A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
2170122160
7 new exploits MyServer 0.7.1 - (POST) Denial of Service MyServer 0.7.1 - 'POST' Denial of Service Foxmail 2.0 - (MAIL FROM:) Denial of Service Foxmail 2.0 - 'MAIL FROM:' Denial of Service Nokia Symbian 60 - (BlueTooth Nickname) Remote Restart (2) Nokia Symbian 60 - 'BlueTooth Nickname' Remote Restart (2) Ethereal 0.10.10 / tcpdump 3.9.1 - (rsvp_print) Infinite Loop Denial of Service Tcpdump 3.8.x - (ldp_print) Infinite Loop Denial of Service Tcpdump 3.8.x - (rt_routing_info) Infinite Loop Denial of Service Tcpdump 3.8.x/3.9.1 - (isis_print) Infinite Loop Denial of Service Ethereal 0.10.10 / tcpdump 3.9.1 - 'rsvp_print' Infinite Loop Denial of Service Tcpdump 3.8.x - 'ldp_print' Infinite Loop Denial of Service Tcpdump 3.8.x - 'rt_routing_info' Infinite Loop Denial of Service Tcpdump 3.8.x/3.9.1 - 'isis_print' Infinite Loop Denial of Service Ethereal 0.10.10 - (dissect_ipc_state) Remote Denial of Service Ethereal 0.10.10 - 'dissect_ipc_state' Remote Denial of Service phpBB 2.0.15 - Register Multiple Users Denial of Service (Perl) phpBB 2.0.15 - Register Multiple Users Denial of Service (C) phpBB 2.0.15 - Register Multiple Users (Denial of Service) (Perl) phpBB 2.0.15 - Register Multiple Users (Denial of Service) (C) Stream / Raped (Windows) - Denial of Service Attack Stream / Raped (Windows) - Denial of Service Ipswitch WS_FTP Server 5.03 - (RNFR) Buffer Overflow Mercury/32 Mail Server 4.01a - (check) Buffer Overflow Golden FTP Server Pro 2.52 - (USER) Remote Buffer Overflow Ipswitch WS_FTP Server 5.03 - 'RNFR' Buffer Overflow Mercury/32 Mail Server 4.01a - 'check' Buffer Overflow Golden FTP Server Pro 2.52 - 'USER' Remote Buffer Overflow Inframail Advantage Server Edition 6.0 < 6.37 - (SMTP) Buffer Overflow Inframail Advantage Server Edition 6.0 < 6.37 - (FTP) Buffer Overflow GTChat 0.95 Alpha - (adduser) Remote Denial of Service Inframail Advantage Server Edition 6.0 < 6.37 - 'SMTP' Buffer Overflow Inframail Advantage Server Edition 6.0 < 6.37 - 'FTP' Buffer Overflow GTChat 0.95 Alpha - 'adduser' Remote Denial of Service P2P Pro 1.0 - (command) Denial of Service P2P Pro 1.0 - 'command' Denial of Service Mozilla Products - (Host:) Buffer Overflow Denial of Service String Mozilla Products - 'Host:' Buffer Overflow Denial of Service String Fastream NETFile Web Server 7.1.2 - (HEAD) Denial of Service Fastream NETFile Web Server 7.1.2 - 'HEAD' Denial of Service RBExplorer 1.0 - (Hijacking Command) Denial of Service RBExplorer 1.0 - Hijacking Command Denial of Service Freeciv 2.0.7 - (Jumbo Malloc) Denial of Service Crash Freeciv 2.0.7 - (Jumbo Malloc) Crash (Denial of Service) XChat 2.6.7 - (Windows) Remote Denial of Service (PHP) XChat 2.6.7 - (Windows) Remote Denial of Service (Perl) XChat 2.6.7 (Windows) - Remote Denial of Service (PHP) XChat 2.6.7 (Windows) - Remote Denial of Service (Perl) Nokia Symbian 60 3rd Edition - Browser Denial of Service Crash Nokia Symbian 60 3rd Edition - Browser Crash (Denial of Service) Macromedia Flash 9 - (IE Plugin) Remote Denial of Service Crash Macromedia Flash 9 - (IE Plugin) Remote Crash (Denial of Service) AIDeX Mini-WebServer 1.1 - Remote Denial of Service Crash AIDeX Mini-WebServer 1.1 - Remote Crash (Denial of Service) Microsoft Windows - NtRaiseHardError 'Csrss.exe/winsrv.dll' Double-Free Microsoft Windows - 'Csrss.exe/winsrv.dll' NtRaiseHardError Double-Free Mozilla Firefox 2.0.0.3 - / Gran Paradiso 3.0a3 Denial of Service Hang / Crash Mozilla Firefox 2.0.0.3 - / Gran Paradiso 3.0a3 Hang / Crash (Denial of Service) Half-Life CSTRIKE Server 1.6 - Denial of Service (no-steam) Half-Life CSTRIKE Server 1.6 - 'no-steam' Denial of Service AyeView 2.20 - (malformed gif image) Local Crash AyeView 2.20 - Malformed .GIF Image Local Crash Microsoft Windows - '.chm' Denial of Service (HTML compiled) Microsoft Windows - '.chm' Denial of Service (HTML Compiled) Winamp 5.541 - '.mp3'/'.aiff' Multiple Denial of Services Winamp 5.541 - '.mp3'/'.aiff' File Multiple Denial of Service Vulnerabilities Multiple HTTP Server - Low Bandwidth Denial of Service (slowloris.pl) Multiple HTTP Server - 'slowloris.pl' Low Bandwidth Denial of Service Google Picasa 3.5 - Local Denial of Service Buffer Overflow Google Picasa 3.5 - Local Buffer Overflow (Denial of Service) 3Com OfficeConnect Routers - (Content-Type) Denial of Service 3Com OfficeConnect Routers - 'Content-Type' Denial of Service VSO Medoa Player 1.0.2.2 - Local Denial of Services (PoC) VSO Medoa Player 1.0.2.2 - Local Denial of Service (PoC) QtWeb 3.0 - Remote Denial of Service/Crash QtWeb 3.0 - Remote Crash (Denial of Service) NovaPlayer 1.0 - '.mp3' Local Denial of Service (2) NovaPlayer 1.0 - '.mp3' File Local Denial of Service (2) Media Player 6.4.9.1 with K-Lite Codec Pack - '.avi' Denial of Service/Crash Media Player 6.4.9.1 with K-Lite Codec Pack - '.avi' File Crash (Denial of Service) eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Crash SEH (PoC) eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Crash (SEH) (PoC) Apple Safari 4.0.5 - Object Tag 'JavaScriptCore.dll' Denial of Service (Crash) Apple Safari 4.0.5 - Object Tag 'JavaScriptCore.dll' Crash (Denial of Service) Optimal Archive 1.38 - '.zip' SEH (PoC) Optimal Archive 1.38 - '.zip' File (SEH) (PoC) MovieLibrary 1.4.401 - Local Denial of Service (.dmv) Book Library 1.4.162 - Local Denial of Service (.bkd) MovieLibrary 1.4.401 - '.dmv' Local Denial of Service Book Library 1.4.162 - '.bkd' Local Denial of Service Huawei EchoLife HG520c - Denial of Service / Modem Reset Huawei EchoLife HG520c - Modem Reset (Denial of Service) CommView 6.1 (Build 636) - Local Denial of Service (Blue Screen of Death) CommView 6.1 (Build 636) - Local Blue Screen of Death (Denial of Service) QtWeb 3.3 - Remote Denial of Service/Crash QtWeb 3.3 - Remote Crash (Denial of Service) Subtitle Translation Wizard 3.0.0 - SEH (PoC) Subtitle Translation Wizard 3.0.0 - (SEH) (PoC) Opera - Denial of Service by canvas Element Opera - Canvas Element (Denial of Service) Microsoft IIS 6.0 - ASP Stack Overflow (Stack Exhaustion) Denial of Service (MS10-065) Microsoft IIS 6.0 - ASP Stack Overflow Stack Exhaustion (Denial of Service) (MS10-065) HP Data Protector Manager 6.11 - Remote Denial of Service in RDS Service HP Data Protector Manager 6.11 - RDS Service Remote Denial of Service FreeBSD 8.0 - Local Denial of Service (Forced Reboot) FreeBSD 8.0 - Local Forced Reboot (Denial of Service) Hanso Player 1.4.0.0 - Buffer Overflow Denial of Service Skinfile Hanso Player 1.4.0.0 - Buffer Overflow Skinfile (Denial of Service) CiscoKits 1.0 - TFTP Server Denial of Service (Write command) CiscoKits 1.0 - TFTP Server 'Write Command' Denial of Service Apache - Remote Denial of Service (Memory Exhaustion) Apache - Remote Memory Exhaustion (Denial of Service) TOWeb 3.0 - Local Format String Denial of Service (TOWeb.MO file Corruption) TOWeb 3.0 - Local Format String Denial of Service 'TOWeb.MO' File Corruption BlueZone Desktop Multiple - Malformed files Local Denial of Service Vulnerabilities BlueZone Desktop Multiple - Malformed Files Local Denial of Service Vulnerabilities NJStar Communicator MiniSmtp - Buffer Overflow [ASLR Bypass] NJStar Communicator MiniSmtp - Buffer Overflow (ASLR Bypass) Wyse - Unauthenticated Machine Remote Power Off )Denial of Service) (Metasploit) Wyse - Unauthenticated Machine Remote Power Off (Denial of Service) (Metasploit) Qutecom SoftPhone 2.2.1 - Heap Overflow Denial of Service/Crash (PoC) Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC) Network Associates Gauntlet Firewall 5.0 - Denial of Service Attack Network Associates Gauntlet Firewall 5.0 - Denial of Service Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - Services.exe Denial of Service (1) Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - Services.exe Denial of Service (2) Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - 'Services.exe' Denial of Service (1) Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - 'Services.exe' Denial of Service (2) Mirabilis ICQ 0.99/98.0 a/2000.0 A/99a - Remote Denial of Service Attack Mirabilis ICQ 0.99/98.0 a/2000.0 A/99a - Remote Denial of Service Microsoft NT 4.0 RAS/PPTP - Malformed Control Packet Denial of Service Attack Microsoft NT 4.0 RAS/PPTP - Malformed Control Packet Denial of Service (Linux Kernel) ReiserFS 3.5.28 - Denial of Service (Possible Code Execution) (Linux Kernel) ReiserFS 3.5.28 - Potential Code Execution / Denial of Service Winlog Lite SCADA HMI system - SEH 0verwrite Winlog Lite SCADA HMI system - (SEH) Overwrite FL Studio 10 Producer Edition - SEH Based Buffer Overflow (PoC) FL Studio 10 Producer Edition - (SEH) Buffer Overflow (PoC) OptiSoft Blubster 2.5 - Remote Denial of Service Attack OptiSoft Blubster 2.5 - Remote Denial of Service ChatZilla 0.8.23 - Remote Denial of Service Attack ChatZilla 0.8.23 - Remote Denial of Service ACDSee 9.0 Photo Manager - Multiple BMP Denial of Service Vulnerabilities ACDSee 9.0 Photo Manager - Multiple '.BMP' Denial of Service Vulnerabilities Motorola SBG6580 Cable Modem & Wireless Router - Denial of Service Reboot Motorola SBG6580 Cable Modem & Wireless Router - Reboot (Denial of Service) Unreal Tournament 3 - Denial of Service / Memory Corruption Unreal Tournament 3 - Memory Corruption (Denial of Service) Gold MP4 Player 3.3 - Universal SEH Exploit (Metasploit) Gold MP4 Player 3.3 - Universal Exploit (SEH) (Metasploit) Jzip - SEH Unicode Buffer Overflow (Denial of Service) Jzip - Buffer Overflow (SEH Unicode) (Denial of Service) Symantec Endpoint Protection Manager 12.1.x - SEH Overflow (PoC) Symantec Endpoint Protection Manager 12.1.x - Overflow (SEH) (PoC) Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Issue Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Vulnerabilities NovaSTOR NovaNET 11.0 - Remote Denial of Service / Arbitrary memory read NovaSTOR NovaNET 11.0 - Remote Denial of Service / Arbitrary Memory Read Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' Buffer Overflow/Denial of Service EIP Overwrite Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow / Denial of Service EIP Overwrite JourneyMap 5.0.0RC2 Ultimate Edition - Denial of Service (Resource Consumption) JourneyMap 5.0.0RC2 Ultimate Edition - Resource Consumption (Denial of Service) Mediacoder 0.8.33 build 5680 - Buffer Overflow (SEH) Denial of Service (.lst) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) Denial of Service i.FTP 2.21 - SEH Overflow Crash (PoC) i.FTP 2.21 - (SEH) Overflow Crash (PoC) Tomabo MP4 Converter 3.10.12 < 3.11.12 - '.m3u' Denial of service (Crush Application) Tomabo MP4 Converter 3.10.12 < 3.11.12 - '.m3u' File Crush Application (Denial of Service) Sam Spade 1.14 - Scan From IP Address Field SEH Overflow Crash (PoC) Sam Spade 1.14 - Scan From IP Address Field (SEH) Overflow Crash (SEH) (PoC) Microsoft Windows - NtCreateLowBoxToken Handle Capture Local Denial of Service/Elevation of Privilege (MS15-111) Microsoft Windows - NtCreateLowBoxToken Handle Capture Local Denial of Service / Privilege Escalation (MS15-111) Sam Spade 1.14 - S-Lang Command Field SEH Overflow Sam Spade 1.14 - S-Lang Command Field Overflow (SEH) SuperScan 4.1 - Windows Enumeration Hostname/IP/URL Field SEH Overflow SuperScan 4.1 - Windows Enumeration Hostname/IP/URL Field Overflow (SEH) Network Scanner 4.0.0.0 - SEH Crash (PoC) Network Scanner 4.0.0.0 - (SEH)Crash (PoC) Zortam Mp3 Media Studio 20.15 - SEH Overflow Denial of Service Zortam Mp3 Media Studio 20.15 - Overflow (SEH) Denial of Service i.FTP 2.21 - Host Address / URL Field SEH Exploit i.FTP 2.21 - Host Address / URL Field (SEH) Oracle VirtualBox Guest Additions 5.1.18 - Unprivileged Windows User-Mode Guest Code Double-Free Oracle VirtualBox Guest Additions 5.1.18 - Unprivileged Windows User-Mode Guest Code Double-Free LG MRA58K - Out-of-Bounds Heap Read in CAVIFileParser::Destroy Resulting in Invalid Free LG MRA58K - Missing Bounds-Checking in AVI Stream Parsing LG MRA58K - 'ASFParser::ParseHeaderExtensionObjects' Missing Bounds-Checking Microsoft Windows Server 2000 - Utility Manager Privilege Elevation Exploit (MS04-019) Microsoft Windows Server 2000 - Utility Manager Privilege Escalation (MS04-019) Microsoft Windows - 'keybd_event' Local Privilege Elevation Exploit Microsoft Windows - 'keybd_event' Local Privilege Escalation Microsoft Vista - (NtRaiseHardError) Privilege Escalation Microsoft Vista - 'NtRaiseHardError' Privilege Escalation Oracle 10g (Windows x86) - (PROCESS_DUP_HANDLE) Local Privilege Elevation Oracle 10g (Windows x86) - (PROCESS_DUP_HANDLE) Local Privilege Escalation eTrust AntiVirus Agent r8 - Local Privilege Elevation Exploit eTrust AntiVirus Agent r8 - Local Privilege Escalation WinPcap 4.0 - 'NPF.SYS' Privilege Elevation (PoC) WinPcap 4.0 - 'NPF.SYS' Privilege Escalation (PoC) IntelliTamper (2.07/2.08) - Language Catalog SEH Overflow IntelliTamper (2.07/2.08) - Language Catalog Overflow (SEH) WINMOD 1.4 - '.lst' Local Stack Overflow XP SP3 (RET + SEH) (3) WINMOD 1.4 - '.lst' File Local Stack Overflow XP SP3 (RET + SEH) (3) CyberLink Power2Go Essential 9.0.1002.0 - Registry SEH/Unicode Buffer Overflow CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (Unicode SEH) DJ Studio Pro 5.1.6.5.2 - SEH Exploit DJ Studio Pro 5.1.6.5.2 - (SEH) Exploit Winamp 5.572 - SEH Exploit Winamp 5.572 - (SEH) Exploit Orbital Viewer 1.04 - '.orb' Local Universal SEH Overflow Orbital Viewer 1.04 - '.orb' File Local Universal Overflow (SEH) ZipScan 2.2c - SEH Exploit ZipScan 2.2c - (SEH) Exploit ZipCentral - '.zip' SEH Exploit eZip Wizard 3.0 - '.zip' SEH Exploit ZipCentral - '.zip' File (SEH) eZip Wizard 3.0 - '.zip' File (SEH) PHP 6.0 Dev - str_transliterate() Buffer Overflow (NX + ASLR Bypass) PHP 6.0 Dev - 'str_transliterate()' Buffer Overflow (NX + ASLR Bypass) Winamp 5.572 - 'whatsnew.txt' SEH (Metasploit) Winamp 5.572 - 'whatsnew.txt' (SEH) (Metasploit) ZipWrangler 1.20 - '.zip' SEH Exploit ZipWrangler 1.20 - '.zip' File (SEH) Urgent Backup 3.20 / ABC Backup Pro 5.20 / ABC Backup 5.50 - '.zip' SEH Exploit Urgent Backup 3.20 / ABC Backup Pro 5.20 / ABC Backup 5.50 - '.zip' File (SEH) Mediacoder 0.7.3.4672 - SEH Exploit Mediacoder 0.7.3.4672 - (SEH) Exploit VUPlayer 2.49 - '.m3u' Universal Buffer Overflow (DEP Bypass) (1) VUPlayer 2.49 - '.m3u' File Universal Buffer Overflow (DEP Bypass) (1) Castripper 2.50.70 - '.pls' Stack Buffer Overflow DEP Bypass Castripper 2.50.70 - '.pls' File Stack Buffer Overflow DEP Bypass BlazeDVD 5.1 - '.plf' Stack Buffer Overflow (PoC) (Windows 7 ASLR + DEP Bypass) Winamp 5.572 - Local Buffer Overflow (EIP & SEH DEP Bypass) BlazeDVD 5.1 - '.plf' File Stack Buffer Overflow (PoC) (Windows 7 ASLR + DEP Bypass) Winamp 5.572 - Local Buffer Overflow (EIP + SEH DEP Bypass) BlazeDVD 6.0 - '.plf' SEH Universal Buffer Overflow BlazeDVD 6.0 - '.plf' File (SEH) Universal Buffer Overflow RM Downloader 3.1.3 - Local SEH Exploit (Windows 7 ASLR + DEP Bypass) RM Downloader 3.1.3 (Windows 7) - Local ASLR + DEP Bypass (SEH) ASX to MP3 Converter 3.1.2.1 - SEH Exploit (Multiple OS ASLR + DEP Bypass) (Metasploit) ASX to MP3 Converter 3.1.2.1 - (SEH) Multiple OS ASLR + DEP Bypass (Metasploit) A-PDF WAV to MP3 1.0.0 - Universal Local SEH Exploit A-PDF WAV to MP3 1.0.0 - Universal Local (SEH) Acoustica MP3 Audio Mixer 2.471 - Extended M3U directives SEH Exploit Acoustica MP3 Audio Mixer 2.471 - Extended .M3U Directives (SEH) MP3 Workstation 9.2.1.1.2 - SEH Exploit MP3 Workstation 9.2.1.1.2 - (SEH) Exploit DJ Studio Pro 8.1.3.2.1 - SEH Exploit A-PDF All to MP3 Converter 1.1.0 - Universal Local SEH Exploit DJ Studio Pro 8.1.3.2.1 - (SEH) Exploit A-PDF All to MP3 Converter 1.1.0 - Universal Local (SEH) MP3 Workstation 9.2.1.1.2 - SEH Exploit (Metasploit) MP3 Workstation 9.2.1.1.2 - (SEH) (Metasploit) iworkstation 9.3.2.1.4 - SEH Exploit iworkstation 9.3.2.1.4 - (SEH) Exploit Quick Player 1.3 - Unicode SEH Exploit AudioTran 1.4.2.4 - SafeSEH + SEHOP Exploit Quick Player 1.3 - Unicode (SEH) AudioTran 1.4.2.4 - (SafeSEH + SEHOP) Exploit Microsoft Windows Vista/7 - Elevation of Privileges (UAC Bypass) Microsoft Windows Vista/7 - Privilege Escalation (UAC Bypass) Nokia MultiMedia Player 1.0 - SEH Unicode Exploit Nokia MultiMedia Player 1.0 - (SEH Unicode) WM Downloader 3.1.2.2 2010.04.15 - '.m3u' Buffer Overflow (DEP Bypass) WM Downloader 3.1.2.2 2010.04.15 - '.m3u' File Buffer Overflow (DEP Bypass) Adobe PDF - Escape EXE Social Engineering (No JavaScript)(Metasploit) Adobe PDF - Escape EXE Social Engineering (No JavaScript) (Metasploit) POP Peeper 3.7 - SEH Exploit POP Peeper 3.7 - (SEH) Exploit MPlayer Lite r33064 - '.m3u' SEH Overflow MPlayer Lite r33064 - '.m3u' Overflow (SEH) Wireshark 1.4.1 < 1.4.4 - SEH Overflow Wireshark 1.4.1 < 1.4.4 - Overflow (SEH) Subtitle Processor 7.7.1 - SEH Unicode Buffer Overflow Subtitle Processor 7.7.1 - Buffer Overflow (SEH Unicode) Subtitle Processor 7.7.1 - '.m3u' SEH Unicode Buffer Overflow (Metasploit) Subtitle Processor 7.7.1 - '.m3u' File Buffer Overflow (SEH Unicode) (Metasploit) The KMPlayer 3.0.0.1440 - '.mp3' Buffer Overflow (Windows XP SP3 DEP Bypass) The KMPlayer 3.0.0.1440 - '.mp3' File Buffer Overflow (Windows XP SP3 DEP Bypass) MPlayer Lite r33064 - m3u Buffer Overflow (DEP Bypass) MPlayer Lite r33064 - '.m3u' Buffer Overflow (DEP Bypass) DVD X Player 5.5 Pro - SEH + ASLR + DEP Bypass Exploit DVD X Player 5.5 Pro - SEH + ASLR + DEP Bypass MY MP3 Player 3.0 - '.m3u' Exploit DEP Bypass MY MP3 Player 3.0 - '.m3u' DEP Bypass TORCS 1.3.2 - xml Buffer Overflow /SAFESEH evasion TORCS 1.3.2 - '.xml' File Buffer Overflow /SafeSEH Evasion DJ Studio Pro 5.1.6.5.2 - SEH Exploit (Metasploit) DJ Studio Pro 5.1.6.5.2 - (SEH) (Metasploit) BlazeVideo HDTV Player 6.6 Professional - SEH + ASLR + DEP Bypass BlazeVideo HDTV Player 6.6 Professional - (SEH + ASLR + DEP Bypass) Corel Linux OS 1.0 - Denial of Serviceemu Distribution Configuration Corel Linux OS 1.0 - Dosemu Distribution Configuration MyMp3 Player Stack - '.m3u' DEP Bypass MyMp3 Player Stack - '.m3u' File DEP Bypass CoolPlayer+ Portable 2.19.2 - Buffer Overflow ASLR Bypass (Large Shellcode) CoolPlayer+ Portable 2.19.2 - Buffer Overflow (ASLR Bypass) (Large Shellcode) Microsoft IIS 4.0/5.0 - SSI Buffer Overrun Privilege Elevation Microsoft IIS 5.0 - In-Process Table Privilege Elevation Microsoft IIS 4.0/5.0 - SSI Buffer Overrun Privilege Escalation Microsoft IIS 5.0 - In-Process Table Privilege Escalation Taylor UUCP 1.0.6 - Argument Handling Privilege Elevation Taylor UUCP 1.0.6 - Argument Handling Privilege Escalation Microsoft Windows NT 4.0/2000 - Process Handle Local Privilege Elevation Microsoft Windows NT 4.0/2000 - Process Handle Local Privilege Escalation Huawei Technologies Internet Mobile - Unicode SEH Exploit Huawei Technologies Internet Mobile - Unicode (SEH) MySQL (Linux) - Database Privilege Elevation Exploit MySQL (Linux) - Database Privilege Escalation Man Utility 2.3.19 - Local Compression Program Privilege Elevation Man Utility 2.3.19 - Local Compression Program Privilege Escalation BlazeDVD 6.1 - PLF Exploit DEP/ASLR Bypass (Metasploit) BlazeDVD 6.1 - PLF Exploit (DEP + ASLR Bypass) (Metasploit) BOINC Manager (Seti@home) 7.0.64 - Field SEH based Buffer Overflow BOINC Manager (Seti@home) 7.0.64 - Field Buffer Overflow (SEH) Static HTTP Server 1.0 - SEH Overflow Static HTTP Server 1.0 - (SEH) Overflow ALLPlayer 5.6.2 - '.m3u' Local Buffer Overflow (SEH/Unicode) ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (Unicode SEH) VUPlayer 2.49 - '.m3u' Universal Buffer Overflow (DEP Bypass) (2) VUPlayer 2.49 - '.m3u' File Universal Buffer Overflow (DEP Bypass) (2) Adrenalin Player 2.2.5.3 - '.m3u' Buffer Overflow (SEH) ASLR + DEP Bypass Adrenalin Player 2.2.5.3 - '.m3u' File Buffer Overflow (SEH) (ASLR + DEP Bypass) OpenVPN Private Tunnel Core Service - Unquoted Service Path Elevation Of Privilege OpenVPN Private Tunnel Core Service - Unquoted Service Path Privilege Escalation Nidesoft MP3 Converter 2.6.18 - SEH Local Buffer Overflow Nidesoft MP3 Converter 2.6.18 - Local Buffer Overflow (SEH) Foxit Reader 7.0.6.1126 - Unquoted Service Path Elevation Of Privilege Foxit Reader 7.0.6.1126 - Unquoted Service Path Privilege Escalation Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Elevation of Privilege Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Privilege Escalation Quick Search 1.1.0.189 - 'search textbox' Unicode SEH Egghunter Buffer Overflow Free MP3 CD Ripper 2.6 2.8 - '.wav' SEH Based Buffer Overflow Free MP3 CD Ripper 2.6 2.8 - '.wav' SEH Based Buffer Overflow (Windows 7 DEP Bypass) Quick Search 1.1.0.189 - 'search textbox Buffer Overflow (Unicode SEH) (Egghunter) Free MP3 CD Ripper 2.6 2.8 - '.wav' File Buffer Overflow (SEH) Free MP3 CD Ripper 2.6 2.8 - '.wav' File Buffer Overflow (SEH) (Windows 7 DEP Bypass) Microsoft HTML Help Compiler 4.74.8702.0 - SEH Based Overflow Microsoft HTML Help Compiler 4.74.8702.0 - Overflow (SEH) MASM321 11 Quick Editor - '.qeditor' 4.0g - '.qse' SEH Based Buffer Overflow (ASLR & SAFESEH Bypass) MASM321 11 Quick Editor - '.qeditor' 4.0g - '.qse' File Buffer Overflow (SEH) (ASLR + SafeSEH Bypass) Mozilla - Maintenance Service Log File Overwrite Elevation of Privilege Mozilla - Maintenance Service Log File Overwrite Privilege Escalation Logitech Webcam Software 1.1 - eReg.exe SEH/Unicode Buffer Overflow Logitech Webcam Software 1.1 - 'eReg.exe' Buffer Overflow (SEH Unicode) Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow Tomabo MP4 Player 3.11.6 - Stack Overflow (SEH) KiTTY Portable 0.65.1.1p - Local Saved Session Overflow (Egghunter XP_ Denial of Service 7/8.1/10) KiTTY Portable 0.65.0.2p - Local kitty.ini Overflow (Wow64 Egghunter Windows 7) KiTTY Portable 0.65.1.1p - Local Saved Session Overflow (Egghunter XP / Denial of Service 7/8.1/10) KiTTY Portable 0.65.0.2p (Windows 7) - Local kitty.ini Overflow (Wow64 Egghunter) Comodo Anti-Virus - 'SHFolder.dll' Local Privilege Elevation Exploit Comodo Anti-Virus - 'SHFolder.dll' Local Privilege Escalation Internet Download Manager 6.25 Build 14 - 'Find file' Unicode SEH Exploit Internet Download Manager 6.25 Build 14 - 'Find file' Unicode (SEH) Cogent Datahub 7.3.9 Gamma Script - Elevation of Privilege Cogent Datahub 7.3.9 Gamma Script - Privilege Escalation Easy RM to MP3 Converter 2.7.3.700 - '.m3u' Exploit (Universal ASLR + DEP Bypass) Easy RM to MP3 Converter 2.7.3.700 - '.m3u' File Exploit (Universal ASLR + DEP Bypass) Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow (Metasploit) Tomabo MP4 Player 3.11.6 - Stack Overflow (SEH) (Metasploit) Mediacoder 0.8.43.5852 - '.m3u' SEH Exploit CoolPlayer+ Portable 2.19.6 - '.m3u' Stack Overflow (Egghunter + ASLR Bypass) Mediacoder 0.8.43.5852 - '.m3u' (SEH) CoolPlayer+ Portable 2.19.6 - '.m3u' File Stack Overflow (Egghunter + ASLR Bypass) VUPlayer 2.49 - '.pls' Stack Buffer Overflow (DEP Bypass) VUPlayer 2.49 - '.pls' File Stack Buffer Overflow (DEP Bypass) Netgear Genie 2.4.32 - Unquoted Service Path Elevation of Privilege Netgear Genie 2.4.32 - Unquoted Service Path Privilege Escalation Network Scanner 4.0.0 - SEH Local Buffer Overflow Network Scanner 4.0.0 - Local Buffer Overflow (SEH) Disk Pulse 9.7.26 - 'Add Directory' Local Buffer Overflow Microsoft Windows - '.ani' GDI Remote Elevation of Privilege Exploit (MS07-017) Microsoft Windows - '.ani' GDI Remote Privilege Escalation (MS07-017) Move Networks Quantum Streaming Player - SEH Overflow Move Networks Quantum Streaming Player - Overflow (SEH) Quick TFTP Server Pro 2.1 - Remote SEH Overflow Quick TFTP Server Pro 2.1 - Remote Overflow (SEH) Debian OpenSSH - Authenticated Remote SELinux Privilege Elevation Exploit Debian OpenSSH - Authenticated Remote SELinux Privilege Escalation FlashGet 1.9.0.1012 - 'FTP PWD Response' SEH STACK Overflow FlashGet 1.9.0.1012 - 'FTP PWD Response' SEH Stack Overflow PowerTCP FTP module - Multiple Technique Exploit (SEH/HeapSpray) PowerTCP FTP module - Multiple Technique Exploit (SEH HeapSpray) BigAnt Server 2.52 - SEH Exploit BigAnt Server 2.52 - (SEH) Exploit File Sharing Wizard 1.5.0 - SEH Exploit File Sharing Wizard 1.5.0 - (SEH) Exploit Kolibri 2.0 - Buffer Overflow RET + SEH Exploit (HEAD) Kolibri 2.0 - (HEAD) Buffer Overflow RET + (SEH) Easy File Sharing HTTP Server 7.2 - SEH Overflow (Metasploit) Easy File Sharing HTTP Server 7.2 - Overflow (SEH) (Metasploit) WorldMail IMAPd 3.0 - SEH Overflow (Egg Hunter) WorldMail IMAPd 3.0 - Overflow (SEH) (Egg Hunter) Sysax Multi Server 5.53 - SFTP Authenticated SEH Exploit Sysax Multi Server 5.53 - SFTP Authenticated (SEH) Simple Web Server 2.2-rc2 - ASLR Bypass Exploit Simple Web Server 2.2-rc2 - ASLR Bypass Microsoft SQL 2000/7.0 - Agent Jobs Privilege Elevation Microsoft SQL 2000/7.0 - Agent Jobs Privilege Escalation BigAnt Server 2.52 SP5 - SEH Stack Overflow ROP-based Exploit (ASLR + DEP Bypass) BigAnt Server 2.52 SP5 - (SEH) Stack Overflow ROP-Based Exploit (ASLR + DEP Bypass) Intrasrv Simple Web Server 1.0 - SEH Based Remote Code Execution Intrasrv Simple Web Server 1.0 - Remote Code Execution (SEH) Apache suEXEC - Privilege Elevation / Information Disclosure Apache suEXEC - Information Disclosure / Privilege Escalation Easy Internet Sharing Proxy Server 2.2 - SEH Overflow (Metasploit) Easy Internet Sharing Proxy Server 2.2 - Overflow (SEH) (Metasploit) Kolibri Web Server 2.0 - GET Request SEH Exploit Kolibri Web Server 2.0 - GET Request (SEH) Microsoft Windows Kerberos - Elevation of Privilege (MS14-068) Microsoft Windows Kerberos - Privilege Escalation (MS14-068) X360 VideoPlayer ActiveX Control 2.6 - (ASLR + DEP Bypass) X360 VideoPlayer ActiveX Control 2.6 - ASLR + DEP Bypass i.FTP 2.21 - Time Field SEH Exploit i.FTP 2.21 - Time Field (SEH) Konica Minolta FTP Utility 1.00 - Authenticated CWD Command SEH Overflow (Metasploit) Konica Minolta FTP Utility 1.00 - Authenticated CWD Command Overflow (SEH) (Metasploit) Easy File Sharing Web Server 7.2 - Remote SEH Based Overflow Easy File Sharing Web Server 7.2 - Remote Overflow (SEH) Konica Minolta FTP Utility 1.00 - CWD Command SEH Overflow Konica Minolta FTP Utility 1.00 - CWD Command Overflow (SEH) Sysax Multi Server 6.50 - HTTP File Share SEH Overflow Remote Code Execution Sysax Multi Server 6.50 - HTTP File Share Overflow (SEH) Remote Code Execution (SEH) TFTP Server 1.4 - WRQ Buffer Overflow (Egghunter) TFTP Server 1.4 - 'WRQ' Buffer Overflow (Egghunter) Easy File Sharing Web Server 7.2 - SEH Overflow (Egghunter) Easy File Sharing Web Server 7.2 - (SEH) Overflow (Egghunter) Easy File Sharing Web Server 7.2 - 'POST' Buffer Overflow Win32 - SEH omelet Shellcode Win32 - SEH Omelet Shellcode dotWidget CMS 1.0.6 - (file_path) Remote File Inclusion DreamAccount 3.1 - (da_path) Remote File Inclusion dotWidget CMS 1.0.6 - 'file_path' Remote File Inclusion DreamAccount 3.1 - 'da_path' Remote File Inclusion AWF CMS 1.11 - (spaw_root) Remote File Inclusion AWF CMS 1.11 - 'spaw_root' Remote File Inclusion Download-Engine 1.4.2 - (spaw) Remote File Inclusion Download-Engine 1.4.2 - 'spaw' Remote File Inclusion Newsscript 1.0 - Administrative Privilege Elevation Newsscript 1.0 - Administrative Privilege Escalation UBBCentral UBB.Threads 3.4/3.5 - Denial of Serviceearch.php SQL Injection UBBCentral UBB.Threads 3.4/3.5 - 'Dosearch.php' SQL Injection Cerberus Helpdesk 2.649 - cer_KnowledgebaseHandler.class.php _load_article_details Function SQL Injection Cerberus Helpdesk 2.649 - 'cer_KnowledgebaseHandler.class.php' '_load_article_details' Function SQL Injection cPanel 10.9 - Denial of Serviceetmytheme theme Parameter Cross-Site Scripting cPanel 10.9 - dosetmytheme 'theme' Parameter Cross-Site Scripting WordPress < 2.1.2 - PHP_Self Cross-Site Scripting WordPress < 2.1.2 - PHP_Self Cross-Site Scripting WordPress Plugin WP-Testimonials < 3.4.1 - SQL Injection Real Estate Classifieds Script - SQL Injection |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
For more examples, see the manual: https://www.exploit-db.com/searchsploit/
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
---------------------------------------------------------------------------------------- -----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms/)
---------------------------------------------------------------------------------------- -----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | windows/dos/17133.c
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046) | windows/dos/18755.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | windows/local/21844.rb
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | win_x86/local/40564.c
---------------------------------------------------------------------------------------- -----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).