A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
4e334a292d
2 new exploits Microsoft Windows XP/2003 - Samba Share Resource Exhaustion Exploit Microsoft Windows XP/2003 - Samba Share Resource Exhaustion (Denial of Service) Multiple vendors - ZOO file Decompression Infinite Loop Denial of Service (PoC) ZOO - .ZOO File Decompression Infinite Loop Denial of Service (PoC) WzdFTPD 0.8.0 - (USER) Remote Denial of Service WzdFTPD 0.8.0 - 'USER' Remote Denial of Service Multiple Vendors - 'libc:fts_*()' Local Denial of Service Libc - 'libc:fts_*()' Local Denial of Service Asterisk IAX2 - Resource Exhaustion via Attacked IAX Fuzzer Asterisk IAX2 - Attacked IAX Fuzzer Resource Exhaustion (Denial of Service) Multiple Web Browsers - Denial of Service Multiple Browsers - Denial of Service Multiple browsers - 'history.go()' Denial of Service Multiple browsers - 'window.print()' Denial of Service Multiple Browsers - 'history.go()' Denial of Service Multiple Browsers - 'window.print()' Denial of Service Multiple Vendors libc/glob(3) - Resource Exhaustion / Remote ftpd-anon libc/glob(3) - Resource Exhaustion / Remote ftpd-anonymous (Denial of Service) Check Point Software Firewall-1 4.0/1.4.1 - Resource Exhaustion (Denial of Service) Linux Kernel 2.4.18/2.4.19 - Privileged File Descriptor Resource Exhaustion Linux Kernel 2.4.18/2.4.19 - Privileged File Descriptor Resource Exhaustion (Denial of Service) EType EServ 2.98/2.99/3.0 - Resource Exhaustion Denial of Service (1) EType EServ 2.98/2.99/3.0 - Resource Exhaustion Denial of Service (2) EType EServ 2.98/2.99/3.0 - Resource Exhaustion (Denial of Service) (1) EType EServ 2.98/2.99/3.0 - Resource Exhaustion (Denial of Service) (2) Desktop Orbiter 2.0 1 - Resource Exhaustion Denial of Service Desktop Orbiter 2.0 1 - Resource Exhaustion (Denial of Service) ACLogic CesarFTP 0.99 - Remote Resource Exhaustion (Denial of Service) Oracle 9.0 iSQL*Plus TLS Listener - Remote Denial of Service Oracle 9.0 iSQL*Plus - TLS Listener Remote Denial of Service Multiple Linksys Routers - LanD Packet Denial of Service Linksys Routers - LanD Packet Denial of Service Multiple Mozilla Products - IFRAME JavaScript Execution Vulnerabilities Multiple Mozilla Products - iFrame JavaScript Execution Vulnerabilities Multiple D-Link Routers - UPNP Buffer Overflow D-Link Routers - UPNP Buffer Overflow Multiple Vendors - Zoo Compression Algorithm Remote Denial of Service Zoo 2.10 - .ZOO Compression Algorithm Remote Denial of Service Multiple BSD Platforms - 'strfmon()' Function Integer Overflow Multiple BSD Distributions - 'strfmon()' Function Integer Overflow Multiple Vendors Unspecified SVG File Processing - Denial of Service Firefox / Evince / EoG / GIMP - '.SVG' File Processing Denial of Service Wireshark 1.2.1 - OpcUa Dissector Unspecified Resource Exhaustion Denial of Service Wireshark 1.2.1 - OpcUa Dissector Unspecified Resource Exhaustion (Denial of Service) VMware Player and Workstation 6.5.3 - 'VMware-authd' Remote Denial of Service VMware Player / VMware Workstation 6.5.3 - 'VMware-authd' Remote Denial of Service Multiple Vendors - libc 'regcomp()' Stack Exhaustion Denial of Service Libc - 'regcomp()' Stack Exhaustion Denial of Service Multiple Aztech Routers - '/cgi-bin/AZ_Retrain.cgi' Denial of Service Aztech Routers - '/cgi-bin/AZ_Retrain.cgi' Denial of Service Multiple BSD Operating Systems - 'setusercontext()' Vulnerabilities Multiple BSD Distributions - 'setusercontext()' Vulnerabilities Multiple Cisco Products - Cisco Global Exploiter Tool Cisco - Cisco Global Exploiter Tool Multiple (Almost all) Browsers - Tabbed Browsing Vulnerabilities Multiple Browsers - Tabbed Browsing Vulnerabilities Skype extension for Firefox Beta 2.2.0.95 - Clipboard Writing Skype Extension for Firefox Beta 2.2.0.95 - Clipboard Writing Multiple D-Link Products - Captcha Bypass D-Link - Captcha Bypass Multiple Web Browser (FF3.6.7/SM 2.0.6) - Clickjacking Multiple Browser (FF3.6.7/SM 2.0.6) - Clickjacking Check Point Software Firewall-1 4.0/1.4.1 - Resource Exhaustion hassan Consulting shopping cart 1.18 - Directory Traversal Hassan Consulting Shopping Cart 1.18 - Directory Traversal Adobe SVG Viewer 3.0 - postURL/getURL Restriction Bypass Adobe SVG Viewer 3.0 - 'postURL'/'getURL' Restriction Bypass ACLogic CesarFTP 0.99 - Remote Resource Exhaustion Multiple Linksys Devices - DHCP Information Disclosure Linksys - DHCP Information Disclosure Oracle HTML DB 1.5/1.6 - wwv_flow.accept p_t02 Parameter Cross-Site Scripting Oracle HTML DB 1.5/1.6 - 'wwv_flow.accept' 'p_t02' Parameter Cross-Site Scripting Oracle HTML DB 1.5/1.6 - f p Parameter Cross-Site Scripting Oracle HTML DB 1.5/1.6 - 'f?p=' Parameter Cross-Site Scripting Multiple Cisco Products - WebSense Content Filtering Bypass Cisco - WebSense Content Filtering Bypass Multiple Vendors - RAR Handling Remote Null Pointer Dereference ClamAV / UnRAR - .RAR Handling Remote Null Pointer Dereference Multiple Cisco Products - 'file' Parameter Directory Traversal Cisco - 'file' Parameter Directory Traversal Multiple D-Link DCS Products - 'security.cgi' Cross-Site Request Forgery D-Link DCS - 'security.cgi' Cross-Site Request Forgery Multiple Vendors - 'RuntimeDiagnosticPing()' Stack Buffer Overflow D-Link / PLANEX COMMUNICATIONS - 'RuntimeDiagnosticPing()' Stack Buffer Overflow Multiple Aztech Modem Routers - Session Hijacking Aztech Modem Routers - Session Hijacking Mambo Component Security Images 3.0.5 - Inclusion Mambo Component Security Images 3.0.5 - Remote File Inclusion Joomla! Component com_bayesiannaivefilter 1.1 - Inclusion Joomla! Component com_bayesiannaivefilter 1.1 - Remote File Inclusion Mambo Component 'com_phpshop' 1.2 RC2b - File Inclusion Mambo Component 'com_a6mambocredits' 1.0.0 - File Inclusion Mambo Component 'com_phpshop' 1.2 RC2b - Remote File Inclusion Mambo Component 'com_a6mambocredits' 1.0.0 - Remote File Inclusion Mambo Component bigAPE-Backup 1.1 - File Inclusion NES Game and NES System c108122 - File Inclusion Mambo Component bigAPE-Backup 1.1 - Remote File Inclusion NES Game and NES System c108122 - Remote File Inclusion Mambo Component com_serverstat 0.4.4 - File Inclusion Mambo Component com_serverstat 0.4.4 - Remote File Inclusion Wili-CMS 0.1.1 - File Inclusion / Cross-Site Scripting / Full Path Disclosure Wili-CMS 0.1.1 - Remote File Inclusion / Cross-Site Scripting / Full Path Disclosure phpBB Admin Topic Action Logging Mod 0.94b - File Inclusion phpBB Admin Topic Action Logging Mod 0.94b - Remote File Inclusion phpBB User Viewed Posts Tracker 1.0 - File Inclusion phpBB User Viewed Posts Tracker 1.0 - Remote File Inclusion phpBB Random User Registration Number 1.0 Mod - Inclusion phpBB Random User Registration Number 1.0 Mod - Remote File Inclusion Softerra PHP Developer Library 1.5.3 - File Inclusion Softerra PHP Developer Library 1.5.3 - Remote File Inclusion phpBB ACP User Registration Mod 1.0 - File Inclusion phpBB ACP User Registration Mod 1.0 - Remote File Inclusion Electronic Engineering Tool (EE TOOL) 0.4.1 - File Inclusion Electronic Engineering Tool (EE TOOL) 0.4.1 - Remote File Inclusion phpBB Spider Friendly Module 1.3.10 - File Inclusion phpBB Spider Friendly Module 1.3.10 - Remote File Inclusion Tucows Client Code Suite (CSS) 1.2.1015 - File Inclusion Tucows Client Code Suite (CSS) 1.2.1015 - Remote File Inclusion pre Multiple Vendors shopping malls - Multiple Vulnerabilities PreProject Multi-Vendor Shopping Malls - Multiple Vulnerabilities Easy Px 41 CMS 09.00.00B1 - (fiche) Local File Inclusion Easy Px 41 CMS 09.00.00B1 - 'fiche' Local File Inclusion Joomla! Component Book Library 1.0 - File Inclusion Joomla! Component Book Library 1.0 - Remote File Inclusion Community Translate - File Inclusion Community Translate - Remote File Inclusion EZsneezyCal CMS 95.1-95.2 - File Inclusion EZRecipeZee CMS 91 - File Inclusion EZsneezyCal CMS 95.1-95.2 - Remote File Inclusion EZRecipeZee CMS 91 - Remote File Inclusion AIOCP 1.4.001 - File Inclusion AIOCP 1.4.001 - Remote File Inclusion Gbook MX 4.1.0 (Arabic Version) - File Inclusion Gbook MX 4.1.0 (Arabic Version) - Remote File Inclusion Multiple D-Link Routers - Authentication Bypass D-Link Routers - Authentication Bypass (2) 29o3 CMS - (LibDir) Multiple Remote File Inclusion 29o3 CMS - 'LibDir' Multiple Remote File Inclusion MyNews 1.0 CMS - SQL Injection / Local File Inclusion / Cross-Site Scripting MyNews CMS 1.0 - SQL Injection / Local File Inclusion / Cross-Site Scripting Pre Multiple Vendors Shopping Malls - SQL Injection PreProject Multi-Vendor Shopping Malls - SQL Injection Pre Multiple Vendors Shopping Malls - 'products.php?sid' SQL Injection PreProject Multi-Vendor Shopping Malls - 'products.php?sid' SQL Injection Pre Multiple Vendors Shopping Malls - SQL Injection / Authentication Bypass PreProject Multi-Vendor Shopping Malls - SQL Injection / Authentication Bypass Multiple D-Link Routers (Multiple Models) - Authentication Bypass D-Link Routers - Authentication Bypass (1) Multiple Linksys Routers - Cross-Site Request Forgery Linksys Routers - Cross-Site Request Forgery Joomla! Component 'Scriptegrator' 1.5 - File Inclusion Joomla! Component 'Scriptegrator' 1.5 - Local File Inclusion BbZL.php - File Inclusion BbZL.php - Remote File Inclusion FCMS 2.7.2 CMS - Multiple Cross-Site Request Forgery Vulnerabilities FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities Cyberoam Central Console 2.00.2 - File Inclusion Cyberoam Central Console 2.00.2 - Remote File Inclusion Dolibarr ERP & CRM 3 - Authenticated OS Command Injection (Metasploit) Dolibarr ERP & CRM - OS Command Injection Dolibarr ERP/CRM 3 - Authenticated OS Command Injection (Metasploit) Dolibarr ERP/CRM - OS Command Injection VamCart 0.9 CMS - Multiple Vulnerabilities PBBoard 2.1.4 CMS - Multiple Vulnerabilities VamCart CMS 0.9 - Multiple Vulnerabilities PBBoard CMS 2.1.4 - Multiple Vulnerabilities Flynax General Classifieds 4.0 CMS - Multiple Vulnerabilities Flynax General Classifieds CMS 4.0 - Multiple Vulnerabilities PG Dating Pro 1.0 CMS - Multiple Vulnerabilities PG Dating Pro CMS 1.0 - Multiple Vulnerabilities Artmedic Webdesign Kleinanzeigen Script - File Inclusion Artmedic Webdesign Kleinanzeigen Script - Remote File Inclusion Multiple D-Link Devices - Multiple Vulnerabilities D-Link - Multiple Vulnerabilities Utopia News Pro 1.1.3 - header.php sitetitle Parameter Cross-Site Scripting Utopia News Pro 1.1.3 - 'header.php' 'sitetitle' Parameter Cross-Site Scripting Utopia News Pro 1.1.3 - footer.php Multiple Parameter Cross-Site Scripting Utopia News Pro 1.1.3 - 'footer.php' Multiple Parameter Cross-Site Scripting Multiple D-Link Devices - OS-Command Injection via UPnP Interface D-Link - OS-Command Injection via UPnP Interface WordPress Plugin Spicy Blogroll - File Inclusion WordPress Plugin Spicy Blogroll - Local File Inclusion OliveOffice Mobile Suite 2.0.3 iOS - File Inclusion OliveOffice Mobile Suite 2.0.3 iOS - Local File Inclusion ActiveWeb Contentserver 5.6.2929 CMS - Client-Side Filtering Bypass ActiveWeb Contentserver CMS 5.6.2929 - Client-Side Filtering Bypass Piwigo 2.5.3 CMS - Multiple Web Vulnerabilities Piwigo CMS 2.5.3 - Multiple Web Vulnerabilities Office Assistant Pro 2.2.2 iOS - File Inclusion Office Assistant Pro 2.2.2 iOS - Local File Inclusion WiFiles HD 1.3 iOS - File Inclusion WiFiles HD 1.3 iOS - Locla File Inclusion PDF Album 1.7 iOS - File Inclusion PDF Album 1.7 iOS - Local File Inclusion Multiple D-Link Routers - Multiple Vulnerabilities D-Link Routers - Multiple Vulnerabilities Multiple Consona Products - 'n6plugindestructor.asp' Cross-Site Scripting Consona - 'n6plugindestructor.asp' Cross-Site Scripting Photo Org WonderApplications 8.3 iOS - File Inclusion Photo Org WonderApplications 8.3 iOS - Local File Inclusion Pre Projects Multiple Vendors Shopping Malls - 'products.php' SQL Injection PreProject Multi-Vendor Shopping Malls - 'products.php' SQL Injection PhotoSync Wifi & Bluetooth 1.0 - File Inclusion PhotoSync Wifi & Bluetooth 1.0 - Local File Inclusion Photorange 1.0 iOS - File Inclusion Photorange 1.0 iOS - Local File Inclusion GS Foto Uebertraeger 3.0 iOS - File Inclusion GS Foto Uebertraeger 3.0 iOS - Local File Inclusion iFunBox Free 1.1 iOS - File Inclusion iFunBox Free 1.1 iOS - Local File Inclusion Pimcore 2.3.0/3.0 CMS - SQL Injection Pimcore CMS 2.3.0/3.0 - SQL Injection Dolibarr 3.0 - Local File Inclusion / Cross-Site Scripting Dolibarr CMS 3.0 - Local File Inclusion / Cross-Site Scripting Dolibarr 3.1 ERP/CRM - Multiple Script URI Cross-Site Scripting Dolibarr ERP/CRM 3.1 - Multiple Script URI Cross-Site Scripting Dolibarr 3.x - 'adherents/fiche.php' SQL Injection Dolibarr CMS 3.x - 'adherents/fiche.php' SQL Injection 11in1 CMS 1.2.1 - 'index.php' class Parameter Traversal Local File Inclusion 11in1 CMS 1.2.1 - admin/index.php class Parameter Traversal Local File Inclusion 11in1 CMS 1.2.1 - 'index.php' 'class' Parameter Traversal Local File Inclusion 11in1 CMS 1.2.1 - 'admin/index.php' 'class' Parameter Traversal Local File Inclusion Wifi Drive Pro 1.2 iOS - File Inclusion Photo Manager Pro 4.4.0 iOS - File Inclusion Mobile Drive HD 1.8 - File Inclusion Web Wifi Drive Pro 1.2 iOS - Local File Inclusion Photo Manager Pro 4.4.0 iOS - Local File Inclusion Mobile Drive HD 1.8 - Local File Inclusion Dolibarr 3.2 Alpha - Multiple Directory Traversal Vulnerabilities Dolibarr CMS 3.2 Alpha - Multiple Directory Traversal Vulnerabilities 11in1 CMS 1.2.1 - admin/comments topicID Parameter SQL Injection 11in1 CMS 1.2.1 - admin/tps id Parameter SQL Injection 11in1 CMS 1.2.1 - 'admin/comments' 'topicID' Parameter SQL Injection 11in1 CMS 1.2.1 - 'admin/tps' 'id' Parameter SQL Injection PhotoWebsite 3.1 iOS - File Inclusion PhotoWebsite 3.1 iOS - Local File Inclusion vPhoto-Album 4.2 iOS - File Inclusion vPhoto-Album 4.2 iOS - Local File Inclusion PDF Converter & Editor 2.1 iOS - File Inclusion PDF Converter & Editor 2.1 iOS - Local File Inclusion Wireless Photo Transfer 3.0 iOS - File Inclusion Wireless Photo Transfer 3.0 iOS - Local File Inclusion WordPress Plugin Really Simple Guest Post 1.0.6 - File Inclusion WordPress Plugin Really Simple Guest Post 1.0.6 - Local File Inclusion My.WiFi USB Drive 1.0 iOS - File Inclusion My.WiFi USB Drive 1.0 iOS - Local File Inclusion Multiple D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure WordPress Plugin Dharma Booking 2.38.3 - File Inclusion WordPress Plugin Dharma Booking 2.38.3 - Remote File Inclusion Multiple Vendors (RomPager 4.34) - Misfortune Cookie Router Authentication Bypass RomPager 4.34 (Multiple Router Vendors) - 'Misfortune Cookie' Authentication Bypass Multiple NETGEAR Routers - Password Disclosure NETGEAR Routers - Password Disclosure |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"
For more examples, see the manual: https://www.exploit-db.com/searchsploit/
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
--exclude="term" Remove values from results. By using "|" to separated you can chain multiple values.
e.g. --exclude="term1|term2|term3".
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
---------------------------------------------------------------------------------------- -----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms/)
---------------------------------------------------------------------------------------- -----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | windows/dos/17133.c
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046) | windows/dos/18755.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | windows/local/21844.rb
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | win_x86/local/40564.c
---------------------------------------------------------------------------------------- -----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).