A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
Find a file
Offensive Security 2170122160 DB: 2017-06-14
7 new exploits

MyServer 0.7.1 - (POST) Denial of Service
MyServer 0.7.1 - 'POST' Denial of Service

Foxmail 2.0 - (MAIL FROM:) Denial of Service
Foxmail 2.0 - 'MAIL FROM:' Denial of Service

Nokia Symbian 60 - (BlueTooth Nickname) Remote Restart (2)
Nokia Symbian 60 - 'BlueTooth Nickname' Remote Restart (2)
Ethereal 0.10.10 / tcpdump 3.9.1 - (rsvp_print) Infinite Loop Denial of Service
Tcpdump 3.8.x - (ldp_print) Infinite Loop Denial of Service
Tcpdump 3.8.x - (rt_routing_info) Infinite Loop Denial of Service
Tcpdump 3.8.x/3.9.1 - (isis_print) Infinite Loop Denial of Service
Ethereal 0.10.10 / tcpdump 3.9.1 - 'rsvp_print' Infinite Loop Denial of Service
Tcpdump 3.8.x - 'ldp_print' Infinite Loop Denial of Service
Tcpdump 3.8.x - 'rt_routing_info' Infinite Loop Denial of Service
Tcpdump 3.8.x/3.9.1 - 'isis_print' Infinite Loop Denial of Service

Ethereal 0.10.10 - (dissect_ipc_state) Remote Denial of Service
Ethereal 0.10.10 - 'dissect_ipc_state' Remote Denial of Service
phpBB 2.0.15 - Register Multiple Users Denial of Service (Perl)
phpBB 2.0.15 - Register Multiple Users Denial of Service (C)
phpBB 2.0.15 - Register Multiple Users (Denial of Service) (Perl)
phpBB 2.0.15 - Register Multiple Users (Denial of Service) (C)

Stream / Raped (Windows) - Denial of Service Attack
Stream / Raped (Windows) - Denial of Service
Ipswitch WS_FTP Server 5.03 - (RNFR) Buffer Overflow
Mercury/32 Mail Server 4.01a - (check) Buffer Overflow
Golden FTP Server Pro 2.52 - (USER) Remote Buffer Overflow
Ipswitch WS_FTP Server 5.03 - 'RNFR' Buffer Overflow
Mercury/32 Mail Server 4.01a - 'check' Buffer Overflow
Golden FTP Server Pro 2.52 - 'USER' Remote Buffer Overflow
Inframail Advantage Server Edition 6.0 < 6.37 - (SMTP) Buffer Overflow
Inframail Advantage Server Edition 6.0 < 6.37 - (FTP) Buffer Overflow
GTChat 0.95 Alpha - (adduser) Remote Denial of Service
Inframail Advantage Server Edition 6.0 < 6.37 - 'SMTP' Buffer Overflow
Inframail Advantage Server Edition 6.0 < 6.37 - 'FTP' Buffer Overflow
GTChat 0.95 Alpha - 'adduser' Remote Denial of Service

P2P Pro 1.0 - (command) Denial of Service
P2P Pro 1.0 - 'command' Denial of Service

Mozilla Products - (Host:) Buffer Overflow Denial of Service String
Mozilla Products - 'Host:' Buffer Overflow Denial of Service String

Fastream NETFile Web Server 7.1.2 - (HEAD) Denial of Service
Fastream NETFile Web Server 7.1.2 - 'HEAD' Denial of Service

RBExplorer 1.0 - (Hijacking Command) Denial of Service
RBExplorer 1.0 - Hijacking Command Denial of Service

Freeciv 2.0.7 - (Jumbo Malloc) Denial of Service Crash
Freeciv 2.0.7 - (Jumbo Malloc) Crash (Denial of Service)
XChat 2.6.7 - (Windows) Remote Denial of Service (PHP)
XChat 2.6.7 - (Windows) Remote Denial of Service (Perl)
XChat 2.6.7 (Windows) - Remote Denial of Service (PHP)
XChat 2.6.7 (Windows) - Remote Denial of Service (Perl)

Nokia Symbian 60 3rd Edition - Browser Denial of Service Crash
Nokia Symbian 60 3rd Edition - Browser Crash (Denial of Service)

Macromedia Flash 9 - (IE Plugin) Remote Denial of Service Crash
Macromedia Flash 9 - (IE Plugin) Remote Crash (Denial of Service)

AIDeX Mini-WebServer 1.1 - Remote Denial of Service Crash
AIDeX Mini-WebServer 1.1 - Remote Crash (Denial of Service)

Microsoft Windows - NtRaiseHardError 'Csrss.exe/winsrv.dll' Double-Free
Microsoft Windows - 'Csrss.exe/winsrv.dll' NtRaiseHardError Double-Free

Mozilla Firefox 2.0.0.3 - / Gran Paradiso 3.0a3 Denial of Service Hang / Crash
Mozilla Firefox 2.0.0.3 - / Gran Paradiso 3.0a3 Hang / Crash (Denial of Service)

Half-Life CSTRIKE Server 1.6 - Denial of Service (no-steam)
Half-Life CSTRIKE Server 1.6 - 'no-steam' Denial of Service

AyeView 2.20 - (malformed gif image) Local Crash
AyeView 2.20 - Malformed .GIF Image Local Crash

Microsoft Windows - '.chm' Denial of Service (HTML compiled)
Microsoft Windows - '.chm' Denial of Service (HTML Compiled)

Winamp 5.541 - '.mp3'/'.aiff' Multiple Denial of Services
Winamp 5.541 - '.mp3'/'.aiff' File Multiple Denial of Service Vulnerabilities

Multiple HTTP Server - Low Bandwidth Denial of Service (slowloris.pl)
Multiple HTTP Server - 'slowloris.pl' Low Bandwidth Denial of Service

Google Picasa 3.5 - Local Denial of Service Buffer Overflow
Google Picasa 3.5 - Local Buffer Overflow (Denial of Service)

3Com OfficeConnect Routers - (Content-Type) Denial of Service
3Com OfficeConnect Routers - 'Content-Type' Denial of Service

VSO Medoa Player 1.0.2.2 - Local Denial of Services (PoC)
VSO Medoa Player 1.0.2.2 - Local Denial of Service (PoC)

QtWeb 3.0 - Remote Denial of Service/Crash
QtWeb 3.0 - Remote Crash (Denial of Service)

NovaPlayer 1.0 - '.mp3' Local Denial of Service (2)
NovaPlayer 1.0 - '.mp3' File Local Denial of Service (2)

Media Player 6.4.9.1 with K-Lite Codec Pack - '.avi' Denial of Service/Crash
Media Player 6.4.9.1 with K-Lite Codec Pack - '.avi' File Crash (Denial of Service)

eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Crash SEH (PoC)
eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Crash (SEH) (PoC)

Apple Safari 4.0.5 - Object Tag 'JavaScriptCore.dll' Denial of Service (Crash)
Apple Safari 4.0.5 - Object Tag 'JavaScriptCore.dll' Crash (Denial of Service)

Optimal Archive 1.38 - '.zip' SEH (PoC)
Optimal Archive 1.38 - '.zip' File (SEH) (PoC)
MovieLibrary 1.4.401 - Local Denial of Service (.dmv)
Book Library 1.4.162 - Local Denial of Service (.bkd)
MovieLibrary 1.4.401 - '.dmv' Local Denial of Service
Book Library 1.4.162 - '.bkd' Local Denial of Service

Huawei EchoLife HG520c - Denial of Service / Modem Reset
Huawei EchoLife HG520c - Modem Reset (Denial of Service)

CommView 6.1 (Build 636) - Local Denial of Service (Blue Screen of Death)
CommView 6.1 (Build 636) - Local Blue Screen of Death (Denial of Service)

QtWeb 3.3 - Remote Denial of Service/Crash
QtWeb 3.3 - Remote Crash (Denial of Service)

Subtitle Translation Wizard 3.0.0 - SEH (PoC)
Subtitle Translation Wizard 3.0.0 - (SEH) (PoC)

Opera - Denial of Service by canvas Element
Opera - Canvas Element (Denial of Service)

Microsoft IIS 6.0 - ASP Stack Overflow (Stack Exhaustion) Denial of Service (MS10-065)
Microsoft IIS 6.0 - ASP Stack Overflow Stack Exhaustion (Denial of Service) (MS10-065)

HP Data Protector Manager 6.11 - Remote Denial of Service in RDS Service
HP Data Protector Manager 6.11 - RDS Service Remote Denial of Service

FreeBSD 8.0 - Local Denial of Service (Forced Reboot)
FreeBSD 8.0 - Local Forced Reboot (Denial of Service)

Hanso Player 1.4.0.0 - Buffer Overflow Denial of Service Skinfile
Hanso Player 1.4.0.0 - Buffer Overflow Skinfile (Denial of Service)

CiscoKits 1.0 - TFTP Server Denial of Service (Write command)
CiscoKits 1.0 - TFTP Server 'Write Command' Denial of Service

Apache - Remote Denial of Service (Memory Exhaustion)
Apache - Remote Memory Exhaustion (Denial of Service)

TOWeb 3.0 - Local Format String Denial of Service (TOWeb.MO file Corruption)
TOWeb 3.0 - Local Format String Denial of Service 'TOWeb.MO' File Corruption

BlueZone Desktop Multiple - Malformed files Local Denial of Service Vulnerabilities
BlueZone Desktop Multiple - Malformed Files Local Denial of Service Vulnerabilities

NJStar Communicator MiniSmtp - Buffer Overflow [ASLR Bypass]
NJStar Communicator MiniSmtp - Buffer Overflow (ASLR Bypass)

Wyse - Unauthenticated Machine Remote Power Off )Denial of Service) (Metasploit)
Wyse - Unauthenticated Machine Remote Power Off (Denial of Service) (Metasploit)

Qutecom SoftPhone 2.2.1 - Heap Overflow Denial of Service/Crash (PoC)
Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC)

Network Associates Gauntlet Firewall 5.0 - Denial of Service Attack
Network Associates Gauntlet Firewall 5.0 - Denial of Service
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - Services.exe Denial of Service (1)
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - Services.exe Denial of Service (2)
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - 'Services.exe' Denial of Service (1)
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - 'Services.exe' Denial of Service (2)

Mirabilis ICQ 0.99/98.0 a/2000.0 A/99a - Remote Denial of Service Attack
Mirabilis ICQ 0.99/98.0 a/2000.0 A/99a - Remote Denial of Service

Microsoft NT 4.0 RAS/PPTP - Malformed Control Packet Denial of Service Attack
Microsoft NT 4.0 RAS/PPTP - Malformed Control Packet Denial of Service

(Linux Kernel) ReiserFS 3.5.28 - Denial of Service (Possible Code Execution)
(Linux Kernel) ReiserFS 3.5.28 - Potential Code Execution / Denial of Service

Winlog Lite SCADA HMI system - SEH 0verwrite
Winlog Lite SCADA HMI system - (SEH) Overwrite

FL Studio 10 Producer Edition - SEH Based Buffer Overflow (PoC)
FL Studio 10 Producer Edition - (SEH) Buffer Overflow (PoC)

OptiSoft Blubster 2.5 - Remote Denial of Service Attack
OptiSoft Blubster 2.5 - Remote Denial of Service

ChatZilla 0.8.23 - Remote Denial of Service Attack
ChatZilla 0.8.23 - Remote Denial of Service

ACDSee 9.0 Photo Manager - Multiple BMP Denial of Service Vulnerabilities
ACDSee 9.0 Photo Manager - Multiple '.BMP' Denial of Service Vulnerabilities

Motorola SBG6580 Cable Modem & Wireless Router - Denial of Service Reboot
Motorola SBG6580 Cable Modem & Wireless Router - Reboot (Denial of Service)

Unreal Tournament 3 - Denial of Service / Memory Corruption
Unreal Tournament 3 - Memory Corruption (Denial of Service)

Gold MP4 Player 3.3 - Universal SEH Exploit (Metasploit)
Gold MP4 Player 3.3 - Universal Exploit (SEH) (Metasploit)

Jzip - SEH Unicode Buffer Overflow (Denial of Service)
Jzip - Buffer Overflow (SEH Unicode) (Denial of Service)

Symantec Endpoint Protection Manager 12.1.x - SEH Overflow (PoC)
Symantec Endpoint Protection Manager 12.1.x - Overflow (SEH) (PoC)

Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Issue
Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Vulnerabilities

NovaSTOR NovaNET 11.0 - Remote Denial of Service / Arbitrary memory read
NovaSTOR NovaNET 11.0 - Remote Denial of Service / Arbitrary Memory Read

Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' Buffer Overflow/Denial of Service EIP Overwrite
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow / Denial of Service EIP Overwrite

JourneyMap 5.0.0RC2 Ultimate Edition - Denial of Service (Resource Consumption)
JourneyMap 5.0.0RC2 Ultimate Edition - Resource Consumption (Denial of Service)

Mediacoder 0.8.33 build 5680 - Buffer Overflow (SEH) Denial of Service (.lst)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) Denial of Service

i.FTP 2.21 - SEH Overflow Crash (PoC)
i.FTP 2.21 - (SEH) Overflow Crash (PoC)

Tomabo MP4 Converter 3.10.12 < 3.11.12 - '.m3u' Denial of service (Crush Application)
Tomabo MP4 Converter 3.10.12 < 3.11.12 - '.m3u' File Crush Application (Denial of Service)

Sam Spade 1.14 - Scan From IP Address Field SEH Overflow Crash (PoC)
Sam Spade 1.14 - Scan From IP Address Field (SEH) Overflow Crash (SEH) (PoC)

Microsoft Windows - NtCreateLowBoxToken Handle Capture Local Denial of Service/Elevation of Privilege (MS15-111)
Microsoft Windows - NtCreateLowBoxToken Handle Capture Local Denial of Service / Privilege Escalation (MS15-111)

Sam Spade 1.14 - S-Lang Command Field SEH Overflow
Sam Spade 1.14 - S-Lang Command Field Overflow (SEH)

SuperScan 4.1 - Windows Enumeration Hostname/IP/URL Field SEH Overflow
SuperScan 4.1 - Windows Enumeration Hostname/IP/URL Field Overflow (SEH)

Network Scanner 4.0.0.0 - SEH Crash (PoC)
Network Scanner 4.0.0.0 - (SEH)Crash (PoC)

Zortam Mp3 Media Studio 20.15 - SEH Overflow Denial of Service
Zortam Mp3 Media Studio 20.15 - Overflow (SEH) Denial of Service

i.FTP 2.21 - Host Address / URL Field SEH Exploit
i.FTP 2.21 - Host Address / URL Field (SEH)

Oracle VirtualBox Guest Additions 5.1.18 -  Unprivileged Windows User-Mode Guest Code Double-Free
Oracle VirtualBox Guest Additions 5.1.18 - Unprivileged Windows User-Mode Guest Code Double-Free
LG MRA58K - Out-of-Bounds Heap Read in CAVIFileParser::Destroy Resulting in Invalid Free
LG MRA58K - Missing Bounds-Checking in AVI Stream Parsing
LG MRA58K - 'ASFParser::ParseHeaderExtensionObjects' Missing Bounds-Checking

Microsoft Windows Server 2000 - Utility Manager Privilege Elevation Exploit (MS04-019)
Microsoft Windows Server 2000 - Utility Manager Privilege Escalation (MS04-019)

Microsoft Windows - 'keybd_event' Local Privilege Elevation Exploit
Microsoft Windows - 'keybd_event' Local Privilege Escalation

Microsoft Vista - (NtRaiseHardError) Privilege Escalation
Microsoft Vista - 'NtRaiseHardError' Privilege Escalation

Oracle 10g (Windows x86) - (PROCESS_DUP_HANDLE) Local Privilege Elevation
Oracle 10g (Windows x86) - (PROCESS_DUP_HANDLE) Local Privilege Escalation

eTrust AntiVirus Agent r8 - Local Privilege Elevation Exploit
eTrust AntiVirus Agent r8 - Local Privilege Escalation

WinPcap 4.0 - 'NPF.SYS' Privilege Elevation (PoC)
WinPcap 4.0 - 'NPF.SYS' Privilege Escalation (PoC)

IntelliTamper (2.07/2.08) - Language Catalog SEH Overflow
IntelliTamper (2.07/2.08) - Language Catalog Overflow (SEH)

WINMOD 1.4 - '.lst' Local Stack Overflow XP SP3 (RET + SEH) (3)
WINMOD 1.4 - '.lst' File Local Stack Overflow XP SP3 (RET + SEH) (3)

CyberLink Power2Go Essential 9.0.1002.0 - Registry SEH/Unicode Buffer Overflow
CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (Unicode SEH)

DJ Studio Pro 5.1.6.5.2 - SEH Exploit
DJ Studio Pro 5.1.6.5.2 - (SEH) Exploit

Winamp 5.572 - SEH Exploit
Winamp 5.572 - (SEH) Exploit

Orbital Viewer 1.04 - '.orb' Local Universal SEH Overflow
Orbital Viewer 1.04 - '.orb' File Local Universal Overflow (SEH)

ZipScan 2.2c - SEH Exploit
ZipScan 2.2c - (SEH) Exploit
ZipCentral - '.zip' SEH Exploit
eZip Wizard 3.0 - '.zip' SEH Exploit
ZipCentral - '.zip' File (SEH)
eZip Wizard 3.0 - '.zip' File (SEH)

PHP 6.0 Dev - str_transliterate() Buffer Overflow (NX + ASLR Bypass)
PHP 6.0 Dev - 'str_transliterate()' Buffer Overflow (NX + ASLR Bypass)

Winamp 5.572 - 'whatsnew.txt' SEH (Metasploit)
Winamp 5.572 - 'whatsnew.txt' (SEH) (Metasploit)

ZipWrangler 1.20 - '.zip' SEH Exploit
ZipWrangler 1.20 - '.zip' File (SEH)

Urgent Backup 3.20 / ABC Backup Pro 5.20 / ABC Backup 5.50 - '.zip' SEH Exploit
Urgent Backup 3.20 / ABC Backup Pro 5.20 / ABC Backup 5.50 - '.zip' File (SEH)

Mediacoder 0.7.3.4672 - SEH Exploit
Mediacoder 0.7.3.4672 - (SEH) Exploit

VUPlayer 2.49 - '.m3u' Universal Buffer Overflow (DEP Bypass) (1)
VUPlayer 2.49 - '.m3u' File Universal Buffer Overflow (DEP Bypass) (1)

Castripper 2.50.70 - '.pls' Stack Buffer Overflow DEP Bypass
Castripper 2.50.70 - '.pls' File Stack Buffer Overflow DEP Bypass
BlazeDVD 5.1 - '.plf' Stack Buffer Overflow (PoC) (Windows 7 ASLR + DEP Bypass)
Winamp 5.572 - Local Buffer Overflow (EIP & SEH DEP Bypass)
BlazeDVD 5.1 - '.plf' File Stack Buffer Overflow (PoC) (Windows 7 ASLR + DEP Bypass)
Winamp 5.572 - Local Buffer Overflow (EIP + SEH DEP Bypass)

BlazeDVD 6.0 - '.plf' SEH Universal Buffer Overflow
BlazeDVD 6.0 - '.plf' File (SEH) Universal Buffer Overflow

RM Downloader 3.1.3 - Local SEH Exploit (Windows 7 ASLR + DEP Bypass)
RM Downloader 3.1.3 (Windows 7) - Local ASLR + DEP Bypass (SEH)

ASX to MP3 Converter 3.1.2.1 - SEH Exploit (Multiple OS ASLR + DEP Bypass) (Metasploit)
ASX to MP3 Converter 3.1.2.1 - (SEH) Multiple OS ASLR + DEP Bypass (Metasploit)

A-PDF WAV to MP3 1.0.0 - Universal Local SEH Exploit
A-PDF WAV to MP3 1.0.0 - Universal Local (SEH)

Acoustica MP3 Audio Mixer 2.471 - Extended M3U directives SEH Exploit
Acoustica MP3 Audio Mixer 2.471 - Extended .M3U Directives (SEH)

MP3 Workstation 9.2.1.1.2 - SEH Exploit
MP3 Workstation 9.2.1.1.2 - (SEH) Exploit
DJ Studio Pro 8.1.3.2.1 - SEH Exploit
A-PDF All to MP3 Converter 1.1.0 - Universal Local SEH Exploit
DJ Studio Pro 8.1.3.2.1 - (SEH) Exploit
A-PDF All to MP3 Converter 1.1.0 - Universal Local (SEH)

MP3 Workstation 9.2.1.1.2 - SEH Exploit (Metasploit)
MP3 Workstation 9.2.1.1.2 - (SEH) (Metasploit)

iworkstation 9.3.2.1.4 - SEH Exploit
iworkstation 9.3.2.1.4 - (SEH) Exploit
Quick Player 1.3 - Unicode SEH Exploit
AudioTran 1.4.2.4 - SafeSEH + SEHOP Exploit
Quick Player 1.3 - Unicode (SEH)
AudioTran 1.4.2.4 - (SafeSEH + SEHOP) Exploit

Microsoft Windows Vista/7 - Elevation of Privileges (UAC Bypass)
Microsoft Windows Vista/7 - Privilege Escalation (UAC Bypass)

Nokia MultiMedia Player 1.0 - SEH Unicode Exploit
Nokia MultiMedia Player 1.0 - (SEH Unicode)

WM Downloader 3.1.2.2 2010.04.15 - '.m3u' Buffer Overflow (DEP Bypass)
WM Downloader 3.1.2.2 2010.04.15 - '.m3u' File Buffer Overflow (DEP Bypass)

Adobe PDF - Escape EXE Social Engineering (No JavaScript)(Metasploit)
Adobe PDF - Escape EXE Social Engineering (No JavaScript) (Metasploit)

POP Peeper 3.7 - SEH Exploit
POP Peeper 3.7 - (SEH) Exploit

MPlayer Lite r33064 - '.m3u' SEH Overflow
MPlayer Lite r33064 - '.m3u' Overflow (SEH)

Wireshark 1.4.1 < 1.4.4 - SEH Overflow
Wireshark 1.4.1 < 1.4.4 - Overflow (SEH)

Subtitle Processor 7.7.1 - SEH Unicode Buffer Overflow
Subtitle Processor 7.7.1 - Buffer Overflow (SEH Unicode)

Subtitle Processor 7.7.1 - '.m3u' SEH Unicode Buffer Overflow (Metasploit)
Subtitle Processor 7.7.1 - '.m3u' File Buffer Overflow (SEH Unicode) (Metasploit)

The KMPlayer 3.0.0.1440 - '.mp3' Buffer Overflow (Windows XP SP3 DEP Bypass)
The KMPlayer 3.0.0.1440 - '.mp3' File Buffer Overflow (Windows XP SP3 DEP Bypass)

MPlayer Lite r33064 - m3u Buffer Overflow (DEP Bypass)
MPlayer Lite r33064 - '.m3u' Buffer Overflow (DEP Bypass)

DVD X Player 5.5 Pro - SEH + ASLR + DEP Bypass Exploit
DVD X Player 5.5 Pro - SEH + ASLR + DEP Bypass

MY MP3 Player 3.0 - '.m3u' Exploit DEP Bypass
MY MP3 Player 3.0 - '.m3u' DEP Bypass

TORCS 1.3.2 - xml Buffer Overflow /SAFESEH evasion
TORCS 1.3.2 - '.xml' File Buffer Overflow /SafeSEH Evasion

DJ Studio Pro 5.1.6.5.2 - SEH Exploit (Metasploit)
DJ Studio Pro 5.1.6.5.2 - (SEH) (Metasploit)

BlazeVideo HDTV Player 6.6 Professional - SEH + ASLR + DEP Bypass
BlazeVideo HDTV Player 6.6 Professional - (SEH + ASLR + DEP Bypass)

Corel Linux OS 1.0 - Denial of Serviceemu Distribution Configuration
Corel Linux OS 1.0 - Dosemu Distribution Configuration

MyMp3 Player Stack - '.m3u' DEP Bypass
MyMp3 Player Stack - '.m3u' File DEP Bypass

CoolPlayer+ Portable 2.19.2 - Buffer Overflow ASLR Bypass (Large Shellcode)
CoolPlayer+ Portable 2.19.2 - Buffer Overflow (ASLR Bypass) (Large Shellcode)
Microsoft IIS 4.0/5.0 - SSI Buffer Overrun Privilege Elevation
Microsoft IIS 5.0 - In-Process Table Privilege Elevation
Microsoft IIS 4.0/5.0 - SSI Buffer Overrun Privilege Escalation
Microsoft IIS 5.0 - In-Process Table Privilege Escalation

Taylor UUCP 1.0.6 - Argument Handling Privilege Elevation
Taylor UUCP 1.0.6 - Argument Handling Privilege Escalation

Microsoft Windows NT 4.0/2000 - Process Handle Local Privilege Elevation
Microsoft Windows NT 4.0/2000 - Process Handle Local Privilege Escalation

Huawei Technologies Internet Mobile - Unicode SEH Exploit
Huawei Technologies Internet Mobile - Unicode (SEH)

MySQL (Linux) - Database Privilege Elevation Exploit
MySQL (Linux) - Database Privilege Escalation

Man Utility 2.3.19 - Local Compression Program Privilege Elevation
Man Utility 2.3.19 - Local Compression Program Privilege Escalation

BlazeDVD 6.1 - PLF Exploit DEP/ASLR Bypass (Metasploit)
BlazeDVD 6.1 - PLF Exploit (DEP + ASLR Bypass) (Metasploit)

BOINC Manager (Seti@home) 7.0.64 - Field SEH based Buffer Overflow
BOINC Manager (Seti@home) 7.0.64 - Field Buffer Overflow (SEH)

Static HTTP Server 1.0 - SEH Overflow
Static HTTP Server 1.0 - (SEH) Overflow

ALLPlayer 5.6.2 - '.m3u' Local Buffer Overflow (SEH/Unicode)
ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (Unicode SEH)

VUPlayer 2.49 - '.m3u' Universal Buffer Overflow (DEP Bypass) (2)
VUPlayer 2.49 - '.m3u' File Universal Buffer Overflow (DEP Bypass) (2)

Adrenalin Player 2.2.5.3 - '.m3u' Buffer Overflow (SEH) ASLR + DEP Bypass
Adrenalin Player 2.2.5.3 - '.m3u' File Buffer Overflow (SEH) (ASLR + DEP Bypass)

OpenVPN Private Tunnel Core Service - Unquoted Service Path Elevation Of Privilege
OpenVPN Private Tunnel Core Service - Unquoted Service Path Privilege Escalation

Nidesoft MP3 Converter 2.6.18 - SEH Local Buffer Overflow
Nidesoft MP3 Converter 2.6.18 - Local Buffer Overflow (SEH)

Foxit Reader 7.0.6.1126 - Unquoted Service Path Elevation Of Privilege
Foxit Reader 7.0.6.1126 - Unquoted Service Path Privilege Escalation

Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Elevation of Privilege
Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Privilege Escalation
Quick Search 1.1.0.189 - 'search textbox' Unicode SEH Egghunter Buffer Overflow
Free MP3 CD Ripper 2.6 2.8 - '.wav' SEH Based Buffer Overflow
Free MP3 CD Ripper 2.6 2.8 - '.wav' SEH Based Buffer Overflow (Windows 7 DEP Bypass)
Quick Search 1.1.0.189 - 'search textbox Buffer Overflow (Unicode SEH) (Egghunter)
Free MP3 CD Ripper 2.6 2.8 - '.wav' File Buffer Overflow (SEH)
Free MP3 CD Ripper 2.6 2.8 - '.wav' File Buffer Overflow (SEH) (Windows 7 DEP Bypass)

Microsoft HTML Help Compiler 4.74.8702.0 - SEH Based Overflow
Microsoft HTML Help Compiler 4.74.8702.0 - Overflow (SEH)

MASM321 11 Quick Editor - '.qeditor' 4.0g - '.qse' SEH Based Buffer Overflow (ASLR & SAFESEH Bypass)
MASM321 11 Quick Editor - '.qeditor' 4.0g - '.qse' File Buffer Overflow (SEH) (ASLR + SafeSEH Bypass)

Mozilla - Maintenance Service Log File Overwrite Elevation of Privilege
Mozilla - Maintenance Service Log File Overwrite Privilege Escalation

Logitech Webcam Software 1.1 - eReg.exe SEH/Unicode Buffer Overflow
Logitech Webcam Software 1.1 - 'eReg.exe' Buffer Overflow (SEH Unicode)

Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow
Tomabo MP4 Player 3.11.6 - Stack Overflow (SEH)
KiTTY Portable 0.65.1.1p - Local Saved Session Overflow (Egghunter XP_ Denial of Service 7/8.1/10)
KiTTY Portable 0.65.0.2p - Local kitty.ini Overflow (Wow64 Egghunter Windows 7)
KiTTY Portable 0.65.1.1p - Local Saved Session Overflow (Egghunter XP / Denial of Service 7/8.1/10)
KiTTY Portable 0.65.0.2p (Windows 7) - Local kitty.ini Overflow (Wow64 Egghunter)

Comodo Anti-Virus - 'SHFolder.dll' Local Privilege Elevation Exploit
Comodo Anti-Virus - 'SHFolder.dll' Local Privilege Escalation

Internet Download Manager 6.25 Build 14 - 'Find file' Unicode SEH Exploit
Internet Download Manager 6.25 Build 14 - 'Find file' Unicode (SEH)

Cogent Datahub 7.3.9 Gamma Script - Elevation of Privilege
Cogent Datahub 7.3.9 Gamma Script - Privilege Escalation

Easy RM to MP3 Converter 2.7.3.700 - '.m3u' Exploit (Universal ASLR + DEP Bypass)
Easy RM to MP3 Converter 2.7.3.700 - '.m3u' File Exploit (Universal ASLR + DEP Bypass)

Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow (Metasploit)
Tomabo MP4 Player 3.11.6 - Stack Overflow (SEH) (Metasploit)
Mediacoder 0.8.43.5852 - '.m3u' SEH Exploit
CoolPlayer+ Portable 2.19.6 - '.m3u' Stack Overflow (Egghunter + ASLR Bypass)
Mediacoder 0.8.43.5852 - '.m3u' (SEH)
CoolPlayer+ Portable 2.19.6 - '.m3u' File Stack Overflow (Egghunter + ASLR Bypass)

VUPlayer 2.49 - '.pls' Stack Buffer Overflow (DEP Bypass)
VUPlayer 2.49 - '.pls' File Stack Buffer Overflow (DEP Bypass)

Netgear Genie 2.4.32 - Unquoted Service Path Elevation of Privilege
Netgear Genie 2.4.32 - Unquoted Service Path Privilege Escalation

Network Scanner 4.0.0 - SEH Local Buffer Overflow
Network Scanner 4.0.0 - Local Buffer Overflow (SEH)

Disk Pulse 9.7.26 - 'Add Directory' Local Buffer Overflow

Microsoft Windows - '.ani' GDI Remote Elevation of Privilege Exploit (MS07-017)
Microsoft Windows - '.ani' GDI Remote Privilege Escalation (MS07-017)

Move Networks Quantum Streaming Player - SEH Overflow
Move Networks Quantum Streaming Player - Overflow (SEH)

Quick TFTP Server Pro 2.1 - Remote SEH Overflow
Quick TFTP Server Pro 2.1 - Remote Overflow (SEH)

Debian OpenSSH - Authenticated Remote SELinux Privilege Elevation Exploit
Debian OpenSSH - Authenticated Remote SELinux Privilege Escalation

FlashGet 1.9.0.1012 - 'FTP PWD Response' SEH STACK Overflow
FlashGet 1.9.0.1012 - 'FTP PWD Response' SEH Stack Overflow

PowerTCP FTP module - Multiple Technique Exploit (SEH/HeapSpray)
PowerTCP FTP module - Multiple Technique Exploit (SEH HeapSpray)

BigAnt Server 2.52 - SEH Exploit
BigAnt Server 2.52 - (SEH) Exploit

File Sharing Wizard 1.5.0 - SEH Exploit
File Sharing Wizard 1.5.0 - (SEH) Exploit

Kolibri 2.0 - Buffer Overflow RET + SEH Exploit (HEAD)
Kolibri 2.0 - (HEAD) Buffer Overflow RET + (SEH)

Easy File Sharing HTTP Server 7.2 - SEH Overflow (Metasploit)
Easy File Sharing HTTP Server 7.2 - Overflow (SEH) (Metasploit)

WorldMail IMAPd 3.0 - SEH Overflow (Egg Hunter)
WorldMail IMAPd 3.0 - Overflow (SEH) (Egg Hunter)

Sysax Multi Server 5.53 - SFTP Authenticated SEH Exploit
Sysax Multi Server 5.53 - SFTP Authenticated (SEH)

Simple Web Server 2.2-rc2 - ASLR Bypass Exploit
Simple Web Server 2.2-rc2 - ASLR Bypass

Microsoft SQL 2000/7.0 - Agent Jobs Privilege Elevation
Microsoft SQL 2000/7.0 - Agent Jobs Privilege Escalation

BigAnt Server 2.52 SP5 - SEH Stack Overflow ROP-based Exploit (ASLR + DEP Bypass)
BigAnt Server 2.52 SP5 - (SEH) Stack Overflow ROP-Based Exploit (ASLR + DEP Bypass)

Intrasrv Simple Web Server 1.0 - SEH Based Remote Code Execution
Intrasrv Simple Web Server 1.0 - Remote Code Execution (SEH)

Apache suEXEC - Privilege Elevation / Information Disclosure
Apache suEXEC - Information Disclosure / Privilege Escalation

Easy Internet Sharing Proxy Server 2.2 - SEH Overflow (Metasploit)
Easy Internet Sharing Proxy Server 2.2 - Overflow (SEH) (Metasploit)

Kolibri Web Server 2.0 - GET Request SEH Exploit
Kolibri Web Server 2.0 - GET Request (SEH)

Microsoft Windows Kerberos - Elevation of Privilege (MS14-068)
Microsoft Windows Kerberos - Privilege Escalation (MS14-068)

X360 VideoPlayer ActiveX Control 2.6 - (ASLR + DEP Bypass)
X360 VideoPlayer ActiveX Control 2.6 - ASLR + DEP Bypass

i.FTP 2.21 - Time Field SEH Exploit
i.FTP 2.21 - Time Field (SEH)

Konica Minolta FTP Utility 1.00 - Authenticated CWD Command SEH Overflow (Metasploit)
Konica Minolta FTP Utility 1.00 - Authenticated CWD Command Overflow (SEH) (Metasploit)

Easy File Sharing Web Server 7.2 - Remote SEH Based Overflow
Easy File Sharing Web Server 7.2 - Remote Overflow (SEH)

Konica Minolta FTP Utility 1.00 - CWD Command SEH Overflow
Konica Minolta FTP Utility 1.00 - CWD Command Overflow (SEH)

Sysax Multi Server 6.50 - HTTP File Share SEH Overflow Remote Code Execution
Sysax Multi Server 6.50 - HTTP File Share Overflow (SEH) Remote Code Execution (SEH)

TFTP Server 1.4 - WRQ Buffer Overflow (Egghunter)
TFTP Server 1.4 - 'WRQ' Buffer Overflow (Egghunter)

Easy File Sharing Web Server 7.2 - SEH Overflow (Egghunter)
Easy File Sharing Web Server 7.2 - (SEH) Overflow (Egghunter)

Easy File Sharing Web Server 7.2 - 'POST' Buffer Overflow

Win32 - SEH omelet Shellcode
Win32 - SEH Omelet Shellcode
dotWidget CMS 1.0.6 - (file_path) Remote File Inclusion
DreamAccount 3.1 - (da_path) Remote File Inclusion
dotWidget CMS 1.0.6 - 'file_path' Remote File Inclusion
DreamAccount 3.1 - 'da_path' Remote File Inclusion

AWF CMS 1.11 - (spaw_root) Remote File Inclusion
AWF CMS 1.11 - 'spaw_root' Remote File Inclusion

Download-Engine 1.4.2 - (spaw) Remote File Inclusion
Download-Engine 1.4.2 - 'spaw' Remote File Inclusion

Newsscript 1.0 - Administrative Privilege Elevation
Newsscript 1.0 - Administrative Privilege Escalation

UBBCentral UBB.Threads 3.4/3.5 - Denial of Serviceearch.php SQL Injection
UBBCentral UBB.Threads 3.4/3.5 - 'Dosearch.php' SQL Injection

Cerberus Helpdesk 2.649 - cer_KnowledgebaseHandler.class.php _load_article_details Function SQL Injection
Cerberus Helpdesk 2.649 - 'cer_KnowledgebaseHandler.class.php' '_load_article_details' Function SQL Injection

cPanel 10.9 - Denial of Serviceetmytheme theme Parameter Cross-Site Scripting
cPanel 10.9 - dosetmytheme 'theme' Parameter Cross-Site Scripting

WordPress < 2.1.2  - PHP_Self Cross-Site Scripting
WordPress < 2.1.2 - PHP_Self Cross-Site Scripting
WordPress Plugin WP-Testimonials < 3.4.1 - SQL Injection
Real Estate Classifieds Script - SQL Injection
2017-06-14 05:01:26 +00:00
platforms DB: 2017-06-14 2017-06-14 05:01:26 +00:00
files.csv DB: 2017-06-14 2017-06-14 05:01:26 +00:00
README.md Updated README output 2017-04-24 16:21:27 +01:00
searchsploit Better EDB-ID detection - able to put in path and it will extract the value 2017-06-13 13:48:07 +01:00

The Exploit Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

==========
 Examples
==========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446

  For more examples, see the manual: https://www.exploit-db.com/searchsploit/

=========
 Options
=========
   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help                 Show this help screen.
   -j, --json     [Term]      Show result in JSON format.
   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
   -u, --update               Check for and install any exploitdb package updates (deb or git).
   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
       --colour               Disable colour highlighting in search results.
       --id                   Display the EDB-ID value rather than local path.
       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                              Use "-v" (verbose) to try even more combinations
=======
 Notes
=======
 * You can use any number of search terms.
 * Search terms are not case-sensitive (by default), and ordering is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching using numbers - i.e. versions).
 * When updating from git or displaying help, search terms will be ignored.

root@kali:~#
root@kali:~# searchsploit afd windows local
---------------------------------------------------------------------------------------- -----------------------------------
 Exploit Title                                                                          |  Path
                                                                                        | (/usr/share/exploitdb/platforms/)
---------------------------------------------------------------------------------------- -----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service                         | windows/dos/17133.c
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046)                     | windows/dos/18755.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066)        | windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)                   | windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit)          | windows/local/21844.rb
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)  | win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)  | win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046)                     | win_x86/local/40564.c
---------------------------------------------------------------------------------------- -----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
    URL: https://www.exploit-db.com/exploits/39446/
   Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py

Copied EDB-ID 39446's path to the clipboard.

root@kali:~#

SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).