow PoC freeSSHd 1.2.1 - (Authenticated) SFTP rename Remote Buffer Overflow PoC LoudBlog 0.8.0a - (Post-Authentication) (ajax.php) SQL Injection LoudBlog 0.8.0a - (Authenticated) (ajax.php) SQL Injection freeSSHd 1.2.1 - (Post-Authentication) SFTP realpath Remote Buffer Overflow PoC freeSSHd 1.2.1 - (Authenticated) SFTP realpath Remote Buffer Overflow PoC AJ Auction Authentication - Bypass Exploit AJ Auction - Authentication Bypass Simple Directory Listing 2 - Cross-Site File Upload Simple Directory Listing 2 - Cross-Site Arbitrary File Upload Mini File Host 1.x - Arbitrary PHP File Upload Mini File Host 1.x - Arbitrary .PHP File Upload Memberkit 1.0 - Remote PHP File Upload Memberkit 1.0 - Remote Arbitrary .PHP File Upload WinFTP 2.3.0 - 'LIST' Post-Authentication Remote Buffer Overflow WinFTP 2.3.0 - 'LIST' Authenticated Remote Buffer Overflow Coppermine Photo Gallery 1.4.19 - Remote PHP File Upload Coppermine Photo Gallery 1.4.19 - Remote Arbitrary .PHP File Upload Free Download Manager 2.5/3.0 - (Authorization) Stack Buffer Overflow (PoC) Free Download Manager 2.5/3.0 - Authorisation Stack Buffer Overflow (PoC) WikkiTikkiTavi 1.11 - Remote PHP File Upload WikkiTikkiTavi 1.11 - Remote Arbitrary.PHP File Upload Baran CMS 1.0 - Arbitrary ASP File Upload / File Disclosure / SQL Injection / Cross-Site Scripting / Cookie Manipulation Baran CMS 1.0 - Arbitrary .ASP File Upload / File Disclosure / SQL Injection / Cross-Site Scripting / Cookie Manipulation zFeeder 1.6 - 'admin.php' Pre-Authentication zFeeder 1.6 - 'admin.php' Unauthenticated Addonics NAS Adapter - Post-Authentication Denial of Service Addonics NAS Adapter - Authenticated Denial of Service Serv-U 7.4.0.1 - (SMNT) Post-Authentication Denial of Service Serv-U 7.4.0.1 - (SMNT) Authenticated Denial of Service Hannon Hill Cascade Server - (Post-Authentication) Command Execution Hannon Hill Cascade Server - (Authenticated) Command Execution Telnet-Ftp Service Server 1.x - (Post-Authentication) Multiple Vulnerabilities Telnet-Ftp Service Server 1.x - (Authenticated) Multiple Vulnerabilities Femitter FTP Server 1.x - (Post-Authentication) Multiple Vulnerabilities Femitter FTP Server 1.x - (Authenticated) Multiple Vulnerabilities Gravity Board X 2.0b - SQL Injection / Post-Authentication Code Execution Gravity Board X 2.0b - SQL Injection / Authenticated Code Execution XRDP 0.4.1 - Pre-Authentication Remote Buffer Overflow (PoC) XRDP 0.4.1 - Unauthenticated Remote Buffer Overflow (PoC) Addonics NAS Adapter - 'bts.cgi' Post-Authentication Remote Denial of Service Addonics NAS Adapter - 'bts.cgi' Authenticated Remote Denial of Service Cpanel - (Post-Authentication) (lastvisit.html domain) Arbitrary File Disclosure Cpanel - (Authenticated) (lastvisit.html domain) Arbitrary File Disclosure MySQL 5.0.45 - (Post-Authentication) COM_CREATE_DB Format String PoC MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String PoC Adobe JRun 4 - (logfile) Post-Authentication Directory Traversal Adobe JRun 4 - (logfile) Authenticated Directory Traversal FtpXQ FTP Server 3.0 - (Post-Authentication) Remote Denial of Service FtpXQ FTP Server 3.0 - (Authenticated) Remote Denial of Service NetAccess IP3 - (Post-Authentication) (ping option) Command Injection NetAccess IP3 - (Authenticated) (ping option) Command Injection Joomla 1.5.12 - tinybrowser Arbitrary File Upload / Execute Joomla 1.5.12 tinybrowser - Arbitrary File Upload /Execution Cerberus FTP server 3.0.6 - Pre-Authentication Denial of Service Cerberus FTP server 3.0.6 - Unauthenticated Denial of Service HP NNM 7.53 - ovalarm.exe CGI Pre-Authentication Remote Buffer Overflow HP NNM 7.53 - ovalarm.exe CGI Unauthenticated Remote Buffer Overflow Novell eDirectory 8.8 SP5 - (Post-Authentication) Remote Buffer Overflow Novell eDirectory 8.8 SP5 - (Authenticated) Remote Buffer Overflow httpdx 1.5.2 - Remote Pre-Authentication Denial of Service (PoC) httpdx 1.5.2 - Remote Unauthenticated Denial of Service (PoC) (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Pre-Authentication Crash (PoC) (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Crash (PoC) (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Pre-Authentication Remote Exploit (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Remote Exploit Easy~Ftp Server 1.7.0.2 - Post-Authentication Buffer Overflow Easy~Ftp Server 1.7.0.2 - Post-Authentication Buffer Overflow (SEH) (PoC) Easy~Ftp Server 1.7.0.2 - Post-Authentication Buffer Overflow (PoC) Easy~Ftp Server 1.7.0.2 - Authenticated Buffer Overflow Easy~Ftp Server 1.7.0.2 - Authenticated Buffer Overflow (SEH) (PoC) Easy~Ftp Server 1.7.0.2 - Authenticated Buffer Overflow (PoC) httpdx 1.5.3b - Multiple Remote Pre-Authentication Denial of Service (PoC) httpdx 1.5.3b - Multiple Remote Unauthenticated Denial of Service (PoC) Kerio MailServer 6.2.2 - Pre-Authentication Remote Denial of Service (PoC) Kerio MailServer 6.2.2 - Unauthenticated Remote Denial of Service (PoC) (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Pre-Authentication Buffer Overflow (Metasploit) (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Buffer Overflow (Metasploit) eDisplay Personal FTP server 1.0.0 - Pre-Authentication Denial of Service (PoC) eDisplay Personal FTP server 1.0.0 - Multiple Post-Authentication Crash SEH (PoC) eDisplay Personal FTP server 1.0.0 - Unauthenticated Denial of Service (PoC) eDisplay Personal FTP server 1.0.0 - Multiple Authenticated Crash SEH (PoC) eDisplay Personal FTP server 1.0.0 - Multiple Post-Authentication Stack Buffer Overflow (1) eDisplay Personal FTP server 1.0.0 - Multiple Authenticated Stack Buffer Overflow (1) eDisplay Personal FTP server 1.0.0 - Multiple Post-Authentication Stack Buffer Overflow (2) eDisplay Personal FTP server 1.0.0 - Multiple Authenticated Stack Buffer Overflow (2) uTorrent WebUI 0.370 - Authorization header Denial of Service uTorrent WebUI 0.370 - Authorisation Header Denial of Service Easy Ftp Server 1.7.0.2 - MKD Remote Post-Authentication Buffer Overflow Easy Ftp Server 1.7.0.2 - MKD Remote Authenticated Buffer Overflow ProSSHD 1.2 - Remote Post-Authentication Exploit (ASLR + DEP Bypass) ProSSHD 1.2 - Remote Authenticated Exploit (ASLR + DEP Bypass) Apache Axis2 Administration console - (Post-Authentication) Cross-Site Scripting Apache Axis2 Administration console - (Authenticated) Cross-Site Scripting (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Universal Pre-Authentication Denial of Service (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Universal Unauthenticated Denial of Service BlazeDVD 5.1 - '.plf' Stack Buffer Overflow (PoC) (Windows 7 ALSR + DEP Bypass) BlazeDVD 5.1 - '.plf' Stack Buffer Overflow (PoC) (Windows 7 ASLR + DEP Bypass) dotDefender 3.8-5 - Pre-Authentication Remote Code Execution (via Cross-Site Scripting) dotDefender 3.8-5 - Unauthenticated Remote Code Execution (via Cross-Site Scripting) Easy FTP Server 1.7.0.11 - (Post-Authentication) 'MKD' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - (Post-Authentication) 'LIST' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - (Authenticated) 'MKD' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - (Authenticated) 'LIST' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - (Post-Authentication) 'CWD' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - (Authenticated) 'CWD' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - (Post-Authentication) 'LIST' Command Remote Buffer Overflow (Metasploit) Easy FTP Server 1.7.0.11 - (Authenticated) 'LIST' Command Remote Buffer Overflow (Metasploit) UPlusFTP Server 1.7.1.01 - (Post-Authentication) HTTP Remote Buffer Overflow UPlusFTP Server 1.7.1.01 - (Authenticated) HTTP Remote Buffer Overflow Easy FTP Server 1.7.0.11 - (Post-Authentication) Multiple Commands Remote Buffer Overflow Easy FTP Server 1.7.0.11 - (Authenticated) Multiple Commands Remote Buffer Overflow Achievo 1.4.3 - Multiple Authorization Flaws Achievo 1.4.3 - Multiple Authorisation Flaws PHPMotion 1.62 - 'FCKeditor' File Upload PHPMotion 1.62 - 'FCKeditor' Arbitrary File Upload Home FTP Server 1.11.1.149 - Post-Authentication Directory Traversal Home FTP Server 1.11.1.149 - Authenticated Directory Traversal News Script PHP Pro - 'FCKeditor' File Upload News Script PHP Pro - 'FCKeditor' Arbitrary File Upload Microsoft Windows 2003 - AD Pre-Authentication BROWSER ELECTION Remote Heap Overflow Microsoft Windows 2003 - AD Unauthenticated BROWSER ELECTION Remote Heap Overflow ActFax Server FTP 4.25 Build 0221 (2010-02-11) - (Post-Authentication) Remote Buffer Overflow ActFax Server FTP 4.25 Build 0221 (2010-02-11) - (Authenticated) Remote Buffer Overflow Vtiger CRM 5.0.4 - Pre-Authentication Local File Inclusion Vtiger CRM 5.0.4 - Unauthenticated Local File Inclusion HP OpenView NNM 7.53/7.51 - OVAS.exe Pre-Authentication Stack Buffer Overflow HP OpenView NNM 7.53/7.51 - OVAS.exe Unauthenticated Stack Buffer Overflow MailEnable - Authorization Header Buffer Overflow MailEnable - Authorisation Header Buffer Overflow ColdFusion 8.0.1 - Arbitrary File Upload and Execution Adobe RoboHelp Server 8 - Arbitrary File Upload and Execution ColdFusion 8.0.1 - Arbitrary File Upload / Execution Adobe RoboHelp Server 8 - Arbitrary File Upload / Execution OpenX - banner-edit.php File Upload PHP Code Execution OpenX - banner-edit.php Arbitrary File Upload / PHP Code Execution Joomla 1.5.12 - tinybrowser File Upload Code Execution Joomla 1.5.12 tinybrowser - Arbitrary File Upload / Code Execution N_CMS 1.1E - Pre-Authentication Local File Inclusion / Remote Code Exploit N_CMS 1.1E - Unauthenticated Local File Inclusion / Remote Code Exploit If-CMS 2.07 - Pre-Authentication Local File Inclusion (1) If-CMS 2.07 - Unauthenticated Local File Inclusion (1) IPComp - encapsulation Pre-Authentication kernel memory Corruption IPComp - encapsulation Unauthenticated kernel memory Corruption SQL-Ledger 2.8.33 - Post-Authentication Local File Inclusion / Edit SQL-Ledger 2.8.33 - Authenticated Local File Inclusion / Edit Adobe Flash Player < 10.1.53.64 - Action Script Type Confusion Exploit (DEP + ASLR Bypass) Adobe Flash Player < 10.1.53.64 - Action Script Type Confusion Exploit (ASLR + DEP Bypass) Easy Ftp Server 1.7.0.2 - Post-Authentication Buffer Overflow Easy Ftp Server 1.7.0.2 - Authenticated Buffer Overflow ActFax Server FTP - (Post-Authentication) Remote Buffer Overflow ActFax Server FTP - (Authenticated) Remote Buffer Overflow If-CMS 2.07 - Pre-Authentication Local File Inclusion (Metasploit) (2) If-CMS 2.07 - Unauthenticated Local File Inclusion (Metasploit) (2) DVD X Player 5.5.0 Pro / Standard - Universal Exploit (DEP + ASLR Bypass) DVD X Player 5.5.0 Pro / Standard - Universal Exploit (ASLR + DEP Bypass) DVD X Player 5.5 Pro - (SEH DEP + ASLR Bypass) Exploit DVD X Player 5.5 Pro - (SEH + ASLR + DEP Bypass) Exploit TomatoCart 1.1 - Post-Authentication Local File Inclusion TomatoCart 1.1 - Authenticated Local File Inclusion BlazeVideo HDTV Player 6.6 Professional - Universal DEP + ASLR Bypass BlazeVideo HDTV Player 6.6 Professional - Universal ASLR + DEP Bypass QuiXplorer 2.3 - Bugtraq File Upload QuiXplorer 2.3 - Bugtraq Arbitrary File Upload QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows DEP_ASLR Bypass (Metasploit) QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows (ASLR + DEP Bypass) (Metasploit) Avaya WinPDM UniteHostRouter 3.8.2 - Remote Pre-Authentication Command Execution Avaya WinPDM UniteHostRouter 3.8.2 - Remote Unauthenticated Command Execution Sysax Multi Server 5.53 - SFTP Post-Authentication SEH Exploit Sysax 5.53 - SSH 'Username' Buffer Overflow Pre-Authentication Remote Code Execution (Egghunter) Sysax Multi Server 5.53 - SFTP Authenticated SEH Exploit Sysax 5.53 - SSH 'Username' Buffer Overflow Unauthenticated Remote Code Execution (Egghunter) BlazeVideo HDTV Player 6.6 Professional - SEH & DEP & ASLR BlazeVideo HDTV Player 6.6 Professional - SEH + ASLR + DEP Bypass Dolibarr ERP & CRM 3 - Post-Authentication OS Command Injection Dolibarr ERP & CRM 3 - Authenticated OS Command Injection V-CMS - PHP File Upload and Execution V-CMS - Arbitrary .PHP File Upload / Execution WebCalendar 1.2.4 - Pre-Authentication Remote Code Injection WebCalendar 1.2.4 - Unauthenticated Remote Code Injection appRain CMF - Arbitrary PHP File Upload appRain CMF - Arbitrary .PHP File Upload EGallery - PHP File Upload EGallery - Arbitrary .PHP File Upload SpiceWorks 5.3.75941 - Persistent Cross-Site Scripting / Post-Authentication SQL Injection SpiceWorks 5.3.75941 - Persistent Cross-Site Scripting / Authenticated SQL Injection WordPress Front End Upload 0.5.4.4 Plugin - Arbitrary PHP File Upload WordPress Front End Upload 0.5.4.4 Plugin - Arbitrary .PHP File Upload WebPageTest - Arbitrary PHP File Upload WebPageTest - Arbitrary .PHP File Upload XODA 0.4.5 - Arbitrary PHP File Upload XODA 0.4.5 - Arbitrary .PHP File Upload Elcom CMS 7.4.10 - Community Manager Insecure File Upload Elcom CMS 7.4.10 - Community Manager Insecure Arbitrary File Upload Trend Micro Control Manager 5.5/6.0 AdHocQuery - Post-Authentication Blind SQL Injection Trend Micro Control Manager 5.5/6.0 AdHocQuery - Authenticated Blind SQL Injection Mod_SSL 2.8.x - Off-by-One HTAccess Buffer Overflow Apache/mod_ssl 2.8.x - Off-by-One HTAccess Buffer Overflow Dropbox Desktop Client 9.4.49 (64bit) - Local Credentials Disclosure OpenSSL SSLv2 - Malformed Client Key Remote Buffer Overflow (1) OpenSSL SSLv2 - Malformed Client Key Remote Buffer Overflow (2) Apache/mod_ssl (< 2.8.7) OpenSSL - 'OpenFuck.c' Remote Exploit (1) Apache/mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY_ARG Overflow Exploit qdPM 7.0 - Arbitrary PHP File Upload qdPM 7.0 - Arbitrary .PHP File Upload Oracle Database - Authentication Protocol Security Bypass Oracle Database - Protocol Authentication Bypass Mod_NTLM 0.x - Authorization Heap Overflow Mod_NTLM 0.x - Authorisation Heap Overflow Mod_NTLM 0.x - Authorization Format String Mod_NTLM 0.x - Authorisation Format String Geeklog 1.3.x - Authentication SQL Injection Geeklog 1.3.x - Authenticated SQL Injection NFR Agent FSFUI Record - Arbitrary File Upload Remote Code Execution NFR Agent FSFUI Record - Arbitrary File Upload / Remote Code Execution PHP Arena paFileDB 1.1.3/2.1.1/3.0/3.1 - Arbitrary File Upload and Execution PHP Arena paFileDB 1.1.3/2.1.1/3.0/3.1 - Arbitrary File Upload / Execution MySQL - Remote Pre-Authentication User Enumeration MySQL - Remote Unauthenticated User Enumeration vbPortal 2.0 alpha 8.1 - Authentication SQL Injection vbPortal 2.0 alpha 8.1 - Authenticated SQL Injection DameWare Mini Remote Control Server 3.7x - Pre-Authentication Buffer Overflow (1) DameWare Mini Remote Control Server 3.7x - Pre-Authentication Buffer Overflow (2) DameWare Mini Remote Control Server 3.7x - Pre-Authentication Buffer Overflow (3) DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (1) DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (2) DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (3) WordPress WP-Property Plugin - PHP File Upload WordPress Asset-Manager Plugin - PHP File Upload WordPress WP-Property Plugin - Arbitrary .PHP File Upload WordPress Asset-Manager Plugin - Arbitrary .PHP File Upload Ubiquiti AirOS 5.5.2 - Remote Post-Authentication Root Command Execution Ubiquiti AirOS 5.5.2 - Remote Authenticated Root Command Execution RobotFTP Server 1.0/2.0 - Remote Pre-Authentication Command Denial of Service RobotFTP Server 1.0/2.0 - Remote Unauthenticated Command Denial of Service SureCom EP-9510AX/EP-4504AX Network Device - Malformed Web Authorization Request Denial of Service (1) SureCom EP-9510AX/EP-4504AX Network Device - Malformed Web Authorization Request Denial of Service (2) SureCom EP-9510AX/EP-4504AX Network Device - Malformed Web Authorisation Request Denial of Service (1) SureCom EP-9510AX/EP-4504AX Network Device - Malformed Web Authorisation Request Denial of Service (2) Softwin BitDefender - AvxScanOnlineCtrl COM Object Arbitrary File Upload and Execution Softwin BitDefender - AvxScanOnlineCtrl COM Object Arbitrary File Upload / Execution Firebird 1.0 - Remote Pre-Authentication Database Name Buffer Overrun Firebird 1.0 - Remote Unauthenticated Database Name Buffer Overrun Novell NCP - Pre-Authentication Remote Root Exploit Novell NCP - Unauthenticated Remote Root Exploit Polar Helpdesk 3.0 - Cookie Based Authentication System Bypass Polar Helpdesk 3.0 - Cookie Based Authentication Bypass IRIS Citations Management Tool - (Post-Authentication) Remote Command Execution IRIS Citations Management Tool - (Authenticated) Remote Command Execution Polycom HDX - Telnet Authorization Bypass (Metasploit) Polycom HDX - Telnet Authentication Bypass (Metasploit) OpenEMR - PHP File Upload OpenEMR - Arbitrary .PHP File Upload PolarPearCMS - PHP File Upload PolarPearCMS - Arbitrary .PHP File Upload Apache 2.0.x - mod_ssl Remote Denial of Service Apache/mod_ssl 2.0.x - Remote Denial of Service phpWebSite 0.x - Image File Processing Arbitrary PHP File Upload phpWebSite 0.x - Image File Processing Arbitrary .PHP File Upload BetaParticle blog 2.0/3.0 - upload.asp Unauthenticated File Upload BetaParticle blog 2.0/3.0 - upload.asp Unauthenticated Arbitrary File Upload BlueSoleil 1.4 - Object Push Service BlueTooth File Upload Directory Traversal BlueSoleil 1.4 - Object Push Service BlueTooth Arbitrary File Upload / Directory Traversal MoinMoin - twikidraw Action Traversal File Upload MoinMoin - twikidraw Action Traversal Arbitrary File Upload Mikrotik RouterOS sshd (ROSSSH) - Remote Pre-Authentication Heap Corruption Mikrotik RouterOS sshd (ROSSSH) - Remote Unauthenticated Heap Corruption Alt-N MDaemon 2-8 - Remote Pre-Authentication IMAP Buffer Overflow Alt-N MDaemon 2-8 - Remote Unauthenticated IMAP Buffer Overflow FlexWATCH 3.0 - AIndex.asp Authorization Bypass FlexWATCH 3.0 - AIndex.asp Authentication Bypass HP ProCurve Manager - SNAC UpdateDomainControllerServlet File Upload HP ProCurve Manager SNAC - UpdateCertificatesServlet File Upload HP ProCurve Manager - SNAC UpdateDomainControllerServlet Arbitrary File Upload HP ProCurve Manager SNAC - UpdateCertificatesServlet Arbitrary File Upload WordPress Curvo Themes - Cross-Site Request Forgery File Upload WordPress Curvo Themes - Cross-Site Request Forgery / Arbitrary File Upload WordPress Highlight Premium Theme - Cross-Site Request Forgery / File Upload WordPress Highlight Premium Theme - Cross-Site Request Forgery / Arbitrary File Upload PHPBB2 - Admin_Ug_Auth.php Administrative Security Bypass PHPBB2 - Admin_Ug_Auth.php Administrative Bypass Adobe Acrobat Reader - ASLR + DEP Bypass with SANDBOX Bypass Adobe Acrobat Reader - ASLR + DEP Bypass with Sandbox Bypass Castripper 2.50.70 - '.pls' DEP Exploit Castripper 2.50.70 - '.pls' DEP Bypass Exploit Google Urchin 5.7.3 - Report.cgi Authorization Bypass Google Urchin 5.7.3 - Report.cgi Authentication Bypass Adobe Flash - Method Calls Use-After-Free Adobe Flash - Transform.colorTranform Getter Info Leak RSA Authentication Agent for Web 5.3 - URI redirection RSA Authentication Agent for Web 5.3 - URI Redirection Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow Zabbix 2.0 - 3.0.3 - SQL Injection ClassSystem 2.0/2.3 - class/ApplyDB.php Unrestricted Arbitrary File Upload Arbitrary Code Execution ClassSystem 2.0/2.3 - class/ApplyDB.php Unrestricted Arbitrary File Upload / Arbitrary Code Execution Apple iCloud Desktop Client 5.2.1.0 - Local Credentials Disclosure LogMeIn Client 1.3.2462 (64bit) - Local Credentials Disclosure SpagoBI 4.0 - Arbitrary Cross-Site Scripting / File Upload SpagoBI 4.0 - Arbitrary Cross-Site Scripting / Arbitrary File Upload Katello (Red Hat Satellite) - users/update_roles Missing Authorization Katello (Red Hat Satellite) - users/update_roles Missing Authorisation Freepbx 13.0.x < 13.0.154 - Remote Command Execution FreePBX 13.0.x < 13.0.154 - Unauthenticated Remote Command Execution Jobberbase 2.0 - Multiple Vulnerabilities Windows x86 - Bind Shell TCP Shellcode WordPress MailPoet Newsletters 2.6.8 Plugin - (wysija-newsletters) Unauthenticated File Upload WordPress MailPoet Newsletters 2.6.8 Plugin - (wysija-newsletters) Unauthenticated Arbitrary File Upload Bits Video Script 2.04/2.05 - 'addvideo.php' File Upload / Arbitrary PHP Code Execution Bits Video Script 2.04/2.05 - 'register.php' File Upload / Arbitrary PHP Code Execution Bits Video Script 2.04/2.05 - 'addvideo.php' Arbitrary File Upload / Arbitrary PHP Code Execution Bits Video Script 2.04/2.05 - 'register.php' Arbitrary File Upload / Arbitrary PHP Code Execution Moab < 7.2.9 - Authorization Bypass Moab < 7.2.9 - Authentication Bypass Tapatalk for vBulletin 4.x - Pre-Authentication Blind SQL Injection Tapatalk for vBulletin 4.x - Unauthenticated Blind SQL Injection Drupal Core < 7.32 - Pre-Authentication SQL Injection Drupal Core < 7.32 - Unauthenticated SQL Injection Tincd - Post-Authentication Remote TCP Stack Buffer Overflow Tincd - Authenticated Remote TCP Stack Buffer Overflow PMB 4.1.3 - Post-Authentication SQL Injection PMB 4.1.3 - Authenticated SQL Injection Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Pre-Authentication Remote Code Execution Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Unauthenticated Remote Code Execution ManageEngine Multiple Products - Authenticated File Upload ManageEngine Multiple Products - Authenticated Arbitrary File Upload Chyrp 2.x - swfupload Extension upload_handler.php File Upload Arbitrary PHP Code Execution X360 VideoPlayer ActiveX Control 2.6 - (Full ASLR + DEP Bypass) Chyrp 2.x - swfupload Extension upload_handler.php Arbitrary File Upload / Arbitrary PHP Code Execution X360 VideoPlayer ActiveX Control 2.6 - (ASLR + DEP Bypass) Seagate Business NAS 2014.00319 - Pre-Authentication Remote Code Execution Seagate Business NAS 2014.00319 - Unauthenticated Remote Code Execution Symantec Web Gateway 5 - restore.php Post-Authentication Command Injection Symantec Web Gateway 5 - restore.php Authenticated Command Injection JBoss Seam 2 - Arbitrary File Upload and Execution JBoss Seam 2 - Arbitrary File Upload / Execution Barracuda Firmware 5.0.0.012 - Post-Authentication Remote Root Exploit (Metasploit) Barracuda Firmware 5.0.0.012 - Authenticated Remote Root Exploit (Metasploit) Basic Analysis and Security Engine (BASE) 1.4.5 - base_ag_main.php Crafted File Upload / Arbitrary Code Execution Basic Analysis and Security Engine (BASE) 1.4.5 - base_ag_main.php Crafted Arbitrary File Upload / Arbitrary Code Execution WordPress RevSlider 3.0.95 Plugin - Arbitrary File Upload and Execution WordPress RevSlider 3.0.95 Plugin - Arbitrary File Upload / Execution JibberBook 2.3 - 'Login_form.php' Authentication Security Bypass JibberBook 2.3 - 'Login_form.php' Authentication Bypass Acuity CMS 2.6.2 - (ASP ) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter File Upload / Code Execution Acuity CMS 2.6.2 - (ASP ) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution Zenoss 3.2.1 - Remote Post-Authentication Command Execution Zenoss 3.2.1 - Remote Authenticated Command Execution Microweber 1.0.3 - Arbitrary File Upload Filter Bypass Remote PHP Code Execution Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / Remote PHP Code Execution Magento CE < 1.9.0.1 - Post-Authentication Remote Code Execution Magento CE < 1.9.0.1 - Authenticated Remote Code Execution Netsweeper 4.0.9 - Arbitrary File Upload and Execution Netsweeper 4.0.9 - Arbitrary File Upload / Execution Netsweeper 4.0.8 - Arbitrary File Upload and Execution Netsweeper 4.0.8 - Arbitrary File Upload / Execution EasyITSP - 'customers_edit.php' Authentication Security Bypass EasyITSP - 'customers_edit.php' Authentication Bypass Wolf CMS - Arbitrary File Upload and Execution Wolf CMS - Arbitrary File Upload / Execution Konica Minolta FTP Utility 1.00 - Post-Authentication CWD Command SEH Overflow Konica Minolta FTP Utility 1.00 - Authenticated CWD Command SEH Overflow GLPI 0.85.5 - Remote Code Execution (via File Upload Filter Bypass) GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution Dream CMS 2.3.0 - Cross-Site Request Forgery Add Extension / Arbitrary File Upload PHP Code Execution Dream CMS 2.3.0 - Cross-Site Request Forgery (Add Extension) / Arbitrary File Upload / PHP Code Execution vBulletin 5.1.x - Pre-Authentication Remote Code Execution vBulletin 5.1.x - Unauthenticated Remote Code Execution WordPress Ninja Forms 2.7.7 Plugin - Authorization Bypass WordPress WP to Twitter Plugin - Authorization Bypass WordPress Ninja Forms 2.7.7 Plugin - Authentication Bypass WordPress WP to Twitter Plugin - Authentication Bypass Novell ServiceDesk - Authenticated File Upload Novell ServiceDesk - Authenticated Arbitrary File Upload Relay Ajax Directory Manager relayb01-071706 / 1.5.1 / 1.5.3 - Unauthenticated File Upload Relay Ajax Directory Manager relayb01-071706 / 1.5.1 / 1.5.3 - Unauthenticated Arbitrary File Upload Easy RM to MP3 Converter 2.7.3.700 - '.m3u' Exploit (Universal DEP + ASLR Bypass) Easy RM to MP3 Converter 2.7.3.700 - '.m3u' Exploit (Universal ASLR + DEP Bypass) phpATM 1.32 - Remote Command Execution (Arbitrary File Upload) on Windows Servers phpATM 1.32 - Arbitrary File Upload / Remote Command Execution (Windows Servers) vBulletin 5.x/4.x - Post-Authentication Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API vBulletin 4.x - Post-Authentication SQL Injection in breadcrumbs via xmlrpc API vBulletin 5.x/4.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API vBulletin 4.x - Authenticated SQL Injection in breadcrumbs via xmlrpc API Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Post-Authentication Remote Root Exploit (Metasploit) Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Authenticated Remote Root Exploit (Metasploit) Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Post-Authentication Remote Root Exploit (Metasploit) (3) Barracuda Web Application Firewall 8.0.1.008 - Post-Authentication Remote Root Exploit (Metasploit) Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Authenticated Remote Root Exploit (Metasploit) (3) Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Root Exploit (Metasploit) phpMyAdmin 4.6.2 - Post-Authentication Remote Code Execution phpMyAdmin 4.6.2 - Authenticated Remote Code Execution vBulletin 5.2.2 - Pre-Authentication Server Side Request Forgery (SSRF) vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery (SSRF) ZKTeco ZKBioSecurity 3.0 - (visLogin.jsp) Local Authorization Bypass ZKTeco ZKBioSecurity 3.0 - (visLogin.jsp) Local Authentication Bypass		2016-09-09 05:09:09 +00:00
platforms	DB: 2016-09-09	2016-09-09 05:09:09 +00:00
files.csv	DB: 2016-09-09	2016-09-09 05:09:09 +00:00
README.md	SearchSploit version bump (v3.4) & Update for OSX support since #23	2016-08-17 17:31:09 +01:00
searchsploit	Fix up of bash fu for both OSX & Linux	2016-08-18 16:53:10 +01:00

README.md

The Exploit-Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]
Example:
  searchsploit afd windows local
  searchsploit -t oracle windows

=========
 Options
=========
   -c, --case      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact     Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help      Show this help screen.
   -j, --json      Show result in JSON format.
   -o, --overflow  Exploit title's are allowed to overflow their columns.
   -p, --path      Show the full path to an exploit (Copies path to clipboard if possible).
   -t, --title     Search just the exploit title (Default is title AND the file's path).
   -u, --update    Update exploit database from git.
   -w, --www       Show URLs to Exploit-DB.com rather than local path.
       --colour    Disable colour highlighting.
       --id        Display EDB-ID value rather than local path.

=======
 Notes
=======
 * Use any number of search terms.
 * Search terms are not case sensitive, and order is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching numbers/major versions).
 * When updating from git or displaying help, search terms will be ignored.

root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
 Exploit Title                                                                   |  Path
                                                                                 | (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - afd.sys Privilege Escalation Exploit (K-plugin)      | ./windows/local/6757.txt
Microsoft Windows XP - afd.sys Local Kernel Denial of Service                    | ./windows/dos/17133.c
Microsoft Windows XP/2003 - afd.sys Local Privilege Escalation Exploit (MS11-080)| ./windows/local/18176.py
Microsoft Windows - AfdJoinLeaf Privilege Escalation (MS11-080)                  | ./windows/local/21844.rb
Microsoft Windows - afd.sys Dangling Pointer Privilege Escalation (MS14-040)     | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - afd.sys Privilege Escalation (MS14-040)              | ./win_x86-64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#