A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb

Find a file

Offensive Security 3cfdd1cc27 DB: 2017-10-12 5 new exploits MultiTheftAuto 0.5 patch 1 - Server Crash and MOTD Deletion Exploit MultiTheftAuto 0.5 patch 1 - Server Crash / MOTD Deletion Exploit Amaya Web Editor 11.0 - XML and HTML parser Vulnerabilities Amaya Web Editor 11.0 - XML / HTML Parser Vulnerabilities Apple Safari & QuickTime - Denial of Service Apple Safari / QuickTime - Denial of Service Real Helix DNA - RTSP and SETUP Request Handler Vulnerabilities Real Helix DNA - RTSP / SETUP Request Handler Vulnerabilities Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service and Unspecified Vulnerabilities Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service / Unspecified Vulnerabilities Novell Netware - CIFS And AFP Remote Memory Consumption Denial of Service Novell Netware - CIFS and AFP Remote Memory Consumption Denial of Service Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities Multiple Adobe Products - XML External Entity / XML Injection Vulnerabilities Ghost Recon Advanced Warfighter - Integer Overflow and Array Indexing Overflow Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow Webkit (Apple Safari < 4.1.2/5.0.2 & Google Chrome < 5.0.375.125) - Memory Corruption Webkit (Apple Safari < 4.1.2/5.0.2 / Google Chrome < 5.0.375.125) - Memory Corruption Mozilla Firefox - Interleaving document.write and appendChild Denial of Service Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Denial of Service Avirt Mail 4.0/4.2 - 'Mail From:' and 'Rcpt to:' Denial of Service Avirt Mail 4.0/4.2 - 'Mail From:' / 'Rcpt to:' Denial of Service BRS Webweaver 1.0 4 - POST and HEAD Denial of Service BRS Webweaver 1.0 4 - POST / HEAD Denial of Service Microsoft IIS 5.0 - WebDAV PROPFIND and SEARCH Method Denial of Service Microsoft IIS 5.0 - WebDAV PROPFIND / SEARCH Method Denial of Service Microsoft Internet Explorer 5.0.1 - Malformed IMG and XML Parsing Denial of Service Microsoft Internet Explorer 5.0.1 - Malformed .IMG / .XML Parsing Denial of Service Extended Module Player (xmp) 2.5.1 - 'oxm.c' And 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities Extended Module Player (xmp) 2.5.1 - 'oxm.c' / 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption (PoC) (MS14-035) Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free / Memory Corruption (PoC) (MS14-035) Ubisoft Ghost Recon Advanced Warfighter - Integer Overflow and Array Indexing Overflow Ubisoft Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow Adobe Photoshop CC & Bridge CC - '.iff' Parsing Memory Corruption Adobe Photoshop CC / Bridge CC - '.iff' Parsing Memory Corruption Nitro Pro 10.5.7.32 & Nitro Reader 5.5.3.1 - Heap Memory Corruption Nitro Pro 10.5.7.32 / Nitro Reader 5.5.3.1 - Heap Memory Corruption Microsoft Windows - GDI+ EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097) Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097) Google Android - 'cfp_ropp_new_key_reenc' and 'cfp_ropp_new_key' RKP Memory Corruption Google Android - 'cfp_ropp_new_key_reenc' / 'cfp_ropp_new_key' RKP Memory Corruption Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages (MS17-017) Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc / nt!ExpFindAndRemoveTagBigPages (MS17-017) Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys and tcpip.sys Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys / tcpip.sys binutils 2.29.51.20170921 - 'read_1_byte' Heap-Based Buffer Overflow BSD & Linux umount - Privilege Escalation BSD / Linux - 'umount' Privilege Escalation BSD & Linux lpr - Privilege Escalation BSD / Linux - 'lpr' Privilege Escalation DelphiTurk CodeBank 3.1 - Local 'Username' and Password Disclosure DelphiTurk CodeBank 3.1 - Local Username and Password Disclosure SystemTap 1.0/1.1 - '__get_argv()' and '__get_compat_argv()' Local Memory Corruption SystemTap 1.0/1.1 - '__get_argv()' / '__get_compat_argv()' Local Memory Corruption Filemaker Pro 13.03 & Advanced 12.04 - Login Bypass / Privilege Escalation Filemaker Pro 13.03 / Advanced 12.04 - Login Bypass / Privilege Escalation ASX to MP3 converter < 3.1.3.7 - Stack Overflow (DEP Bypass) ASX to MP3 converter < 3.1.3.7 - '.asx' Stack Overflow (DEP Bypass) ASX to MP3 3.1.3.7 - '.m3u' Buffer Overflow Microsoft Windows - WINS Vulnerability and OS/SP Scanner Microsoft Windows - WINS Vulnerability + OS/SP Scanner Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving document.write and appendChild Exploit (From the Wild) Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Exploit Mozilla Firefox - Interleaving document.write and appendChild Exploit (Metasploit) Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Exploit (Metasploit) Quest InTrust 10.4.x - ReportTree and SimpleTree Classes Quest InTrust 10.4.x - ReportTree / SimpleTree Classes SunOS 4.1.3 - LD_LIBRARY_PATH and LD_OPTIONS SunOS 4.1.3 - LD_LIBRARY_PATH / LD_OPTIONS Exploit RedHat Linux 5.1 & Caldera OpenLinux Standard 1.2 - Mountd RedHat Linux 5.1 / Caldera OpenLinux Standard 1.2 - Mountd Microsoft IIS 3.0/4.0 - Using ASP And FSO To Read Server Files Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files tcpdump 3.4 - Protocol Four and Zero Header Length tcpdump 3.4 - Protocol Four / Zero Header Length Symantec pcAnywhere 12.5.0 - Login and Password Field Buffer Overflow Symantec pcAnywhere 12.5.0 - 'Login' / 'Password' Buffer Overflow Microsoft Internet Explorer 5.0/4.0.1 - IFRAME Exploit Microsoft Internet Explorer 5.0/4.0.1 - iFrame Exploit Internet Security Systems ICECap Manager 2.0.23 - Default 'Username' and Password Internet Security Systems ICECap Manager 2.0.23 - Default Username and Password Technote 2000/2001 - 'Filename' Parameter Command Execution And File Disclosure Technote 2000/2001 - 'Filename' Parameter Command Execution and File Disclosure WFTPD 3.0 - 'RETR' and 'CWD' Buffer Overflow WFTPD 3.0 - 'RETR' / 'CWD' Buffer Overflow EFTP Server 2.0.7.337 - Directory and File Existence EFTP Server 2.0.7.337 - Directory Existence / File Existence Bajie HTTP Server 0.95 - Example Scripts And Servlets Cross-Site Scripting Bajie HTTP Server 0.95 - Example Scripts and Servlets Cross-Site Scripting InternetNow ProxyNow 2.6/2.75 - Multiple Stack and Heap Overflow Vulnerabilities InternetNow ProxyNow 2.6/2.75 - Multiple Stack / Heap Overflow Vulnerabilities Microsoft Windows XP - Help And Support Center Interface Spoofing Microsoft Windows XP - Help and Support Center Interface Spoofing BigAnt Server 2.97 - SCH And DUPF Buffer Overflow (Metasploit) BigAnt Server 2.97 - SCH / DUPF Buffer Overflow (Metasploit) Adobe Acrobat 7.0 / Adobe Reader 7.0 - File Existence and Disclosure Adobe Acrobat 7.0 / Adobe Reader 7.0 - File Existence / File Disclosure Apache 2.2.6 mod_negotiation - HTML Injection and HTTP Response Splitting Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting 3D-FTP 8.01 - 'LIST' and 'MLSD' Directory Traversal 3D-FTP 8.01 - 'LIST' / 'MLSD' Directory Traversal Apache Tomcat 7.0.4 - 'sort' and 'orderBy' Parameters Cross-Site Scripting Apache Tomcat 7.0.4 - 'sort' / 'orderBy' Cross-Site Scripting Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution / Arbitrary File Read Github Enterprise - Default Session Secret And Deserialization (Metasploit) Github Enterprise - Default Session Secret and Deserialization (Metasploit) VX Search Enterprise 10.1.12 - Buffer Overflow QUOTE&ORDERING SYSTEM 1.0 - 'ordernum' Multiple Vulnerabilities Quote&Ordering System 1.0 - 'ordernum' Multiple Vulnerabilities Joomla! Component Flash uploader 2.5.1 - Remote File Inclusion Joomla! Component Flash Uploader 2.5.1 - Remote File Inclusion FlexPHPNews 0.0.6 & PRO - Authentication Bypass FlexPHPNews 0.0.6 / PRO - Authentication Bypass click&rank - SQL Injection / Cross-Site Scripting Click&Rank - SQL Injection / Cross-Site Scripting WordPress Core & MU & Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures WordPress Core / MU / Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures PRE HOTELS&RESORTS MANAGEMENT SYSTEM - Authentication Bypass Pre Hotels&Resorts Management System - Authentication Bypass PHP-Nuke CMS - (Survey and Poll) SQL Injection PHP-Nuke CMS (Survey and Poll) - SQL Injection 60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change 'Username' and Password) 60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change Username and Password) XT-Commerce 1.0 Beta 1 - Pass / Creat and Download Backup XT-Commerce 1.0 Beta 1 - Pass / Create and Download Backup Allomani Songs & Clips Script 2.7.0 - Cross-Site Request Forgery (Add Admin) Allomani Songs & Clips 2.7.0 - Cross-Site Request Forgery (Add Admin) Sun i-Runbook 2.5.2 - Directory And File Content Disclosure Sun i-Runbook 2.5.2 - Directory and File Content Disclosure DUclassmate 1.x - account.asp MM-recordId Parameter Arbitrary Password Modification DUclassmate 1.x - 'account.asp MM-recordId' Arbitrary Password Modification DUforum 3.x - messages.asp FOR_ID Parameter SQL Injection DUforum 3.x - messageDetail.asp MSG_ID Parameter SQL Injection DUforum 3.x - 'messages.asp FOR_ID' SQL Injection DUforum 3.x - 'messageDetail.asp MSG_ID' SQL Injection SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation And Input Validation SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation / Input Validation JAF CMS 4.0.0 RC2 - 'website' and 'main_dir' Parameters Multiple Remote File Inclusion JAF CMS 4.0.0 RC2 - 'website' / 'main_dir' Multiple Remote File Inclusion WordPress Plugin WP BackupPlus - Database And Files Backup Download WordPress Plugin WP BackupPlus - Database and Files Backup Download WebsiteKit Gbplus - Name and Body Fields HTML Injection Vulnerabilities WebsiteKit Gbplus - 'Name' / 'Body' HTML Injection Gogs - (users and repos q pararm) SQL Injection Gogs - users and repos q SQL Injection WebFileExplorer 3.6 - 'user' and 'pass' SQL Injection WebFileExplorer 3.6 - 'user' / 'pass' SQL Injection Joomla! Component 'com_tree' - 'key' Parameter SQL Injection Joomla! Component com_tree - 'key' Parameter SQL Injection Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities WeBid - Multiple Cross-Site Scripting And LDAP Injection Vulnerabilities WeBid - Multiple Cross-Site Scripting / LDAP Injection Vulnerabilities Squiz CMS - Multiple Cross-Site Scripting and XML External Entity Injection Vulnerabilities Squiz CMS - Multiple Cross-Site Scripting / XML External Entity Injection Vulnerabilities TOTOLINK Routers - Backdoor and Remote Code Execution (PoC) TOTOLINK Routers - Backdoor / Remote Code Execution (PoC) up.time 7.5.0 - Arbitrary File Disclose And Delete Exploit up.time 7.5.0 - Upload And Execute File Exploit up.time 7.5.0 - Arbitrary File Disclose and Delete Exploit up.time 7.5.0 - Upload and Execute Exploit Wildfly - WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass Wildfly - 'WEB-INF' / 'META-INF' Information Disclosure via Filter Restriction Bypass WebKit - enqueuePageshowEvent and enqueuePopstateEvent Universal Cross-Site Scripting WebKit - 'enqueuePageshowEvent' / 'enqueuePopstateEvent' Universal Cross-Site Scripting WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting WebKit - 'Document::prepareForDestruction' / 'CachedFrame' Universal Cross-Site Scripting WebKit JSC - 'JSObject::putInlineSlow and JSValue::putToPrimitive' Universal Cross-Site Scripting WebKit JSC - 'JSObject::putInlineSlow' / 'JSValue::putToPrimitive' Universal Cross-Site Scripting Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution (Metasploit) Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)		2017-10-12 05:01:34 +00:00
platforms	DB: 2017-10-12	2017-10-12 05:01:34 +00:00
files.csv	DB: 2017-10-12	2017-10-12 05:01:34 +00:00
README.md	Add "--exclude" to remove values from results	2017-06-14 15:58:54 +01:00
searchsploit	Fix #101 - Git update issue & echo standard.	2017-09-18 18:22:53 +01:00

README.md

The Exploit Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

==========
 Examples
==========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446
  searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"

  For more examples, see the manual: https://www.exploit-db.com/searchsploit/

=========
 Options
=========
   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help                 Show this help screen.
   -j, --json     [Term]      Show result in JSON format.
   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
   -u, --update               Check for and install any exploitdb package updates (deb or git).
   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
       --colour               Disable colour highlighting in search results.
       --id                   Display the EDB-ID value rather than local path.
       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                                Use "-v" (verbose) to try even more combinations
       --exclude="term"       Remove values from results. By using "|" to separated you can chain multiple values.
                                e.g. --exclude="term1|term2|term3".

=======
 Notes
=======
 * You can use any number of search terms.
 * Search terms are not case-sensitive (by default), and ordering is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching using numbers - i.e. versions).
 * When updating or displaying help, search terms will be ignored.

root@kali:~#
root@kali:~# searchsploit afd windows local
---------------------------------------------------------------------------------------- -----------------------------------
 Exploit Title                                                                          |  Path
                                                                                        | (/usr/share/exploitdb/platforms/)
---------------------------------------------------------------------------------------- -----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service                         | windows/dos/17133.c
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046)                     | windows/dos/18755.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066)        | windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)                   | windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit)          | windows/local/21844.rb
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)  | win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)  | win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046)                     | win_x86/local/40564.c
---------------------------------------------------------------------------------------- -----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
    URL: https://www.exploit-db.com/exploits/39446/
   Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py

Copied EDB-ID 39446's path to the clipboard.

root@kali:~#

SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).