A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
18f707fb94
24 new exploits Serendipity 0.7-beta1 - SQL Injection (PoC) S9Y Serendipity 0.7-beta1 - SQL Injection (PoC) Serendipity 0.8beta4 - exit.php SQL Injection S9Y Serendipity 0.8beta4 - exit.php SQL Injection CBSms Mambo Module 1.0 - Remote File Inclusion Pearl For Mambo 1.6 - Multiple Remote File Inclusion Mambo Module CBSms 1.0 - Remote File Inclusion Mambo Component Pearl 1.6 - Multiple Remote File Inclusion galleria Mambo Module 1.0b - Remote File Inclusion Mambo Module galleria 1.0b - Remote File Inclusion SimpleBoard Mambo Component 1.1.0 - Remote File Inclusion com_forum Mambo Component 1.2.4RC3 - Remote File Inclusion Mambo Component SimpleBoard 1.1.0 - Remote File Inclusion Mambo Component com_forum 1.2.4RC3 - Remote File Inclusion com_videodb Mambo Component 0.3en - Remote File Inclusion SMF Forum Mambo Component 1.3.1.3 - Include com_extcalendar Mambo Component 2.0 - Include com_loudmouth Mambo Component 4.0j - Include pc_cookbook Mambo Component 0.3 - Include perForms Mambo Component 1.0 - Remote File Inclusion com_hashcash Mambo Component 1.2.1 - Include HTMLArea3 Mambo Module 1.5 - Remote File Inclusion Sitemap Mambo Component 2.0.0 - Remote File Inclusion pollxt Mambo Component 1.22.07 - Remote File Inclusion MiniBB Mambo Component 1.5a - Remote File Inclusion Mambo Component com_videodb 0.3en - Remote File Inclusion Mambo Component SMF Forum 1.3.1.3 - Remote File Inclusion Mambo Component 'com_extcalendar' 2.0 - Remote File Inclusion Mambo Component com_loudmouth 4.0j - Remote File Inclusion Mambo Component pc_cookbook 0.3 - Remote File Inclusion Mambo Component perForms 1.0 - Remote File Inclusion Mambo Component com_hashcash 1.2.1 - Remote File Inclusion Mambo Module HTMLArea3 1.5 - Remote File Inclusion Mambo Component Sitemap 2.0.0 - Remote File Inclusion Mambo Component pollxt 1.22.07 - Remote File Inclusion Mambo Component MiniBB 1.5a - Remote File Inclusion MoSpray Mambo Component 18RC1 - Remote File Inclusion Mambo Component MoSpray 18RC1 - Remote File Inclusion Mam-Moodle Mambo Component alpha - Remote File Inclusion Mambo Component Mam-Moodle alpha - Remote File Inclusion multibanners Mambo Component 1.0.1 - Remote File Inclusion Mambo Component multibanners 1.0.1 - Remote File Inclusion PrinceClan Chess Mambo Com 0.8 - Remote File Inclusion Mambo Component PrinceClan Chess 0.8 - Remote File Inclusion a6mambohelpdesk Mambo Component 18RC1 - Include Mambo Component 'com_a6mambohelpdesk' 18RC1 - Remote File Inclusion Mambo Security Images Component 3.0.5 - Inclusion Mambo MGM Component 0.95r2 - Remote File Inclusion Mambo Colophon Component 1.2 - Remote File Inclusion Mambo mambatStaff Component 3.1b - Remote File Inclusion Mambo Component Security Images 3.0.5 - Inclusion Mambo Component MGM 0.95r2 - Remote File Inclusion Mambo Component 'com_colophon' 1.2 - Remote File Inclusion Mambo Component mambatStaff 3.1b - Remote File Inclusion Mambo User Home Pages Component 0.5 - Remote File Inclusion Mambo Component User Home Pages 0.5 - Remote File Inclusion Mambo Remository Component 3.25 - Remote File Inclusion Mambo Component Remository 3.25 - Remote File Inclusion Mambo mmp Component 1.2 - Remote File Inclusion Mambo Component MMP 1.2 - Remote File Inclusion Mambo Peoplebook Component 1.0 - Remote File Inclusion Mambo Component Peoplebook 1.0 - Remote File Inclusion Mambo CopperminePhotoGalery Component - Remote File Inclusion Mambo Component CopperminePhotoGalery - Remote File Inclusion Mambo mambelfish Component 1.1 - Remote File Inclusion Mambo Component mambelfish 1.1 - Remote File Inclusion Mambo phpShop Component 1.2 RC2b - File Inclusion Mambo a6mambocredits Component 1.0.0 - File Inclusion Mambo Component 'com_phpshop' 1.2 RC2b - File Inclusion Mambo Component 'com_a6mambocredits' 1.0.0 - File Inclusion Mambo MamboWiki Component 0.9.6 - Remote File Inclusion Mambo Component MamboWiki 0.9.6 - Remote File Inclusion Mambo cropimage Component 1.0 - Remote File Inclusion Mambo Component cropimage 1.0 - Remote File Inclusion Mambo com_lurm_constructor Component 0.6b - Include Mambo Component com_lurm_constructor 0.6b - Remote File Inclusion mambo com_babackup Component 1.1 - File Inclusion Mambo Component com_babackup 1.1 - File Inclusion Mambo com_serverstat Component 0.4.4 - File Inclusion Mambo Component com_serverstat 0.4.4 - File Inclusion Coppermine Photo Gallery 1.2.2b (Nuke Addon) - Include Coppermine Photo Gallery 1.2.2b (Nuke Addon) - Remote File Inclusion Mambo com_registration_detailed 4.1 - Remote File Inclusion Mambo Component com_registration_detailed 4.1 - Remote File Inclusion MambWeather Mambo Module 1.8.1 - Remote File Inclusion Mambo Module MambWeather 1.8.1 - Remote File Inclusion com_flyspray Mambo Com. <= 1.0.1 - Remote File Disclosure Mambo Component com_flyspray <= 1.0.1 - Remote File Disclosure Serendipity 1.0.3 - 'comment.php' Local File Inclusion S9Y Serendipity 1.0.3 - 'comment.php' Local File Inclusion Hewlett-Packard FTP Print Server 2.4.5 - Buffer Overflow (PoC) Hewlett-Packard (HP) FTP Print Server 2.4.5 - Buffer Overflow (PoC) mambo Component nfnaddressbook 0.4 - Remote File Inclusion Mambo Component nfnaddressbook 0.4 - Remote File Inclusion Joomla! / Mambo Component SWmenuFree 4.0 - Remote File Inclusion Joomla! / Mambo Component 'com_swmenupro' 4.0 - Remote File Inclusion Irfanview 3.99 - '.ani' Local Buffer Overflow (1) IrfanView 3.99 - '.ani' Local Buffer Overflow (1) Irfanview 3.99 - '.ani' Local Buffer Overflow (2) IrfanView 3.99 - '.ani' Local Buffer Overflow (2) Joomla! / Mambo Component Taskhopper 1.1 - Remote File Inclusion Joomla! / Mambo Component 'com_thopper' 1.1 - Remote File Inclusion Joomla! / Mambo Component article 1.1 - Remote File Inclusion Joomla! / Mambo Component 'com_articles' 1.1 - Remote File Inclusion Irfanview 4.00 - '.iff' Buffer Overflow IrfanView 4.00 - '.iff' Buffer Overflow Mambo com_yanc 1.4 Beta - 'id' SQL Injection Mambo Component com_yanc 1.4 Beta - 'id' SQL Injection Joomla! / Mambo Component rsgallery 2.0b5 - 'catid' SQL Injection Joomla! / Mambo Component 'com_rsgallery' 2.0b5 - 'catid' SQL Injection Irfanview 4.10 - '.fpx' Memory Corruption IrfanView 4.10 - '.fpx' Memory Corruption Mambo 4.5 'com_newsletter' - 'listid' Parameter SQL Injection Mambo 'com_fq' - 'listid' Parameter SQL Injection Mambo 'com_mamml' - 'listid' Parameter SQL Injection Mambo Component Glossary 2.0 - 'catid' SQL Injection Mambo Component 'com_newsletter' 4.5 - 'listid' Parameter SQL Injection Mambo Component 'com_fq' - 'listid' Parameter SQL Injection Mambo Component 'com_mamml' - 'listid' Parameter SQL Injection Mambo Component 'com_glossary' 2.0 - 'catid' SQL Injection Mambo Component AkoGallery 2.5b - SQL Injection Mambo Component Catalogshop 1.0b1 - SQL Injection Mambo Component 'com_akogallery' 2.5b - SQL Injection Mambo Component 'com_catalogshop' 1.0b1 - SQL Injection Mambo Component Awesom 0.3.2 - (listid) SQL Injection Mambo Component 'com_awesom' 0.3.2 - (listid) SQL Injection Mambo Component Portfolio 1.0 - 'categoryId' SQL Injection Mambo Component 'com_portfolio' 1.0 - 'categoryId' SQL Injection Mambo Component accombo 1.x - 'id' SQL Injection Mambo Component 'com_accombo' 1.x - 'id' SQL Injection Mambo Component ahsShop 1.51 - (vara) SQL Injection Mambo Component 'com_ahsshop' 1.51 - 'vara' Parameter SQL Injection Mambo Component Galleries 1.0 - (aid) SQL Injection Mambo Component 'com_galleries' 1.0 - 'aid' Parameter SQL Injection Mambo 4.6.4 - (Output.php) Remote File Inclusion Mambo 4.6.4 - 'Output.php' Remote File Inclusion Mambo Component Articles - (artid) Blind SQL Injection Mambo Component 'articles' - 'artid' Parameter Blind SQL Injection Mambo Component n-gallery - Multiple SQL Injections Mambo Component 'com_n-gallery' - Multiple SQL Injections Irfanview 3.99 - IFF File Local Stack Buffer Overflow IrfanView 3.99 - '.IFF' File Local Stack Buffer Overflow Mambo Component n-form - (form_id) Blind SQL Injection Mambo Component 'com_n-forms' - 'form_id' Parameter Blind SQL Injection Mambo com_sim 0.8 - Blind SQL Injection Mambo Component 'com_sim' 0.8 - Blind SQL Injection Mambo Component com_hestar - SQL Injection Mambo Component 'com_hestar' - SQL Injection Mambo com_koesubmit 1.0.0 - Remote File Inclusion Mambo Component com_koesubmit 1.0.0 - Remote File Inclusion Joomla! / Mambo Component Tupinambis - SQL Injection Joomla! / Mambo Component 'com_tupinambis' - SQL Injection Joomla! / Mambo Component com_ezine 2.1 - Remote File Inclusion Joomla! / Mambo Component 'com_ezine' 2.1 - Remote File Inclusion Mambo Component Material Suche 1.0 - SQL Injection Mambo Component 'com_materialsuche' 1.0 - SQL Injection Mambo com_akogallery - SQL Injection Mambo Component 'com_akogallery' - SQL Injection Mambo Component com_acnews - [id] SQL Injection Mambo Component 'com_acnews' - 'id' Parameter SQL Injection Mambo Component com_mambads - SQL Injection Mambo Component 'com_mambads' - SQL Injection Rumba ftp Client 4.2 - PASV Buffer Overflow (SEH) Rumba FTP Client 4.2 - PASV Buffer Overflow (SEH) Serendipity 1.5.4 - Arbitrary File Upload S9Y Serendipity 1.5.4 - Arbitrary File Upload Irfanview 4.27 - 'JP2000.dll' plugin Denial of Service IrfanView 4.27 - 'JP2000.dll' plugin Denial of Service Irfanview 4.28 - Multiple Denial of Service Vulnerabilities IrfanView 4.28 - Multiple Denial of Service Vulnerabilities Irfanview 4.28 - ICO With Transparent Colour Denial of Service & RDenial of Service Irfanview 4.28 - ICO Without Transparent Colour Denial of Service & RDenial of Service IrfanView 4.28 - .ICO With Transparent Colour Denial of Service / Remote Denial of Service IrfanView 4.28 - .ICO Without Transparent Colour Denial of Service / Remote Denial of Service PCMan FTP Server Buffer Overflow - PUT Command (Metasploit) PCMan FTP Server Buffer Overflow - 'PUT' Command (Metasploit) Mambo CMS 4.6.x - (4.6.5) SQL Injection Mambo 4.6.x < 4.6.5 - SQL Injection Mambo CMS 4.x - (Zorder) SQL Injection Mambo 4.x - 'Zorder' SQL Injection Irfanview - '.tiff' Image Processing Buffer Overflow IrfanView - '.tiff' Image Processing Buffer Overflow Irfanview FlashPix PlugIn - Double-Free IrfanView FlashPix PlugIn - Double-Free Irfanview FlashPix PlugIn - Decompression Heap Overflow IrfanView FlashPix PlugIn - Decompression Heap Overflow Serendipity 1.6 - Backend Cross-Site Scripting / SQL Injection S9Y Serendipity 1.6 - (Backend) Cross-Site Scripting / SQL Injection Irfanview 4.33 - Format PlugIn ECW Decompression Heap Overflow IrfanView 4.33 - Format PlugIn ECW Decompression Heap Overflow Irfanview 4.33 - Format PlugIn TTF File Parsing Stack Based Overflow IrfanView 4.33 - Format PlugIn .TTF File Parsing Stack Based Overflow Irfanview 4.33 - '.DJVU' Image Processing Heap Overflow IrfanView 4.33 - '.DJVU' Image Processing Heap Overflow Irfanview JLS Formats PlugIn - Heap Overflow IrfanView JLS Formats PlugIn - Heap Overflow Irfanview JPEG2000 4.3.2.0 - jp2 Stack Buffer Overflow (Metasploit) IrfanView JPEG2000 4.3.2.0 - jp2 Stack Buffer Overflow (Metasploit) Irfan Skiljan IrfanView32 3.0.7 - Image File Buffer Overflow IrfanView32 3.0.7 - Image File Buffer Overflow Joomla! Component Event Booking 2.10.1 - SQL Injection Joomla! Component 'com_eventbooking' 2.10.1 - SQL Injection Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection Joomla! Component 'com_videogallerylite' 1.0.9 - SQL Injection Irfanview - '.RLE' Image Decompression Buffer Overflow Irfanview - '.TIF' Image Decompression Buffer Overflow IrfanView - '.RLE' Image Decompression Buffer Overflow IrfanView - '.TIF' Image Decompression Buffer Overflow Irfanview 4.33 - 'IMXCF.dll' Plugin Code Execution IrfanView 4.33 - 'IMXCF.dll' Plugin Code Execution Serendipity 0.x - exit.php HTTP Response Splitting S9Y Serendipity 0.x - 'exit.php' HTTP Response Splitting PCMan FTP Server 2.07 - PASS Command Buffer Overflow PCMan FTP Server 2.07 - 'PASS' Command Buffer Overflow PCMan FTP Server 2.07 - STOR Command Buffer Overflow PCMan FTP Server 2.07 - 'STOR' Command Buffer Overflow freeFTPd 1.0.10 - 'PASS' Buffer Overflow (SEH) freeFTPd 1.0.10 - 'PASS' SEH Buffer Overflow Joomla! Component VirtueMart 2.0.22a - SQL Injection Joomla! Component 'com_virtuemart' 2.0.22a - SQL Injection phpBB 1.2.4 For Mambo - Multiple Remote File Inclusion Mambo Componen phpBB 1.2.4 - Multiple Remote File Inclusion Calendar Module 1.5.7 For Mambo - Com_Calendar.php Remote File Inclusion Mambo Module Calendar 1.5.7 - 'Com_Calendar.php' Remote File Inclusion PCMan FTP Server 2.07 - STOR Command Stack Overflow (Metasploit) PCMan FTP Server 2.07 - 'STOR' Command Stack Overflow (Metasploit) Irfanview 3.98 - '.ANI' Image File Denial of Service IrfanView 3.98 - '.ANI' Image File Denial of Service Reporter 1.0 Mambo Component - Reporter.sql.php Remote File Inclusion Mambo Component Reporter 1.0 - 'Reporter.sql.php' Remote File Inclusion Mambo LMTG Myhomepage 1.2 Component - Multiple Remote File Inclusion Mambo Rssxt Component 1.0 - MosConfig_absolute_path Multiple Remote File Inclusion Mambo Component 'lmtg_myhomepage' 1.2 - Multiple Remote File Inclusion Mambo Component 'com_rssxt' 1.0 - 'MosConfig_absolute_path' Parameter Multiple Remote File Inclusion Mambo Display MOSBot Manager Component - MosConfig_absolute_path Remote File Inclusion Mambo Component 'com_admin-copy_module' - 'MosConfig_absolute_path' Parameter Remote File Inclusion Mambo EstateAgent 1.0.2 Component - MosConfig_absolute_path Remote File Inclusion Mambo Component EstateAgent 1.0.2 - MosConfig_absolute_path Remote File Inclusion Joomla! / Mambo Component Com_comprofiler 1.0 - class.php Remote File Inclusion Joomla! / Mambo Component 'com_comprofiler' 1.0 - 'class.php' Remote File Inclusion Hewlett-Packard 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery Hewlett-Packard (HP) 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery Mambo MostlyCE 4.5.4 - HTMLTemplate.php Remote File Inclusion Mambo Module MOStlyCE 4.5.4 - HTMLTemplate.php Remote File Inclusion Irfanview 3.99 - Multiple BMP Denial of Service Vulnerabilities IrfanView 3.99 - Multiple .BMP Denial of Service Vulnerabilities Joomla! / Mambo Component Mod_Forum - PHPBB_Root.php Remote File Inclusion Joomla! / Mambo Component Mod_Forum - 'PHPBB_Root.php' Remote File Inclusion Mambo MOStlyCE 2.4 Module - 'connector.php' Cross-Site Scripting Mambo Module MOStlyCE 2.4 - 'connector.php' Cross-Site Scripting Mambo MOStlyCE Module 2.4 Image Manager Utility - Arbitrary File Upload Mambo Module MOStlyCE 2.4 Image Manager Utility - Arbitrary File Upload Serendipity Freetag-plugin 2.95 - 'style' Parameter Cross-Site Scripting S9Y Serendipity Freetag-plugin 2.95 - 'style' Parameter Cross-Site Scripting Joomla! Extension Komento 1.7.2 - Persistent Cross-Site Scripting Joomla! Extension JV Comment 3.0.2 - (index.php id Parameter) SQL Injection Joomla! Component 'com_komento' 1.7.2 - Persistent Cross-Site Scripting Joomla! Component 'com_jvcomment' 3.0.2 - 'id' Parameter SQL Injection Joomla! / Mambo Component com_sg - 'pid' Parameter SQL Injection Joomla! / Mambo Component 'com_sg' - 'pid' Parameter SQL Injection Joomla! / Mambo Component com_salesrep - 'rid' Parameter SQL Injection Joomla! / Mambo Component 'com_salesrep' - 'rid' Parameter SQL Injection Joomla! / Mambo Component com_filebase - 'filecatid' Parameter SQL Injection Joomla! / Mambo Component com_scheduling - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_filebase' - 'filecatid' Parameter SQL Injection Joomla! / Mambo Component 'com_scheduling' - 'id' Parameter SQL Injection Joomla! / Mambo Component com_profile - 'oid' Parameter SQL Injection Joomla! / Mambo Component 'com_profile' - 'oid' Parameter SQL Injection Joomla! / Mambo Component com_detail - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_detail' - 'id' Parameter SQL Injection PCMan FTP Server 2.07 - ABOR Command Buffer Overflow PCMan FTP Server 2.07 - CWD Command Buffer Overflow PCMan FTP Server 2.07 - 'ABOR' Command Buffer Overflow PCMan FTP Server 2.07 - 'CWD' Command Buffer Overflow Joomla! Component JomSocial 2.6 - Code Execution Joomla! Component 'com_community' 2.6 - Code Execution Joomla! / Mambo Component Datsogallery 1.3.1 - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_datsogallery' 1.3.1 - 'id' Parameter SQL Injection Serendipity 1.7.5 (Backend) - Multiple Vulnerabilities S9Y Serendipity 1.7.5 - (Backend) Multiple Vulnerabilities Joomla! / Mambo Component Joomlaearn Lms - 'cat' Parameter SQL Injection Joomla! / Mambo Component 'com_lms' - 'cat' Parameter SQL Injection Joomla! / Mambo Component gigCalendar 1.0 - 'banddetails.php' SQL Injection Joomla! / Mambo Component 'com_gigcal' 1.0 - 'banddetails.php' SQL Injection Joomla! Component YouTube Gallery - SQL Injection Joomla! Component 'com_youtubegallery' - SQL Injection Joomla! Component Spider Form Maker 3.4 - SQL Injection Joomla! Component 'com_formmaker' 3.4 - SQL Injection Joomla! Component Spider Calendar 3.2.6 - SQL Injection Joomla! Component 'com_spidercalendar' 3.2.6 - SQL Injection Joomla! Component Spider Contacts 1.3.6 - (index.php contacts_id Parameter)SQL Injection Joomla! Component 'com_spidercontacts' 1.3.6 - 'contacts_id' Parameter SQL Injection Joomla! Component Face Gallery 1.0 - Multiple Vulnerabilities Joomla! Component Mac Gallery 1.5 - Arbitrary File Download Joomla! Component 'com_facegallery' 1.0 - Multiple Vulnerabilities Joomla! Component 'com_macgallery' 1.5 - Arbitrary File Download Joomla! Component HD FLV Player < 2.1.0.1 - SQL Injection Joomla! Component 'com_hdflvplayer' < 2.1.0.1 - SQL Injection Joomla! Component HD FLV Player < 2.1.0.1 - Arbitrary File Download Joomla! Component 'com_hdflvplayer' < 2.1.0.1 - Arbitrary File Download Mambo - 'com_docman' 1.3.0 Component Multiple SQL Injection Mambo Component 'com_docman' 1.3.0 - Multiple SQL Injection Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting S9Y Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting Mambo CMS 4.6.x - Multiple Cross-Site Scripting Vulnerabilities Mambo 4.6.x - Multiple Cross-Site Scripting Vulnerabilities Hewlett-Packard UCMDB - JMX-Console Authentication Bypass Hewlett-Packard (HP) UCMDB - JMX-Console Authentication Bypass PCMan FTP Server 2.0.7 - Buffer Overflow MKD Command PCMan FTP Server 2.0.7 - 'MKD' Command Buffer Overflow Mambo CMS 4.6.5 - 'index.php' Cross-Site Request Forgery Mambo 4.6.5 - 'index.php' Cross-Site Request Forgery Serendipity 1.5.1 - 'research_display.php' SQL Injection S9Y Serendipity 1.5.1 - 'research_display.php' SQL Injection Mambo CMS N-Skyrslur - Cross-Site Scripting Mambo Component 'com_n-skyrslur' - Cross-Site Scripting Mambo CMS N-Gallery Component - SQL Injection Mambo CMS AHS Shop Component - SQL Injection Mambo Component 'com_n-gallery' - SQL Injection Mambo Component 'com_ahsshop' - SQL Injection Mambo CMS N-Press Component - SQL Injection Mambo Component 'com_n-press' - SQL Injection Mambo CMS N-Frettir Component - SQL Injection Mambo CMS N-Myndir Component - SQL Injection Mambo Component 'com_n-frettir' - SQL Injection Mambo Component 'com_n-myndir' - SQL Injection Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting S9Y Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Parameter Cross-Site Scripting S9Y Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Parameter Cross-Site Scripting Joomla! Component Simple Photo Gallery 1.0 - Arbitrary File Upload Joomla! Component 'com_simplephotogallery' 1.0 - Arbitrary File Upload Joomla! Component Simple Photo Gallery 1.0 - SQL Injection Joomla! Component 'com_simplephotogallery' 1.0 - SQL Injection Joomla! Plugin eCommerce-WD 1.2.5 - SQL Injection Joomla! Component 'com_ecommercewd' 1.2.5 - SQL Injection Joomla! Component Spider FAQ - SQL Injection Joomla! Component 'com_spiderfaq' - SQL Injection Joomla! Component Gallery WD - SQL Injection Joomla! Component Contact Form Maker 1.0.1 - SQL Injection Joomla! Component 'com_gallery_wd' - SQL Injection Joomla! Component 'com_contactformmaker' 1.0.1 - SQL Injection Joomla! Component Spider Random Article - SQL Injection Joomla! Component 'com_rand' - SQL Injection Joomla! Component SimpleImageUpload - Arbitrary File Upload Joomla! Component 'com_simpleimageupload' - Arbitrary File Upload Joomla! Component DOCman - Multiple Vulnerabilities Joomla! Component 'com_docman' - Multiple Vulnerabilities Joomla! Plugin Helpdesk Pro < 1.4.0 - Multiple Vulnerabilities Joomla! Component 'com_helpdeskpro' < 1.4.0 - Multiple Vulnerabilities PCMan FTP Server 2.0.7 - PUT Command Buffer Overflow PCMan FTP Server 2.0.7 - 'PUT' Command Buffer Overflow Joomla! Component Event Manager 2.1.4 - Multiple Vulnerabilities Joomla! Component 'com_jem' 2.1.4 - Multiple Vulnerabilities Joomla! Component com_memorix - SQL Injection Joomla! Component com_informations - SQL Injection Joomla! Component 'com_memorix' - SQL Injection Joomla! Component 'com_informations' - SQL Injection PCMan FTP Server 2.0.7 - GET Command Buffer Overflow PCMan FTP Server 2.0.7 - 'GET' Command Buffer Overflow PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow PCMan FTP Server 2.0.7 - 'RENAME' Command Buffer Overflow Joomla! Component Real Estate Manager 3.7 - SQL Injection Joomla! Component 'com_realestatemanager' 3.7 - SQL Injection Joomla! Extension Realtyna RPL 8.9.2 - Multiple SQL Injections Joomla! Extension Realtyna RPL 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Joomla! Component 'com_rpl' 8.9.2 - Multiple SQL Injections Joomla! Component 'com_rpl' 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Joomla! Component JNews (com_jnews) 8.5.1 - SQL Injection Joomla! Component 'com_jnews' 8.5.1 - SQL Injection Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting S9Y Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting Joomla! Component JVideoClip - 'uid' Parameter SQL Injection Joomla! Component 'com_jvideoclip' - 'uid' Parameter SQL Injection Joomla! Component Content History - SQL Injection / Remote Code Execution (Metasploit) Joomla! Component 'com_contenthistory' - SQL Injection / Remote Code Execution (Metasploit) Joomla! Component Maian15 - 'name' Parameter Arbitrary File Upload Joomla! Component 'com_maian15' - 'name' Parameter Arbitrary File Upload Joomla! Component Aclsfgpl - 'index.php' Arbitrary File Upload Joomla! Component 'com_aclsfgpl' - 'index.php' Arbitrary File Upload Joomla! Component Wire Immogest - 'index.php' SQL Injection Joomla! Component 'com_wire_immogest' - 'index.php' SQL Injection Joomla! Component Almond Classifieds - Arbitrary File Upload Joomla! Component 'com_aclassfb' - Arbitrary File Upload Joomla! Extension Sexy Polling - 'answer_id' Parameter SQL Injection Joomla! Component 'com_sexypolling' - 'answer_id' Parameter SQL Injection Joomla! 1.5 < 3.4.5 - Object Injection x-forwarded-for Header Remote Code Execution Joomla! 1.5 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution Joomla! Plugin Projoom NovaSFH - 'upload.php' Arbitrary File Upload Joomla! Component 'com_novasfh' - 'upload.php' Arbitrary File Upload Joomla! Component Inneradmission - 'index.php' SQL Injection Joomla! Component 'com_inneradmission' - 'index.php' SQL Injection Joomla! Extension Spider Video Player - 'theme' Parameter SQL Injection Joomla! Component 'spidervideoplayer' - 'theme' Parameter SQL Injection Joomla! Extension JSN Poweradmin 2.3.0 - Multiple Vulnerabilities Joomla! Component 'com_poweradmin' 2.3.0 - Multiple Vulnerabilities Joomla! Component Easy YouTube Gallery 1.0.2 - SQL Injection Joomla! Component 'com_easy_youtube_gallery' 1.0.2 - SQL Injection PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'RENAME' Command Buffer Overflow (Metasploit) Joomla! Extension SecurityCheck 2.8.9 - Multiple Vulnerabilities Joomla! Component 'SecurityCheck' 2.8.9 - Multiple Vulnerabilities Joomla! Extension PayPlans (com_payplans) 3.3.6 - SQL Injection Joomla! Component 'com_payplans' 3.3.6 - SQL Injection Joomla! Component En Masse (com_enmasse) 5.1 < 6.4 - SQL Injection Joomla! Component 'com_enmasse' 5.1 < 6.4 - SQL Injection Joomla! Component BT Media (com_bt_media) - SQL Injection Joomla! Component 'com_bt_media' - SQL Injection Joomla! Component Publisher Pro (com_publisher) - SQL Injection Joomla! Component 'com_publisher' - SQL Injection Joomla! Component Guru Pro (com_guru) - SQL Injection PCMAN FTP 2.0.7 - ls Command Buffer Overflow (Metasploit) Joomla! Component 'com_guru' - SQL Injection PCMAN FTP Server 2.0.7 - 'ls' Command Buffer Overflow (Metasploit) Microsoft GDI+ - DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097) Microsoft GDI+ - ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097) Microsoft GDI+ - EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097) Microsoft Windows - GDI+ DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097) Microsoft Windows - GDI+ ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097) Microsoft Windows - GDI+ EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097) Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124) Microsoft Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124) freeFTPd 1.0.8 - 'mkd' Command Denial Of Service Micro Focus Rumba 9.4 - Local Denial Of Service Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow S9Y Serendipity 2.0.4 - Cross-Site Scripting Rumba FTP Client 4.x - Stack buffer overflow (SEH) Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free OS X/iOS Kernel - IOSurface Use-After-Free OS X/iOS - mach_ports_register Multiple Memory Safety Issues NVIDIA Driver - UVMLiteController ioctl Handling Unchecked Input/Output Lengths Privilege Escalation NVIDIA Driver - Escape Code Leaks Uninitialised ExAllocatePoolWithTag Memory to Userspace NVIDIA Driver - Unchecked Write to User-Provided Pointer in Escape 0x700010d NVIDIA Driver - No Bounds Checking in Escape 0x7000194 NVIDIA Driver - Unchecked Write to User-Provided Pointer in Escape 0x600000D NVIDIA Driver - NvStreamKms Stack Buffer Overflow in PsSetCreateProcessNotifyRoutineEx Callback Privilege Escalation NVIDIA Driver - Escape 0x100010b Missing Bounds Check NVIDIA Driver - No Bounds Checking in Escape 0x7000170 NVIDIA Driver - Unchecked User-Provided Pointer in Escape 0x5000027 NVIDIA Driver - Incorrect Bounds Check in Escape 0x70001b2 NVIDIA Driver - Missing Bounds Check in Escape 0x100009a NVIDIA Driver - Missing Bounds Check in Escape 0x70000d5 NVIDIA Driver - Stack Buffer Overflow in Escape 0x7000014 NVIDIA Driver - Stack Buffer Overflow in Escape 0x10000e9 MacOS 10.12 - 'task_t' Privilege Escalation PCMAN FTP Server 2.0.7 - 'DELETE' Command Buffer Overflow |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) | ./windows/local/6757.txt
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).