![]() 8 new exploits McAfee E-Business Server 8.5.2 - Remote Unauthenticated Code Execution / Denial of Service (PoC) McAfee E-Business Server 8.5.2 - Unauthenticated Remote Code Execution / Denial of Service (PoC) Apple macOS - Local Privilege Escalation Due to Lack of Bounds Checking in HIServices Custom CFObject Serialization Apple macOS - Privilege Escalation Due to Lack of Bounds Checking in HIServices Custom CFObject Serialization Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading Microsoft Edge 38.14393.1066.0 - 'COptionsCollectionCacheItem::GetAt' Out-of-Bounds Read Xcode OpenBase 9.1.5 (OSX) - (root file create) Privilege Escalation Xcode OpenBase 9.1.5 (OSX) - (Root File Create) Privilege Escalation Xcode OpenBase 10.0.0 (OSX) - (unsafe system call) Privilege Escalation Xcode OpenBase 10.0.0 (OSX) - (Unsafe System Call) Privilege Escalation eTrust AntiVirus Agent r8 - Local Privilege Escalation eTrust AntiVirus Agent r8 - Privilege Escalation WICD 1.7.1 - Local Privilege Escalation WICD 1.7.1 - Privilege Escalation Novell Client 4.91 SP4 - Local Privilege Escalation Novell Client 4.91 SP4 - Privilege Escalation H-Sphere Webshell 2.4 - Privilege Escalation H-Sphere WebShell 2.4 - Privilege Escalation Zend Platform 2.2.1 - PHP.INI File Modification Zend Platform 2.2.1 - 'PHP.INI' File Modification AIX 7.1 - lquerylv Privilege Escalation AIX 7.1 - 'lquerylv' Privilege Escalation sheed AntiVirus 2.3 - Unquoted Service Path Privilege Escalation Sheed AntiVirus 2.3 - Unquoted Service Path Privilege Escalation Serviio PRO 1.8 DLNA Media Streaming Server - Local Privilege Escalation Serviio PRO 1.8 DLNA Media Streaming Server - Privilege Escalation Automated Logic WebCTRL 6.5 - Local Privilege Escalation Automated Logic WebCTRL 6.5 - Privilege Escalation Netdecision 5.8.2 - Local Privilege Escalation Netdecision 5.8.2 - Privilege Escalation H-Sphere Webshell 2.4 - Remote Command Execution H-Sphere WebShell 2.4 - Remote Command Execution NetIQ Privileged User Manager 2.3.1 - 'ldapagnt_eval()' Remote Perl Code Execution (Metasploit) NetIQ Privileged User Manager 2.3.1 - 'ldapagnt_eval()' Perl Remote Code Execution (Metasploit) STUNSHELL Web Shell - Remote PHP Code Execution (Metasploit) STUNSHELL Web Shell - PHP Remote Code Execution (Metasploit) v0pCr3w Web Shell - Remote Code Execution (Metasploit) v0pCr3w (Web Shell) - Remote Code Execution (Metasploit) InstantCMS 1.6 - Remote PHP Code Execution (Metasploit) InstantCMS 1.6 - PHP Remote Code Execution (Metasploit) Drupal Module RESTWS 7.x - Remote PHP Code Execution (Metasploit) Drupal Module RESTWS 7.x - PHP Remote Code Execution (Metasploit) HPE < 7.2 - Java Deserialization Tecnovision DLX Spot - SSH Backdoor phpBB 2.0.15 - (highlight) Remote PHP Code Execution phpBB 2.0.15 - 'highlight' PHP Remote Code Execution phpBB 2.0.15 - Remote PHP Code Execution (Metasploit) phpBB 2.0.15 - PHP Remote Code Execution (Metasploit) versatileBulletinBoard 1.00 RC2 - (board takeover) SQL Injection versatileBulletinBoard 1.00 RC2 - 'board takeover' SQL Injection VuBB Forum RC1 - (m) SQL Injection VuBB Forum RC1 - 'm' SQL Injection Wizz Forum 1.20 - (TopicID) SQL Injection PHPWebThings 1.4 - (msg/forum) SQL Injection Wizz Forum 1.20 - 'TopicID' SQL Injection PHPWebThings 1.4 - 'msg'/'forum' SQL Injection webSPELL 4.01 - (title_op) SQL Injection webSPELL 4.01 - 'title_op' SQL Injection YapBB 1.2 - (cfgIncludeDirectory) Remote Command Execution YapBB 1.2 - 'cfgIncludeDirectory' Remote Command Execution TopList 1.3.8 - (phpBB Hack) Remote File Inclusion (1) Advanced Guestbook 2.4.0 - (phpBB) File Inclusion TopList 1.3.8 - (phpBB Hack) Remote File Inclusion (2) Advanced Guestbook 2.4.0 - (phpBB) Remote File Inclusion TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion (1) Advanced Guestbook 2.4.0 - 'phpBB' File Inclusion TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion (2) Advanced Guestbook 2.4.0 - 'phpBB' Remote File Inclusion Knowledge Base Mod 2.0.2 - (phpBB) Remote File Inclusion Knowledge Base Mod 2.0.2 - 'phpBB' Remote File Inclusion phpRaid 3.0.b3 - (phpBB/SMF) Remote File Inclusion pafileDB 2.0.1 - (mxBB/phpBB) Remote File Inclusion phpRaid 3.0.b3 - 'phpBB'/'SMF' Remote File Inclusion pafileDB 2.0.1 - 'mxBB'/'phpBB' Remote File Inclusion Foing 0.7.0 - (phpBB) Remote File Inclusion Foing 0.7.0 - 'phpBB' Remote File Inclusion Activity MOD Plus 1.1.0 - (phpBB Mod) File Inclusion Activity MOD Plus 1.1.0 - 'phpBB Mod' File Inclusion Blend Portal 1.2.0 - (phpBB Mod) Remote File Inclusion Blend Portal 1.2.0 - 'phpBB Mod' Remote File Inclusion XMB 1.9.6 - (u2uid) SQL Injection (mq=off) XMB 1.9.6 - (mq=off) 'u2uid' SQL Injection Web3news 0.95 - (PHPSECURITYADMIN_PATH) Remote File Inclusion Web3news 0.95 - 'PHPSECURITYADMIN_PATH' Remote File Inclusion Yappa-ng 2.3.1 - (admin_modules) Remote File Inclusion Yappa-ng 2.3.1 - 'admin_modules' Remote File Inclusion TualBLOG 1.0 - (icerikno) SQL Injection TualBLOG 1.0 - 'icerikno' SQL Injection Tekman Portal 1.0 - (tr) SQL Injection Tekman Portal 1.0 - 'tr' SQL Injection MyReview 1.9.4 - (email) SQL Injection / Code Execution MyReview 1.9.4 - 'email' SQL Injection / Code Execution phpQuestionnaire 3.12 - (phpQRootDir) Remote File Inclusion phpQuestionnaire 3.12 - 'phpQRootDir' Remote File Inclusion phpBB Static Topics 1.0 - phpbb_root_path File Inclusion phpBB Static Topics 1.0 - 'phpbb_root_path' File Inclusion CentiPaid 1.4.2 - centipaid_class.php Remote File Inclusion CentiPaid 1.4.2 - 'centipaid_class.php' Remote File Inclusion webSPELL 4.01.01 - (getsquad) SQL Injection webSPELL 4.01.01 - 'getsquad' SQL Injection Osprey 1.0 - GetRecord.php Remote File Inclusion Osprey 1.0 - 'GetRecord.php' Remote File Inclusion Techno Dreams Announcement - (key) SQL Injection Techno Dreams Guestbook 1.0 - (key) SQL Injection Techno Dreams Announcement - 'key' SQL Injection Techno Dreams Guestbook 1.0 - 'key' SQL Injection GEPI 1.4.0 - gestion/savebackup.php Remote File Inclusion GEPI 1.4.0 - 'gestion/savebackup.php' Remote File Inclusion PHPGiggle 12.08 - (CFG_PHPGIGGLE_ROOT) File Inclusion PHPGiggle 12.08 - 'CFG_PHPGIGGLE_ROOT' File Inclusion mxBB Module Meeting 1.1.2 - Remote FileInclusion mxBB Module Meeting 1.1.2 - Remote File Inclusion Uploader & Downloader 3.0 - (id_user) SQL Injection Uploader & Downloader 3.0 - 'id_user' SQL Injection The Classified Ad System 1.0 - (main) SQL Injection The Classified Ad System 1.0 - 'main' SQL Injection VisoHotlink 1.01 - functions.visohotlink.php Remote File Inclusion VisoHotlink 1.01 - 'functions.visohotlink.php' Remote File Inclusion vhostadmin 0.1 - (MODULES_DIR) Remote File Inclusion vhostadmin 0.1 - 'MODULES_DIR' Remote File Inclusion XLAtunes 0.1 - (album) SQL Injection XLAtunes 0.1 - 'album' SQL Injection webSPELL 4.01.02 - (topic) SQL Injection webSPELL 4.01.02 - 'topic' SQL Injection webSPELL 4.01.02 - Remote PHP Code Execution webSPELL 4.01.02 - PHP Remote Code Execution PHP-Nuke - iFrame (iframe.php) Remote File Inclusion PHP-Nuke - 'iframe.php' Remote File Inclusion XOOPS Module Camportail 1.1 - (camid) SQL Injection XOOPS Module Camportail 1.1 - 'camid' SQL Injection Mutant 0.9.2 - mutant_functions.php Remote File Inclusion Mutant 0.9.2 - 'mutant_functions.php' Remote File Inclusion Original 0.11 - config.inc.php x[1] Remote File Inclusion Original 0.11 - 'config.inc.php' 'x[1]' Remote File Inclusion Glossword 1.8.1 - custom_vars.php Remote File Inclusion Glossword 1.8.1 - 'custom_vars.php' Remote File Inclusion GeekLog 2.x - ImageImageMagick.php Remote File Inclusion GeekLog 2.x - 'ImageImageMagick.php' Remote File Inclusion Vizayn Urun Tanitim Sistemi 0.2 - (tr) SQL Injection Vizayn Urun Tanitim Sistemi 0.2 - 'tr' SQL Injection WBB2-Addon: Acrotxt 1.0 - (show) SQL Injection WBB2-Addon: Acrotxt 1.0 - 'show' SQL Injection STPHPLibrary - (STPHPLIB_DIR) Remote File Inclusion STPHPLibrary - 'STPHPLIB_DIR' Remote File Inclusion phpFFL 1.24 - PHPFFL_FILE_ROOT Remote File Inclusion phpFFL 1.24 - 'PHPFFL_FILE_ROOT' Remote File Inclusion phpBB Mod OpenID 0.2.0 - BBStore.php Remote File Inclusion phpBB Mod OpenID 0.2.0 - 'BBStore.php' Remote File Inclusion LiveAlbum 0.9.0 - common.php Remote File Inclusion LiveAlbum 0.9.0 - 'common.php' Remote File Inclusion Pindorama 0.1 - client.php Remote File Inclusion Pindorama 0.1 - 'client.php' Remote File Inclusion Socketmail 2.2.8 - fnc-readmail3.php Remote File Inclusion TOWeLS 0.1 - scripture.php Remote File Inclusion Socketmail 2.2.8 - 'fnc-readmail3.php' Remote File Inclusion TOWeLS 0.1 - 'scripture.php' Remote File Inclusion Sige 0.1 - sige_init.php Remote File Inclusion Sige 0.1 - 'sige_init.php' Remote File Inclusion Scribe 0.2 - Remote PHP Code Execution Scribe 0.2 - PHP Remote Code Execution patBBcode 1.0 - bbcodeSource.php Remote File Inclusion patBBcode 1.0 - 'bbcodeSource.php' Remote File Inclusion Tilde CMS 4.x - (aarstal) SQL Injection Tilde CMS 4.x - 'aarstal' SQL Injection CityWriter 0.9.7 - head.php Remote File Inclusion CityWriter 0.9.7 - 'head.php' Remote File Inclusion PhpMyDesktop/Arcade 1.0 Final - (phpdns_basedir) Remote File Inclusion PhpMyDesktop/Arcade 1.0 Final - 'phpdns_basedir' Remote File Inclusion WebSihirbazi 5.1.1 - (pageid) SQL Injection WebSihirbazi 5.1.1 - 'pageid' SQL Injection Blakord Portal Beta 1.3.A - (all modules) SQL Injection Blakord Portal Beta 1.3.A - (All Modules) SQL Injection PHP Links 1.3 - smarty.php Remote File Inclusion PHP Links 1.3 - 'smarty.php' Remote File Inclusion Aterr 0.9.1 - Local File Inclusion (PHP5) Aterr 0.9.1 - PHP5 Local File Inclusion phpEmployment - (PHP upload) Arbitrary File Upload phpEmployment - 'PHP Upload' Arbitrary File Upload XOOPS 2.3.2 - 'mydirname' Remote PHP Code Execution XOOPS 2.3.2 - 'mydirname' PHP Remote Code Execution Xplode CMS - (wrap_script) SQL Injection Xplode CMS - 'wrap_script' SQL Injection VS PANEL 7.3.6 - (Cat_ID) SQL Injection VS PANEL 7.3.6 - 'Cat_ID' SQL Injection WebMember 1.0 - (formID) SQL Injection WebMember 1.0 - 'formID' SQL Injection Dokuwiki 2009-02-14 - Remote/Temporary File Inclusion Dokuwiki 2009-02-14 - Temporary/Remote File Inclusion Kjtechforce mailman b1 - (code) SQL Injection Delete Row Kjtechforce mailman b1 - (Delete Row) 'code' SQL Injection Virtue Classifieds - (category) SQL Injection Virtue Classifieds - 'category' SQL Injection XOOPS Celepar Module Qas - (codigo) SQL Injection XOOPS Celepar Module Qas - 'codigo' SQL Injection URA 3.0 - (cat) SQL Injection URA 3.0 - 'cat' SQL Injection TYPO3 CMS 4.0 - (showUid) SQL Injection TYPO3 CMS 4.0 - 'showUid' SQL Injection Typing Pal 1.0 - (idTableProduit) SQL Injection Typing Pal 1.0 - 'idTableProduit' SQL Injection Videos Broadcast Yourself 2 - (UploadID) SQL Injection Videos Broadcast Yourself 2 - 'UploadID' SQL Injection Uiga Church Portal - (year) SQL Injection Uiga Church Portal - 'year' SQL Injection Network Management/Inventory System - header.php Remote File Inclusion Network Management/Inventory System - 'header.php' Remote File Inclusion BASE 1.2.4 - base_qry_common.php Remote File Inclusion (Metasploit) BASE 1.2.4 - 'base_qry_common.php' Remote File Inclusion (Metasploit) PHP-Nuke 8.0 - ' News Module Cross-Site Scripting / HTML Code Injection PHP-Nuke 8.0 - (News Module) Cross-Site Scripting / HTML Code Injection Vivid Ads Shopping Cart - (prodid) SQL Injection Vivid Ads Shopping Cart - 'prodid' SQL Injection WorldPay Script Shop - (productdetail) SQL Injection WorldPay Script Shop - 'productdetail' SQL Injection tincan ltd - (section) SQL Injection tincan ltd - 'section' SQL Injection Template Seller Pro 3.25 - (tempid) SQL Injection Template Seller Pro 3.25 - 'tempid' SQL Injection Webloader 7 < 8 - (vid) SQL Injection Webloader 7 < 8 - 'vid' SQL Injection web5000 - (page_show) SQL Injection web5000 - 'page_show' SQL Injection Cosmos Solutions CMS - (id= / page=) SQL Injection Cosmos Solutions CMS - 'id=' / 'page=' SQL Injection iBoutique - (page) SQL Injection / Cross-Site Scripting iBoutique - 'page' SQL Injection / Cross-Site Scripting OpenX - (phpAdsNew) Remote File Inclusion OpenX - 'phpAdsNew' Remote File Inclusion System Shop - (Module aktka) SQL Injection System Shop - 'Module aktka' SQL Injection TikiWiki tiki-graph_formula - Remote PHP Code Execution (Metasploit) TikiWiki tiki-graph_formula - PHP Remote Code Execution (Metasploit) vBulletin 4.0.x 4.1.3 - (messagegroupid) SQL Injection vBulletin 4.0.x 4.1.3 - 'messagegroupid' SQL Injection PmWiki 2.2.34 - (pagelist) Remote PHP Code Injection (1) PmWiki 2.2.34 - 'pagelist' Remote PHP Code Injection (1) YABB SE 0.8/1.4/1.5 - Packages.php Remote File Inclusion YABB SE 0.8/1.4/1.5 - 'Packages.php' Remote File Inclusion Invision Board 1.1.1 - ipchat.php Remote File Inclusion Invision Board 1.1.1 - 'ipchat.php' Remote File Inclusion Typo3 3.5 b5 - Translations.php Remote File Inclusion Typo3 3.5 b5 - 'Translations.php' Remote File Inclusion Webchat 0.77 - Defines.php Remote File Inclusion Webchat 0.77 - 'Defines.php' Remote File Inclusion PHP-Nuke 6.5 - Multiple Downloads Module SQL Injection PHP-Nuke 6.5 - (Multiple Downloads Module) SQL Injection ttCMS 2.2/2.3 - header.php Remote File Inclusion ttCMS 2.2/2.3 - 'header.php' Remote File Inclusion PMachine 2.2.1 - Lib.Inc.php Remote File Inclusion Command Execution PMachine 2.2.1 - 'Lib.Inc.php' Remote File Inclusion / Command Execution HolaCMS 1.2.x - HTMLtags.php Local File Inclusion HolaCMS 1.2.x - 'HTMLtags.php' Local File Inclusion WebCalendar 0.9.x - Multiple Module SQL Injection WebCalendar 0.9.x - (Multiple Modules) SQL Injection PHP-Nuke 6.x - Multiple Module SQL Injection PHP-Nuke 6.x - (Multiple Modules) SQL Injection EasyDynamicPages 1.0 - 'config_page.php' Remote PHP File Inclusion EasyDynamicPages 1.0 - 'config_page.php' PHP Remote File Inclusion VisualShapers EZContents 1.4/2.0 - module.php Remote Command Execution VisualShapers EZContents 1.4/2.0 - 'module.php' Remote Command Execution Mambo Open Source 4.5/4.6 - mod_mainmenu.php Remote File Inclusion Mambo Open Source 4.5/4.6 - 'mod_mainmenu.php' Remote File Inclusion PHPGedView 2.x - [GED_File]_conf.php Remote File Inclusion PHPGedView 2.x - '[GED_File]_conf.php' Remote File Inclusion Laurent Adda Les Commentaires 2.0 - PHP Script fonctions.lib.php Remote File Inclusion Laurent Adda Les Commentaires 2.0 - PHP Script derniers_commentaires.php Remote File Inclusion Laurent Adda Les Commentaires 2.0 - PHP Script admin.php Remote File Inclusion Laurent Adda Les Commentaires 2.0 - PHP Script 'fonctions.lib.php' Remote File Inclusion Laurent Adda Les Commentaires 2.0 - PHP Script 'derniers_commentaires.php' Remote File Inclusion Laurent Adda Les Commentaires 2.0 - PHP Script 'admin.php' Remote File Inclusion VisualShapers EZContents 1.x/2.0 - db.php Arbitrary File Inclusion VisualShapers EZContents 1.x/2.0 - archivednews.php Arbitrary File Inclusion VisualShapers EZContents 1.x/2.0 - 'db.php' Arbitrary File Inclusion VisualShapers EZContents 1.x/2.0 - 'archivednews.php' Arbitrary File Inclusion VirtuaSystems VirtuaNews 1.0.x - Multiple Module Cross-Site Scripting Vulnerabilities VirtuaSystems VirtuaNews 1.0.x - (Multiple Modules) Cross-Site Scripting Vulnerabilities WarpSpeed 4nAlbum Module 0.92 - displaycategory.php basepath Parameter Remote File Inclusion WarpSpeed 4nAlbum Module 0.92 - 'displaycategory.php' 'basepath' Parameter Remote File Inclusion Gemitel 3.50 - affich.php Remote File Inclusion Command Injection Gemitel 3.50 - 'affich.php' Remote File Inclusion / Command Injection phpBB 2.0.x - album_portal.php Remote File Inclusion phpBB 2.0.x - 'album_portal.php' Remote File Inclusion Mail Manage EX 3.1.8 MMEX - Script Settings Parameter Remote PHP File Inclusion Mail Manage EX 3.1.8 MMEX - Script Settings Parameter PHP Remote File Inclusion Nucleus CMS 3.0 / Blog:CMS 3 / PunBB 1.x - Common.php Remote File Inclusion Nucleus CMS 3.0 / Blog:CMS 3 / PunBB 1.x - 'Common.php' Remote File Inclusion @lexPHPTeam @lex Guestbook 3.12 - Remote PHP File Inclusion @lexPHPTeam @lex Guestbook 3.12 - PHP Remote File Inclusion phpBB 2.0.x - 'admin_cash.php' Remote PHP File Inclusion phpBB 2.0.x - 'admin_cash.php' PHP Remote File Inclusion Stadtaus.Com Download Center Lite 1.5 - Remote PHP File Inclusion Stadtaus.Com Download Center Lite 1.5 - PHP Remote File Inclusion Work System eCommerce 3.0.3/3.0.4 - forum.php Remote File Inclusion Work System eCommerce 3.0.3/3.0.4 - 'forum.php' Remote File Inclusion phpGroupWare 0.9.14 - Tables_Update.Inc.php Remote File Inclusion phpGroupWare 0.9.14 - 'Tables_Update.Inc.php' Remote File Inclusion PANews 2.0 - Remote PHP Script Code Execution PANews 2.0 - PHP Remote Code Execution VoteBox 2.0 - Votebox.php Remote File Inclusion VoteBox 2.0 - 'Votebox.php' Remote File Inclusion McNews 1.x - install.php Arbitrary File Inclusion McNews 1.x - 'install.php' Arbitrary File Inclusion Vortex Portal 2.0 - content.php act Parameter Remote File Inclusion Vortex Portal 2.0 - 'content.php' act Parameter Remote File Inclusion phpBB 1.x/2.0.x - Knowledge Base Module KB.php SQL Injection phpBB 1.x/2.0.x - (Knowledge Base Module) 'KB.php' SQL Injection GrayCMS 1.1 - error.php Remote File Inclusion GrayCMS 1.1 - 'error.php' Remote File Inclusion PHP Poll Creator 1.0.1 - Poll_Vote.php Remote File Inclusion PHP Poll Creator 1.0.1 - 'Poll_Vote.php' Remote File Inclusion MWChat 6.7 - Start_Lobby.php Remote File Inclusion MWChat 6.7 - 'Start_Lobby.php' Remote File Inclusion Popper Webmail 1.41 - ChildWindow.Inc.php Remote File Inclusion Popper Webmail 1.41 - 'ChildWindow.Inc.php' Remote File Inclusion RaXnet Cacti 0.5/0.6/0.8 - Config_Settings.php Remote File Inclusion RaXnet Cacti 0.5/0.6/0.8 - 'Config_Settings.php' Remote File Inclusion RaXnet Cacti 0.5/0.6/0.8 - Top_Graph_Header.php Remote File Inclusion RaXnet Cacti 0.5/0.6/0.8 - 'Top_Graph_Header.php' Remote File Inclusion MyGuestbook 0.6.1 - Form.Inc.php3 Remote File Inclusion MyGuestbook 0.6.1 - 'Form.Inc.php3' Remote File Inclusion Comdev eCommerce 3.0 - config.php Remote File Inclusion Comdev eCommerce 3.0 - 'config.php' Remote File Inclusion PHPWebNotes 2.0 - Api.php Remote File Inclusion PHPWebNotes 2.0 - 'Api.php' Remote File Inclusion Autolinks 2.1 Pro - Al_initialize.php Remote File Inclusion Autolinks 2.1 Pro - 'Al_initialize.php' Remote File Inclusion MySource 2.14 - Socket.php PEAR_PATH Remote File Inclusion MySource 2.14 - Request.php PEAR_PATH Remote File Inclusion MySource 2.14 - 'Socket.php' 'PEAR_PATH' Remote File Inclusion MySource 2.14 - 'Request.php' 'PEAR_PATH' Remote File Inclusion MySource 2.14 - mail.php PEAR_PATH Remote File Inclusion MySource 2.14 - Date.php PEAR_PATH Remote File Inclusion MySource 2.14 - Span.php PEAR_PATH Remote File Inclusion MySource 2.14 - mimeDecode.php PEAR_PATH Remote File Inclusion MySource 2.14 - mime.php PEAR_PATH Remote File Inclusion MySource 2.14 - 'mail.php' 'PEAR_PATH' Remote File Inclusion MySource 2.14 - 'Date.php' 'PEAR_PATH' Remote File Inclusion MySource 2.14 - 'Span.php' 'PEAR_PATH' Remote File Inclusion MySource 2.14 - 'mimeDecode.php' 'PEAR_PATH' Remote File Inclusion MySource 2.14 - 'mime.php' 'PEAR_PATH' Remote File Inclusion Help Center Live 1.0/1.2/2.0 - module.php Local File Inclusion Help Center Live 1.0/1.2/2.0 - 'module.php' Local File Inclusion Tru-Zone Nuke ET 3.x - Search Module SQL Injection Tru-Zone Nuke ET 3.x - (Search Module) SQL Injection vtiger CRM 4.2 - RSS Aggregation Module Feed Cross-Site Scripting vtiger CRM 4.2 - (RSS Aggregation Module Feed) Cross-Site Scripting CF_Nuke 4.6 - index.cfm Local File Inclusion CF_Nuke 4.6 - 'index.cfm' Local File Inclusion Tolva 0.1 - Usermods.php Remote File Inclusion Tolva 0.1 - 'Usermods.php' Remote File Inclusion SPiD 1.3.1 - Scan_Lang_Insert.php Local File Inclusion SPiD 1.3.1 - 'Scan_Lang_Insert.php' Local File Inclusion PHORUM 3.x/5.x - Common.php Remote File Inclusion PHORUM 3.x/5.x - 'Common.php' Remote File Inclusion SPIP 1.8.3 - Spip_login.php Remote File Inclusion SPIP 1.8.3 - 'Spip_login.php' Remote File Inclusion CyBoards PHP Lite 1.21/1.25 - Common.php Remote File Inclusion CyBoards PHP Lite 1.21/1.25 - 'Common.php' Remote File Inclusion Monster Top List 1.4 - functions.php Remote File Inclusion Monster Top List 1.4 - 'functions.php' Remote File Inclusion I-RATER Platinum - Common.php Remote File Inclusion I-RATER Platinum - 'Common.php' Remote File Inclusion I-RATER Platinum - Config_settings.TPL.php Remote File Inclusion I-RATER Platinum - 'Config_settings.TPL.php' Remote File Inclusion Advanced Guestbook 2.x - Addentry.php Remote File Inclusion Advanced Guestbook 2.x - 'Addentry.php' Remote File Inclusion DMCounter 0.9.2 -b - Kopf.php Remote File Inclusion phpBB Knowledge Base 2.0.2 - Mod KB_constants.php Remote File Inclusion DMCounter 0.9.2 -b - 'Kopf.php' Remote File Inclusion phpBB Knowledge Base 2.0.2 - 'Mod KB_constants.php' Remote File Inclusion ISPConfig 2.2.2/2.2.3 - Session.INC.php Remote File Inclusion ISPConfig 2.2.2/2.2.3 - 'Session.INC.php' Remote File Inclusion RadScripts RadLance 7.0 - popup.php Local File Inclusion RadScripts RadLance 7.0 - 'popup.php' Local File Inclusion osTicket 1.x - Open_form.php Remote File Inclusion osTicket 1.x - 'Open_form.php' Remote File Inclusion Squirrelmail 1.4.x - Redirect.php Local File Inclusion Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion phpBB 2.0.x - template.php Remote File Inclusion phpBB 2.0.x - 'template.php' Remote File Inclusion phpBB - BBRSS.php Remote File Inclusion phpBB - 'BBRSS.php' Remote File Inclusion eNpaper1 - Root_Header.php Remote File Inclusion eNpaper1 - 'Root_Header.php' Remote File Inclusion CrisoftRicette 1.0 - Cookbook.php Remote File Inclusion CrisoftRicette 1.0 - 'Cookbook.php' Remote File Inclusion MF Piadas 1.0 - admin.php Remote File Inclusion MF Piadas 1.0 - 'admin.php' Remote File Inclusion SiteBuilder-FX - top.php Remote File Inclusion SiteBuilder-FX - 'top.php' Remote File Inclusion Blog:CMS 4.1 - Thumb.php Remote File Inclusion Blog:CMS 4.1 - 'Thumb.php' Remote File Inclusion Extcalendar 2.0 - Extcalendar.php Remote File Inclusion Extcalendar 2.0 - 'Extcalendar.php' Remote File Inclusion RW::Download - stats.php Remote File Inclusion RW::Download - 'stats.php' Remote File Inclusion PHP Event Calendar 1.4 - calendar.php Remote File Inclusion PHP Event Calendar 1.4 - 'calendar.php' Remote File Inclusion Forum 5 - pm.php Local File Inclusion Forum 5 - 'pm.php' Local File Inclusion Advanced Poll 2.0.2 - common.inc.php Remote File Inclusion Advanced Poll 2.0.2 - 'common.inc.php' Remote File Inclusion Prince Clan Chess Club 0.8 - Include.PCchess.php Remote File Inclusion Prince Clan Chess Club 0.8 - 'Include.PCchess.php' Remote File Inclusion Bosdates 3.x/4.0 - Payment.php Remote File Inclusion Bosdates 3.x/4.0 - 'Payment.php' Remote File Inclusion Moskool 1.5 Component - Admin.Moskool.php Remote File Inclusion Moskool 1.5 Component - 'Admin.Moskool.php' Remote File Inclusion WoW Roster 1.5 - hsList.php subdir Parameter Remote File Inclusion WoW Roster 1.5 - 'hsList.php' 'subdir' Parameter Remote File Inclusion VWar 1.5 - war.php vwar_root Parameter Remote File Inclusion VWar 1.5 - member.php vwar_root Parameter Remote File Inclusion VWar 1.5 - calendar.php vwar_root Parameter Remote File Inclusion VWar 1.5 - challenge.php vwar_root Parameter Remote File Inclusion VWar 1.5 - joinus.php vwar_root Parameter Remote File Inclusion VWar 1.5 - news.php vwar_root Parameter Remote File Inclusion VWar 1.5 - stats.php vwar_root Parameter Remote File Inclusion VWar 1.5 - 'war.php' vwar_root Parameter Remote File Inclusion VWar 1.5 - 'member.php' vwar_root Parameter Remote File Inclusion VWar 1.5 - 'calendar.php' vwar_root Parameter Remote File Inclusion VWar 1.5 - 'challenge.php' vwar_root Parameter Remote File Inclusion VWar 1.5 - 'joinus.php' vwar_root Parameter Remote File Inclusion VWar 1.5 - 'news.php' vwar_root Parameter Remote File Inclusion VWar 1.5 - 'stats.php' vwar_root Parameter Remote File Inclusion Mafia Moblog 6 - Big.php Remote File Inclusion Mafia Moblog 6 - 'Big.php' Remote File Inclusion WEBinsta Mailing List Manager 1.3 - Install3.php Remote File Inclusion WEBinsta Mailing List Manager 1.3 - 'Install3.php' Remote File Inclusion Zen Cart Web Shopping Cart 1.x - autoload_func.php autoLoadConfig[999][0][loadFile] Parameter Remote File Inclusion Zen Cart Web Shopping Cart 1.x - 'autoload_func.php' 'autoLoadConfig[999][0][loadFile]' Parameter Remote File Inclusion Jetbox CMS 2.1 - Search_function.php Remote File Inclusion Jetbox CMS 2.1 - 'Search_function.php' Remote File Inclusion In-portal In-Link 2.3.4 - ADODB_DIR.php Remote File Inclusion In-portal In-Link 2.3.4 - 'ADODB_DIR.php' Remote File Inclusion PHP-Proxima 6.0 - BB_Smilies.php Local File Inclusion PHP-Proxima 6.0 - 'BB_Smilies.php' Local File Inclusion WM-News 0.5 - print.php Local File Inclusion Ractive Popper 1.41 - Childwindow.Inc.php Remote File Inclusion WM-News 0.5 - 'print.php' Local File Inclusion Ractive Popper 1.41 - 'Childwindow.Inc.php' Remote File Inclusion Exporia 0.3 - Common.php Remote File Inclusion Exporia 0.3 - 'Common.php' Remote File Inclusion My-BIC 0.6.5 - Mybic_Server.php Remote File Inclusion My-BIC 0.6.5 - 'Mybic_Server.php' Remote File Inclusion Geotarget - script.php Remote File Inclusion Geotarget - 'script.php' Remote File Inclusion PHPSelect Web Development - index.php3 Remote File Inclusion PHPSelect Web Development - 'index.php3' Remote File Inclusion PHP Web Scripts Easy Banner - functions.php Remote File Inclusion PHP Web Scripts Easy Banner - 'functions.php' Remote File Inclusion PHP Polling Creator 1.03 - functions.inc.php Remote File Inclusion PHP Polling Creator 1.03 - 'functions.inc.php' Remote File Inclusion Softerra PHP Developer Library 1.5.3 - Grid3.lib.php Remote File Inclusion BlueShoes Framework 4.6 - GoogleSearch.php Remote File Inclusion Tagit2b - DelTagUser.php Remote File Inclusion Softerra PHP Developer Library 1.5.3 - 'Grid3.lib.php' Remote File Inclusion BlueShoes Framework 4.6 - 'GoogleSearch.php' Remote File Inclusion Tagit2b - 'DelTagUser.php' Remote File Inclusion CommunityPortals 1.0 - bug.php Remote File Inclusion CommunityPortals 1.0 - 'bug.php' Remote File Inclusion PHP TopSites FREE 1.022b - config.php Remote File Inclusion PHP TopSites FREE 1.022b - 'config.php' Remote File Inclusion Buzlas 2006-1 Full - Archive_Topic.php Remote File Inclusion Buzlas 2006-1 Full - 'Archive_Topic.php' Remote File Inclusion phpBB Add Name Module - Not_Mem.php Remote File Inclusion phpBB Add Name Module - 'Not_Mem.php' Remote File Inclusion RamaCMS - ADODB.Inc.php Remote File Inclusion H-Sphere Webshell 2.x - 'login.php' Cross-Site Scripting Mambo Module MOStlyCE 4.5.4 - HTMLTemplate.php Remote File Inclusion Lodel CMS 0.7.3 - Calcul-page.php Remote File Inclusion RamaCMS - 'ADODB.Inc.php' Remote File Inclusion H-Sphere WebShell 2.x - 'login.php' Cross-Site Scripting Mambo Module MOStlyCE 4.5.4 - 'HTMLTemplate.php' Remote File Inclusion Lodel CMS 0.7.3 - 'Calcul-page.php' Remote File Inclusion Maintain 3.0.0-RC2 - Example6.php Remote File Inclusion Maintain 3.0.0-RC2 - 'Example6.php' Remote File Inclusion Zorum 3.5 - DBProperty.php Remote File Inclusion Zorum 3.5 - 'DBProperty.php' Remote File Inclusion PHPMyConferences 8.0.2 - Init.php Remote File Inclusion PHPMyConferences 8.0.2 - 'Init.php' Remote File Inclusion PHPTreeView 1.0 - TreeViewClass.php Remote File Inclusion PHPTreeView 1.0 - 'TreeViewClass.php' Remote File Inclusion PLS-Bannieres 1.21 - Bannieres.php Remote File Inclusion PLS-Bannieres 1.21 - 'Bannieres.php' Remote File Inclusion The Search Engine Project 0.942 - Configfunction.php Remote File Inclusion The Search Engine Project 0.942 - 'Configfunction.php' Remote File Inclusion KnowledgeBuilder 2.2 - visEdit_Control.Class.php Remote File Inclusion KnowledgeBuilder 2.2 - 'visEdit_Control.Class.php' Remote File Inclusion NewP News Publishing System 1.0 - Class.Database.php Remote File Inclusion NewP News Publishing System 1.0 - 'Class.Database.php' Remote File Inclusion Advanced Guestbook 2.3.1 - admin.php Remote File Inclusion Advanced Guestbook 2.3.1 - 'admin.php' Remote File Inclusion @cid Stats 2.3 - Install.php3 Remote File Inclusion @cid Stats 2.3 - 'Install.php3' Remote File Inclusion PHPMyChat 0.14/0.15 - Languages.Lib.php Local File Inclusion PHPMyChat 0.14/0.15 - 'Languages.Lib.php' Local File Inclusion PHPdebug 1.1 - Debug_test.php Remote File Inclusion PHPdebug 1.1 - 'Debug_test.php' Remote File Inclusion eXtreme-fusion 4.02 - Fusion_Forum_View.php Local File Inclusion eXtreme-fusion 4.02 - 'Fusion_Forum_View.php' Local File Inclusion Easy Banner Pro 2.8 - info.php Remote File Inclusion Edit-X - Edit_Address.php Remote File Inclusion Easy Banner Pro 2.8 - 'info.php' Remote File Inclusion Edit-X - 'Edit_Address.php' Remote File Inclusion OpenEMR 2.8.2 - Import_XML.php Remote File Inclusion OpenEMR 2.8.2 - 'Import_XML.php' Remote File Inclusion PHPProbid 5.24 - Lang.php Remote File Inclusion PHPProbid 5.24 - 'Lang.php' Remote File Inclusion MySQLNewsEngine - Affichearticles.php3 Remote File Inclusion MySQLNewsEngine - 'Affichearticles.php3' Remote File Inclusion Meganoide's News 1.1.1 - Include.php Remote File Inclusion Meganoide's News 1.1.1 - 'Include.php' Remote File Inclusion Shop Kit Plus - StyleCSS.php Local File Inclusion Shop Kit Plus - 'StyleCSS.php' Local File Inclusion Pickle 0.3 - download.php Local File Inclusion Active Calendar 1.2 - showcode.php Local File Inclusion Pickle 0.3 - 'download.php' Local File Inclusion Active Calendar 1.2 - 'showcode.php' Local File Inclusion JCCorp URLShrink Free 1.3.1 - CreateURL.php Remote File Inclusion JCCorp URLShrink Free 1.3.1 - 'CreateURL.php' Remote File Inclusion Weekly Drawing Contest 0.0.1 - Check_Vote.php Local File Inclusion Weekly Drawing Contest 0.0.1 - 'Check_Vote.php' Local File Inclusion WordPress < 2.1.2 - PHP_Self Cross-Site Scripting WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting Satel Lite - Satellite.php Local File Inclusion Satel Lite - 'Satellite.php' Local File Inclusion eCardMAX HotEditor 4.0 - Keyboard.php Local File Inclusion eCardMAX HotEditor 4.0 - 'Keyboard.php' Local File Inclusion MyNews 4.2.2 - Week_Events.php Remote File Inclusion MyNews 4.2.2 - 'Week_Events.php' Remote File Inclusion Web Service Deluxe News Manager 1.0.1 Deluxe - footer.php Local File Inclusion Actionpoll 1.1 - Actionpoll.php Remote File Inclusion Web Service Deluxe News Manager 1.0.1 Deluxe - 'footer.php' Local File Inclusion Actionpoll 1.1 - 'Actionpoll.php' Remote File Inclusion Fully Modded PHPBB2 - phpbb_root_path Remote File Inclusion Fully Modded PHPBB2 - 'phpbb_root_path' Remote File Inclusion PHP Turbulence 0.0.1 - Turbulence.php Remote File Inclusion PHP Turbulence 0.0.1 - 'Turbulence.php' Remote File Inclusion Allfaclassifieds 6.04 - Level2.php Remote File Inclusion PHPMyBibli 1.32 - Init.Inc.php Remote File Inclusion Allfaclassifieds 6.04 - 'Level2.php' Remote File Inclusion PHPMyBibli 1.32 - 'Init.Inc.php' Remote File Inclusion ACVSWS - Transport.php Remote File Inclusion ACVSWS - 'Transport.php' Remote File Inclusion Lms 1.5.x - RTMessageAdd.php Remote File Inclusion Lms 1.5.x - 'RTMessageAdd.php' Remote File Inclusion MyNewsGroups 0.6 - Include.php Remote File Inclusion PHPMyTGP 1.4 - AddVIP.php Remote File Inclusion MyNewsGroups 0.6 - 'Include.php' Remote File Inclusion PHPMyTGP 1.4 - 'AddVIP.php' Remote File Inclusion Comus 2.0 - Accept.php Remote File Inclusion Comus 2.0 - 'Accept.php' Remote File Inclusion HTMLEditBox 2.2 - config.php Remote File Inclusion DynaTracker 1.5.1 - includes_handler.php base_path Remote File Inclusion DynaTracker 1.5.1 - action.php base_path Remote File Inclusion HTMLEditBox 2.2 - 'config.php' Remote File Inclusion DynaTracker 1.5.1 - 'includes_handler.php' 'base_path' Remote File Inclusion DynaTracker 1.5.1 - 'action.php' 'base_path' Remote File Inclusion Doruk100Net - Info.php Remote File Inclusion Doruk100Net - 'Info.php' Remote File Inclusion PHPSecurityAdmin 4.0.2 - Logout.php Remote File Inclusion PHPSecurityAdmin 4.0.2 - 'Logout.php' Remote File Inclusion PHP Content Architect 0.9 pre 1.2 - MFA_Theme.php Remote File Inclusion PHP Content Architect 0.9 pre 1.2 - 'MFA_Theme.php' Remote File Inclusion PHPHostBot 1.05 - Authorize.php Remote File Inclusion PHPHostBot 1.05 - 'Authorize.php' Remote File Inclusion PHMe 0.0.2 - Function_List.php Local File Inclusion PHMe 0.0.2 - 'Function_List.php' Local File Inclusion VietPHP - _functions.php dirpath Parameter Remote File Inclusion VietPHP - admin/index.php language Parameter Remote File Inclusion VietPHP - '_functions.php' dirpath Parameter Remote File Inclusion VietPHP - 'admin/index.php' language Parameter Remote File Inclusion Coppermine Photo Gallery 1.3/1.4 - YABBSE.INC.php Remote File Inclusion Coppermine Photo Gallery 1.3/1.4 - 'YABBSE.INC.php' Remote File Inclusion Shoutbox 1.0 - Shoutbox.php Remote File Inclusion Shoutbox 1.0 - 'Shoutbox.php' Remote File Inclusion Web News 1.1 - feed.php config[root_ordner] Parameter Remote File Inclusion Web News 1.1 - news.php config[root_ordner] Parameter Remote File Inclusion Lib2 PHP Library 0.2 - My_Statistics.php Remote File Inclusion Web News 1.1 - 'feed.php' 'config[root_ordner]' Parameter Remote File Inclusion Web News 1.1 - 'news.php' 'config[root_ordner]' Parameter Remote File Inclusion Lib2 PHP Library 0.2 - 'My_Statistics.php' Remote File Inclusion Dalai Forum 1.1 - forumreply.php Local File Inclusion Firesoft - Class_TPL.php Remote File Inclusion Dalai Forum 1.1 - 'forumreply.php' Local File Inclusion Firesoft - 'Class_TPL.php' Remote File Inclusion PHP-Nuke 8.0 - autohtml.php Local File Inclusion PHP-Nuke 8.0 - 'autohtml.php' Local File Inclusion Content Builder 0.7.5 - postComment.php Remote File Inclusion Content Builder 0.7.5 - 'postComment.php' Remote File Inclusion Jeebles Technology Jeebles Directory 2.9.60 - download.php Local File Inclusion Jeebles Technology Jeebles Directory 2.9.60 - 'download.php' Local File Inclusion PHPbasic basicFramework 1.0 - Includes.php Remote File Inclusion PHPbasic basicFramework 1.0 - 'Includes.php' Remote File Inclusion Galmeta Post 0.2 - Upload_Config.php Remote File Inclusion Galmeta Post 0.2 - 'Upload_Config.php' Remote File Inclusion MyBlog 1.x - Games.php ID Remote File Inclusion MyBlog 1.x - 'Games.php' 'ID' Remote File Inclusion PHPMyTourney 2 - tourney/index.php Remote File Inclusion PHPMyTourney 2 - 'tourney/index.php' Remote File Inclusion W-Agora 4.0 - add_user.php bn_dir_default Parameter Remote File Inclusion W-Agora 4.0 - create_forum.php bn_dir_default Parameter Remote File Inclusion W-Agora 4.0 - create_user.php bn_dir_default Parameter Remote File Inclusion W-Agora 4.0 - delete_notes.php bn_dir_default Parameter Remote File Inclusion W-Agora 4.0 - delete_user.php bn_dir_default Parameter Remote File Inclusion W-Agora 4.0 - edit_forum.php bn_dir_default Parameter Remote File Inclusion W-Agora 4.0 - mail_users.php bn_dir_default Parameter Remote File Inclusion W-Agora 4.0 - moderate_notes.php bn_dir_default Parameter Remote File Inclusion W-Agora 4.0 - reorder_forums.php bn_dir_default Parameter Remote File Inclusion W-Agora 4.0 - 'add_user.php' bn_dir_default Parameter Remote File Inclusion W-Agora 4.0 - 'create_forum.php' bn_dir_default Parameter Remote File Inclusion W-Agora 4.0 - 'create_user.php' bn_dir_default Parameter Remote File Inclusion W-Agora 4.0 - 'delete_notes.php' bn_dir_default Parameter Remote File Inclusion W-Agora 4.0 - 'delete_user.php' bn_dir_default Parameter Remote File Inclusion W-Agora 4.0 - 'edit_forum.php' bn_dir_default Parameter Remote File Inclusion W-Agora 4.0 - 'mail_users.php' bn_dir_default Parameter Remote File Inclusion W-Agora 4.0 - 'moderate_notes.php' bn_dir_default Parameter Remote File Inclusion W-Agora 4.0 - 'reorder_forums.php' bn_dir_default Parameter Remote File Inclusion XOOPS 2.0.18 - modules/system/admin.php fct Parameter Traversal Local File Inclusion XOOPS 2.0.18 - 'modules/system/admin.php' 'fct' Parameter Traversal Local File Inclusion Allied Telesis AT-RG634A ADSL Broadband Router - Unauthenticated Webshell Allied Telesis AT-RG634A ADSL Broadband Router - Unauthenticated Web Shell C99Shell 1.0 Pre-Release build 16 - 'ch99.php' Cross-Site Scripting C99Shell 1.0 Pre-Release build 16 (Web Shell) - 'ch99.php' Cross-Site Scripting C99 Shell - 'c99.php' Authentication Bypass C99Shell (Web Shell) - 'c99.php' Authentication Bypass W-Agora 4.2.1 - search.php3 bn Parameter Traversal Local File Inclusion W-Agora 4.2.1 - 'search.php3' 'bn' Parameter Traversal Local File Inclusion Andy's PHP KnowledgeBase 0.95.4 - 'step5.php' Remote PHP Code Execution Andy's PHP KnowledgeBase 0.95.4 - 'step5.php' PHP Remote Code Execution MySQLDumper 1.24.4 - 'menu.php' Remote PHP Code Execution MySQLDumper 1.24.4 - 'menu.php' PHP Remote Code Execution Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / Remote PHP Code Execution Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / PHP Remote Code Execution Zend Framework 2.4.2 - XML eXternal Entity Injection (XXE) on PHP FPM Zend Framework 2.4.2 - PHP FPM XML eXternal Entity Injection Nuts CMS - Remote PHP Code Injection / Execution Nuts CMS - PHP Remote Code Injection / Execution WordPress Plugin WP Super Cache - Remote PHP Code Execution WordPress Plugin WP Super Cache - PHP Remote Code Execution b374k Web Shell 3.2.3/2.8 - Cross-Site Request Forgery / Command Injection b374k 3.2.3/2.8 (Web Shell) - Cross-Site Request Forgery / Command Injection Ovidentia online Module 2.8 - GLOBALS[babAddonPhpPath] Remote File Inclusion Ovidentia online Module 2.8 - 'GLOBALS[babAddonPhpPath]' Remote File Inclusion XOOPS Glossaire Module- '/modules/glossaire/glossaire-aff.php' SQL Injection XOOPS Glossaire Module - '/modules/glossaire/glossaire-aff.php' SQL Injection ZKTeco ZKBioSecurity 3.0 - Hard-Coded Credentials Remote SYSTEM Code Execution ZKTeco ZKBioSecurity 3.0 - Hard-Coded Credentials SYSTEM Remote Code Execution Apache - HTTP OPTIONS Memory Leak Apache < 2.2.34 / < 2.4.27 - HTTP OPTIONS Memory Leak Foodspotting Clone 1.0 - SQL Injection iTech Gigs Script 1.20 - 'cat' Parameter SQL Injection Tecnovision DLX Spot - Authentication Bypass Tecnovision DLX Spot - Arbitrary File Upload |
||
---|---|---|
platforms | ||
files.csv | ||
README.md | ||
searchsploit |
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"
For more examples, see the manual: https://www.exploit-db.com/searchsploit/
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
--exclude="term" Remove values from results. By using "|" to separated you can chain multiple values.
e.g. --exclude="term1|term2|term3".
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
---------------------------------------------------------------------------------------- -----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms/)
---------------------------------------------------------------------------------------- -----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | windows/dos/17133.c
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046) | windows/dos/18755.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | windows/local/21844.rb
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | win_x86/local/40564.c
---------------------------------------------------------------------------------------- -----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash
, sed
, grep
, awk
, etc.) for the core features to work. The self updating function will require git
, and the Nmap XML option to work, will require xmllint
(found in the libxml2-utils
package in Debian-based systems).