A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
45360ed27c
7 new exploits OpenSSL ASN.1 <= 0.9.6j / 0.9.7b - Brute Forcer for Parsing Bugs OpenSSL ASN.1 < 0.9.6j / 0.9.7b - Brute Forcer for Parsing Bugs Inframail Advantage Server Edition 6.0 <= 6.37 - (SMTP) Buffer Overflow Inframail Advantage Server Edition 6.0 <= 6.37 - (FTP) Buffer Overflow Inframail Advantage Server Edition 6.0 < 6.37 - (SMTP) Buffer Overflow Inframail Advantage Server Edition 6.0 < 6.37 - (FTP) Buffer Overflow Blitzkrieg 2 <= 1.21 - (server/client) Denial of Service Blitzkrieg 2 < 1.21 - (Server/Client) Denial of Service Microsoft Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) (1) Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow PoC (MS06-005) (1) DESlock+ <= 3.2.6 - 'DLMFENC.sys' Local Kernel Ring0 link list zero (PoC) DESlock+ < 3.2.6 - 'DLMFENC.sys' Local Kernel Ring0 link list zero (PoC) DESlock+ <= 3.2.7 - Local Kernel Overflow (PoC) DESlock+ <= 3.2.7 - Local Kernel Race Condition Denial of Service (PoC) DESlock+ <= 3.2.7 - (probe read) Local Kernel Denial of Service (PoC) DESlock+ < 3.2.7 - Local Kernel Overflow (PoC) DESlock+ < 3.2.7 - Local Kernel Race Condition Denial of Service (PoC) DESlock+ < 3.2.7 - (probe read) Local Kernel Denial of Service (PoC) ViPlay3 <= 3.00 - '.vpl' Local Stack Overflow (PoC) ViPlay3 < 3.00 - '.vpl' Local Stack Overflow (PoC) Microsoft Windows 2000<2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065) (Metasploit) Microsoft Windows 2000 < 2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065) (Metasploit) Adobe Flash - No Checks on Vector.<uint> Capacity Field Adobe Flash - 'uint' Capacity Field Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Privilege Escalation (1) Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Privilege Escalation (2) Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Privilege Escalation (3) Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Privilege Escalation (4) Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Privilege Escalation (1) Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Privilege Escalation (2) Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Privilege Escalation (3) Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Privilege Escalation (4) Linux Kernel 2.6.13 <= 2.6.17.4 - 'logrotate prctl()' Privilege Escalation Linux Kernel 2.6.13 < 2.6.17.4 - 'logrotate prctl()' Privilege Escalation X11R6 <= 6.4 XKEYBOARD (solaris/sparc) - Local Buffer Overflow (1) X11R6 <= 6.4 XKEYBOARD (solaris x86) - Local Buffer Overflow X11R6 <= 6.4 XKEYBOARD (sco x86) - Local Buffer Overflow X11R6 < 6.4 XKEYBOARD (solaris/sparc) - Local Buffer Overflow (1) X11R6 < 6.4 XKEYBOARD (solaris x86) - Local Buffer Overflow X11R6 < 6.4 XKEYBOARD (sco x86) - Local Buffer Overflow X11R6 <= 6.4 XKEYBOARD (solaris/sparc) - Local Buffer Overflow (2) X11R6 < 6.4 XKEYBOARD (solaris/sparc) - Local Buffer Overflow (2) AtomixMP3 <= 2.3 - '.m3u' Buffer Overflow AtomixMP3 < 2.3 - '.m3u' Buffer Overflow Linux Kernel 2.6.17 <= 2.6.24.1 - 'vmsplice' Privilege Escalation (2) Linux Kernel 2.6.23 <= 2.6.24 - 'vmsplice' Privilege Escalation (1) Linux Kernel 2.6.17 < 2.6.24.1 - 'vmsplice' Privilege Escalation (2) Linux Kernel 2.6.23 < 2.6.24 - 'vmsplice' Privilege Escalation (1) DESlock+ <= 3.2.6 - 'LIST' Local Kernel Memory Leak (PoC) DESlock+ <= 3.2.6 - Local Kernel Ring0 link list zero SYSTEM Exploit DESlock+ <= 3.2.6 - 'DLMFDISK.sy's Local kernel Ring0 SYSTEM Exploit DESlock+ < 3.2.6 - 'LIST' Local Kernel Memory Leak (PoC) DESlock+ < 3.2.6 - Local Kernel Ring0 link list zero SYSTEM Exploit DESlock+ < 3.2.6 - 'DLMFDISK.sy's Local kernel Ring0 SYSTEM Exploit AtomixMP3 <= 2.3 - 'Playlist' Universal Overwrite (SEH) AtomixMP3 < 2.3 - 'Playlist' Universal Overwrite (SEH) Linux Kernel 2.6.18 <= 2.6.18-20 - Privilege Escalation Linux Kernel 2.6.18 < 2.6.18-20 - Privilege Escalation Winamp 5.05<5.13 - '.ini' Local Stack Buffer Overflow (PoC) Winamp 5.05 < 5.13 - '.ini' Local Stack Buffer Overflow (PoC) AhnLab V3 Internet Security 8.0 <= 1.2.0.4 - Privilege Escalation NProtect Anti-Virus 2007 <= 2010.5.11.1 - Privilege Escalation ESTsoft ALYac Anti-Virus 1.5 <= 5.0.1.2 - Privilege Escalation ViRobot Desktop 5.5 and Server 3.5 <= 2008.8.1.1 - Privilege Escalation AhnLab V3 Internet Security 8.0 < 1.2.0.4 - Privilege Escalation NProtect Anti-Virus 2007 < 2010.5.11.1 - Privilege Escalation ESTsoft ALYac Anti-Virus 1.5 < 5.0.1.2 - Privilege Escalation ViRobot Desktop 5.5 and Server 3.5 < 2008.8.1.1 - Privilege Escalation DESlock+ <= 4.1.10 - 'vdlptokn.sys' Local Kernel Ring0 SYSTEM Exploit DESlock+ < 4.1.10 - 'vdlptokn.sys' Local Kernel Ring0 SYSTEM Exploit PolicyKit polkit-1 <= 0.101 - Linux Privilege Escalation PolicyKit polkit-1 < 0.101 - Linux Privilege Escalation Linux Kernel 2.6.39 <= 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper.c' Privilege Escalation (1) Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper.c' Privilege Escalation (1) Linux Kernel 2.4.4 <= 2.4.37.4 / 2.6.0 <= 2.6.30.4 - 'Sendpage' Privilege Escalation (Metasploit) Linux Kernel 2.4.4 < 2.4.37.4 / 2.6.0 < 2.6.30.4 - 'Sendpage' Privilege Escalation (Metasploit) Linux Kernel 2.6.32 <= 3.x.x (CentOS) - 'PERF_EVENTS' Privilege Escalation (1) Linux Kernel 2.6.32 < 3.x.x (CentOS) - 'PERF_EVENTS' Privilege Escalation (1) Linux Kernel 2.6.0 <= 2.6.31 - 'pipe.c' Privilege Escalation (1) Linux Kernel 2.6.0 < 2.6.31 - 'pipe.c' Privilege Escalation (1) Linux Kernel 3.14-rc1 <= 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Privilege Escalation Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Privilege Escalation Linux Kernel 2.6.39 <= 3.2.2 (x86/x64) - 'Mempodipper.c' Privilege Escalation (2) Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper.c' Privilege Escalation (2) OSSEC 2.7 <= 2.8.1 - 'diff' Command Privilege Escalation OSSEC 2.7 < 2.8.1 - 'diff' Command Privilege Escalation GNU Screen 4.5.0 - Privilege Escalation (PoC) GNU Screen 4.5.0 - Privilege Escalation Man-db 2.6.7.1 - Privilege Escalation (PoC) e107 <= 0.6172 - 'resetcore.php' SQL Injection e107 < 0.6172 - 'resetcore.php' SQL Injection Microsoft Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) (2) Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow PoC (MS06-005) (2) Mercur Messaging 2005 <= SP4 - IMAP Remote Exploit (Egghunter) Mercur Messaging 2005 < SP4 - IMAP Remote Exploit (Egghunter) Mercury/32 Mail Server 3.32<4.51 - SMTP Unauthenticated EIP Overwrite Mercury/32 Mail Server 3.32 < 4.51 - SMTP Unauthenticated EIP Overwrite Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Dovecot IMAP 1.0.10 < 1.1rc2 - Remote Email Disclosure Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Perl) Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Ruby) Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Perl) Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Ruby) Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Python) Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Python) navicopa WebServer 3.0.1 - Buffer Overflow / Script Source Disclosure Navicopa WebServer 3.0.1 - Buffer Overflow / Script Source Disclosure NaviCopa Web Server 3.01 - Remote Buffer Overflow NaviCopa WebServer 3.01 - Remote Buffer Overflow Oracle Database 10.1.0.5 <= 10.2.0.4 - AUTH_SESSKEY Length Validation Remote Buffer Overflow Oracle Database 10.1.0.5 < 10.2.0.4 - AUTH_SESSKEY Length Validation Remote Buffer Overflow Liquid XML Studio 2010 <= 8.061970 - 'LtXmlComHelp8.dll' OpenFile() Remote Overflow Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll' OpenFile() Remote Overflow TFTPD32 <= 2.21 - Long Filename Buffer Overflow (Metasploit) TFTPD32 < 2.21 - Long Filename Buffer Overflow (Metasploit) Mercury/32 <= 4.01b - PH Server Module Buffer Overflow (Metasploit) Mercury/32 < 4.01b - PH Server Module Buffer Overflow (Metasploit) Mercury/32 Mail Server <= 4.01b - LOGIN Buffer Overflow (Metasploit) Mercury/32 Mail Server < 4.01b - LOGIN Buffer Overflow (Metasploit) Exim4 <= 4.69 - string_format Function Heap Buffer Overflow (Metasploit) Exim4 < 4.69 - string_format Function Heap Buffer Overflow (Metasploit) Mozilla Firefox 7 / 8 <= 8.0.1 - nsSVGValue Out-of-Bounds Access (Metasploit) Mozilla Firefox 7 / 8 < 8.0.1 - nsSVGValue Out-of-Bounds Access (Metasploit) Active Collab 'chat module' <= 2.3.8 - Remote PHP Code Injection (Metasploit) Active Collab 'chat module' < 2.3.8 - Remote PHP Code Injection (Metasploit) Apache Struts 2.0.0 <= 2.2.1.1 - XWork 's:submit' HTML Tag Cross-Site Scripting Apache Struts 2.0.0 < 2.2.1.1 - XWork 's:submit' HTML Tag Cross-Site Scripting ntop/nbox 2.3 <= 2.5 - Multiple Vulnerabilities ntop/nbox 2.3 < 2.5 - Multiple Vulnerabilities Google Android 5.0 <= 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit) Google Android 5.0 < 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit) Mozilla Firefox < 50.0.2 - nsSMILTimeContainer::NotifyTimeChange() Remote Code Execution (Metasploit) Mozilla Firefox < 50.0.2 - 'nsSMILTimeContainer::NotifyTimeChange()' Remote Code Execution (Metasploit) Geutebrueck GCore 1.3.8.42/1.4.2.37 - Remote Code Execution (Metasploit) Drupal 4.5.3 <= 4.6.1 - Comments PHP Injection Drupal 4.5.3 < 4.6.1 - Comments PHP Injection FCKEditor 2.0 <= 2.2 - 'FileManager connector.php' Arbitrary File Upload FCKEditor 2.0 < 2.2 - 'FileManager connector.php' Arbitrary File Upload RechnungsZentrale V2 <= 1.1.3 - Remote File Inclusion RechnungsZentrale V2 < 1.1.3 - Remote File Inclusion RsGallery2 <= 1.11.2 - 'rsgallery.html.php' File Inclusion RsGallery2 < 1.11.2 - 'rsgallery.html.php' File Inclusion Invision Power Board 2.1 <= 2.1.6 - SQL Injection (1) Invision Power Board 2.1 < 2.1.6 - SQL Injection (1) Invision Power Board 2.1 <= 2.1.6 - SQL Injection (2) Invision Power Board 2.1 < 2.1.6 - SQL Injection (2) vbPortal 3.0.2 <= 3.6.0 b1 - 'cookie' Remote Code Execution vbPortal 3.0.2 < 3.6.0 b1 - 'cookie' Remote Code Execution Wikepage Opus 10 <= 2006.2a (lng) - Remote Command Execution Wikepage Opus 10 < 2006.2a (lng) - Remote Command Execution e107 <= 0.75 - (GLOBALS Overwrite) Remote Code Execution e107 < 0.75 - (GLOBALS Overwrite) Remote Code Execution Haberx 1.02 <= 1.1 - (tr) SQL Injection Haberx 1.02 < 1.1 - (tr) SQL Injection PNphpBB2 <= 1.2g - 'phpbb_root_path' Parameter Remote File Inclusion PNPHPBB2 < 1.2g - 'phpbb_root_path' Parameter Remote File Inclusion exV2 <= 2.0.4.3 - (sort) SQL Injection exV2 < 2.0.4.3 - (sort) SQL Injection exV2 <= 2.0.4.3 - extract() Remote Command Execution exV2 < 2.0.4.3 - extract() Remote Command Execution Kietu? <= 4.0.0b2 - 'hit.php' Remote File Inclusion Kietu? < 4.0.0b2 - 'hit.php' Remote File Inclusion Forum82 <= 2.5.2b - (repertorylevel) Multiple File Inclusion Forum82 < 2.5.2b - (repertorylevel) Multiple File Inclusion e107 <= 0.75 - (e107language_e107cookie) Local File Inclusion e107 < 0.75 - (e107language_e107cookie) Local File Inclusion Mambo Component com_flyspray <= 1.0.1 - Remote File Disclosure Mambo Component com_flyspray < 1.0.1 - Remote File Disclosure PNPHPBB2 <= 1.2 - 'index.php' SQL Injection PNPHPBB2 < 1.2 - 'index.php' SQL Injection e107 <= 0.7.8 - (photograph) Arbitrary File Upload e107 < 0.7.8 - (photograph) Arbitrary File Upload EVA-Web 1.1 <= 2.2 - 'index.php3' Remote File Inclusion EVA-Web 1.1 < 2.2 - 'index.php3' Remote File Inclusion PNPHPBB2 <= 1.2i - 'viewforum.php' SQL Injection PNPHPBB2 < 1.2i - 'viewforum.php' SQL Injection WordPress 1.5.1.1 <= 2.2.2 - Multiple Vulnerabilities WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities PNPHPBB2 <= 1.2i - 'PHPEx' Parameter Local File Inclusion PNPHPBB2 < 1.2i - 'PHPEx' Parameter Local File Inclusion zKup CMS 2.0 <= 2.3 - Remote Add Admin zKup CMS 2.0 <= 2.3 - Arbitrary File Upload zKup CMS 2.0 < 2.3 - Remote Add Admin zKup CMS 2.0 < 2.3 - Arbitrary File Upload GLLCTS2 <= 4.2.4 - 'detail' Parameter SQL Injection GLLCTS2 < 4.2.4 - 'detail' Parameter SQL Injection PHPHoo3 <= 5.2.6 - 'viewCat' Parameter SQL Injection PHPHoo3 < 5.2.6 - 'viewCat' Parameter SQL Injection E-Store Kit-1 <= 2 PayPal Edition - 'pid' Parameter SQL Injection E-Store Kit-1 < 2 PayPal Edition - 'pid' Parameter SQL Injection e107 <= 0.7.11 - Arbitrary Variable Overwriting e107 < 0.7.11 - Arbitrary Variable Overwriting e107 <= 0.7.13 - 'usersettings.php' Blind SQL Injection e107 < 0.7.13 - 'usersettings.php' Blind SQL Injection VideoScript 3.0 <= 4.0.1.50 - Official Shell Injection VideoScript 3.0 <= 4.1.5.55 - Unofficial Shell Injection VideoScript 3.0 < 4.0.1.50 - Official Shell Injection VideoScript 3.0 < 4.1.5.55 - Unofficial Shell Injection IPNPro3 <= 1.44 - Admin Password Changing Exploit IPNPro3 < 1.44 - Admin Password Changing Exploit PNphpBB2 <= 1.2i - (ModName) Multiple Local File Inclusion PNPHPBB2 < 1.2i - (ModName) Multiple Local File Inclusion WEBalbum 2.4b - 'photo.php id' Blind SQL Injection WEBalbum 2.4b - 'id' Parameter Blind SQL Injection e107 <= 0.7.15 - (extended_user_fields) Blind SQL Injection e107 < 0.7.15 - (extended_user_fields) Blind SQL Injection Alqatari group 1.0 <= 5.0 - 'id' SQL Injection AlefMentor 2.0 <= 5.0 - 'id' SQL Injection Alqatari group 1.0 < 5.0 - 'id' SQL Injection AlefMentor 2.0 < 5.0 - 'id' SQL Injection 2DayBiz Matrimonial Script - smartresult.php SQL Injection 2DayBiz Matrimonial Script - 'smartresult.php' SQL Injection fozzcom shopping<= 7.94+8.04 - Multiple Vulnerabilities Fozzcom Shopping < 7.94 / < 8.04 - Multiple Vulnerabilities Jcow Social Networking Script 4.2 <= 5.2 - Arbitrary Code Execution (Metasploit) Jcow Social Networking Script 4.2 < 5.2 - Arbitrary Code Execution (Metasploit) Concrete5 <= 5.4.2.1 - Multiple Vulnerabilities Concrete5 < 5.4.2.1 - Multiple Vulnerabilities CaupoShop Pro (2.x / <= 3.70) Classic 3.01 - Local File Inclusion CaupoShop Pro (2.x < 3.70) Classic 3.01 - Local File Inclusion Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities Apache Struts2 < 2.3.1 - Multiple Vulnerabilities Ruslan Communications <Body>Builder - SQL Injection Ruslan Communications <Body>Builder - Authentication Bypass AllMyVisitors 0.x - info.inc.php Arbitrary Code Execution AllMyLinks 0.x - footer.inc.php Arbitrary Code Execution AllMyVisitors 0.x - 'info.inc.php' Arbitrary Code Execution AllMyLinks 0.x - 'footer.inc.php' Arbitrary Code Execution MyBB - 'editpost.php posthash' SQL Injection MyBB 1.6.9 - 'editpost.php posthash' Time Based SQL Injection CoolForum 0.5/0.7/0.8 - register.php login Parameter SQL Injection CoolForum 0.5/0.7/0.8 - 'register.php' login Parameter SQL Injection MyBB - Multiple Cross-Site Scripting / SQL Injection MyBulletinBoard (MyBB) RC4 - Multiple Cross-Site Scripting / SQL Injection 4homepages 4Images 1.7 - member.php Cross-Site Scripting 4homepages 4Images 1.7 - 'member.php' Cross-Site Scripting 4Images 1.7.1 - member.php sessionid Parameter SQL Injection 4Images 1.7.1 - 'member.php' sessionid Parameter SQL Injection Alex DownloadEngine 1.4.1 - comments.php SQL Injection Alex DownloadEngine 1.4.1 - 'comments.php' SQL Injection Album Photo Sans Nom 1.6 - Getimg.php Remote File Inclusion Album Photo Sans Nom 1.6 - 'Getimg.php' Remote File Inclusion 4Images 1.7 - details.php Cross-Site Scripting 4Images 1.7 - 'details.php' Cross-Site Scripting 212Cafe Guestbook 4.00 - show.php Cross-Site Scripting 212Cafe Guestbook 4.00 - 'show.php' Cross-Site Scripting 2z Project 0.9.5 - rating.php Cross-Site Scripting 2z Project 0.9.5 - 'rating.php' Cross-Site Scripting Openads (PHPAdsNew) <=c 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion 212Cafe WebBoard 6.30 - Read.php SQL Injection 212Cafe WebBoard 6.30 - 'Read.php' SQL Injection PHP-Nuke Advertising Module 0.9 - modules.php SQL Injection PHP-Nuke Advertising Module 0.9 - 'modules.php' SQL Injection Drupal 7.0 <= 7.31 - SQL Injection (SA-CORE-2014-005) (1) Drupal 7.0 < 7.31 - SQL Injection (SA-CORE-2014-005) (1) Drupal 7.0 <= 7.31 - SQL Injection (SA-CORE-2014-005) (2) Drupal 7.0 < 7.31 - SQL Injection (SA-CORE-2014-005) (2) ManageEngine ServiceDesk Plus 9.0 (< Build 9031) - User Privileges Management ManageEngine ServiceDesk Plus 9.0 < Build 9031 - User Privileges Management Joomla! - 'redirect.php' SQL Injection Joomla! 2.5.1 - 'redirect.php' Time Based SQL Injection Plone - 'in_portal.py' <= 4.1.3 Session Hijacking Plone - 'in_portal.py' < 4.1.3 Session Hijacking Kaltura Community Edition <= 11.1.0-2 - Multiple Vulnerabilities Kaltura Community Edition < 11.1.0-2 - Multiple Vulnerabilities Skybox Platform <= 7.0.611 - Multiple Vulnerabilities Skybox Platform < 7.0.611 - Multiple Vulnerabilities SOLIDserver <= 5.0.4 - Local File Inclusion SOLIDserver < 5.0.4 - Local File Inclusion WordPress Plugin DZS Videogallery <= 8.60 - Multiple Vulnerabilities WordPress Plugin DZS Videogallery < 8.60 - Multiple Vulnerabilities Movie Portal Script 7.36 - Multiple Vulnerabilities Joomla! < 2.5.2 - Admin Creation Joomla! < 3.6.4 - Admin TakeOver |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | ./windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | ./windows/local/40564.c
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).