A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
Find a file
Offensive Security 4e334a292d DB: 2017-10-08
2 new exploits

Microsoft Windows XP/2003 - Samba Share Resource Exhaustion Exploit
Microsoft Windows XP/2003 - Samba Share Resource Exhaustion (Denial of Service)

Multiple vendors - ZOO file Decompression Infinite Loop Denial of Service (PoC)
ZOO - .ZOO File Decompression Infinite Loop Denial of Service (PoC)

WzdFTPD 0.8.0 - (USER) Remote Denial of Service
WzdFTPD 0.8.0 - 'USER' Remote Denial of Service

Multiple Vendors - 'libc:fts_*()' Local Denial of Service
Libc - 'libc:fts_*()' Local Denial of Service

Asterisk IAX2 - Resource Exhaustion via Attacked IAX Fuzzer
Asterisk IAX2 - Attacked IAX Fuzzer Resource Exhaustion (Denial of Service)

Multiple Web Browsers - Denial of Service
Multiple Browsers - Denial of Service
Multiple browsers - 'history.go()' Denial of Service
Multiple browsers - 'window.print()' Denial of Service
Multiple Browsers - 'history.go()' Denial of Service
Multiple Browsers - 'window.print()' Denial of Service

Multiple Vendors libc/glob(3) - Resource Exhaustion / Remote ftpd-anon
libc/glob(3) - Resource Exhaustion / Remote ftpd-anonymous (Denial of Service)

Check Point Software Firewall-1 4.0/1.4.1 - Resource Exhaustion (Denial of Service)

Linux Kernel 2.4.18/2.4.19 - Privileged File Descriptor Resource Exhaustion
Linux Kernel 2.4.18/2.4.19 - Privileged File Descriptor Resource Exhaustion (Denial of Service)
EType EServ 2.98/2.99/3.0 - Resource Exhaustion Denial of Service (1)
EType EServ 2.98/2.99/3.0 - Resource Exhaustion Denial of Service (2)
EType EServ 2.98/2.99/3.0 - Resource Exhaustion (Denial of Service) (1)
EType EServ 2.98/2.99/3.0 - Resource Exhaustion (Denial of Service) (2)

Desktop Orbiter 2.0 1 - Resource Exhaustion Denial of Service
Desktop Orbiter 2.0 1 - Resource Exhaustion (Denial of Service)

ACLogic CesarFTP 0.99 - Remote Resource Exhaustion (Denial of Service)

Oracle 9.0 iSQL*Plus TLS Listener - Remote Denial of Service
Oracle 9.0 iSQL*Plus - TLS Listener Remote Denial of Service

Multiple Linksys Routers - LanD Packet Denial of Service
Linksys Routers - LanD Packet Denial of Service

Multiple Mozilla Products - IFRAME JavaScript Execution Vulnerabilities
Multiple Mozilla Products - iFrame JavaScript Execution Vulnerabilities

Multiple D-Link Routers - UPNP Buffer Overflow
D-Link Routers - UPNP Buffer Overflow

Multiple Vendors - Zoo Compression Algorithm Remote Denial of Service
Zoo 2.10 - .ZOO Compression Algorithm Remote Denial of Service

Multiple BSD Platforms - 'strfmon()' Function Integer Overflow
Multiple BSD Distributions - 'strfmon()' Function Integer Overflow

Multiple Vendors Unspecified SVG File Processing - Denial of Service
Firefox / Evince / EoG / GIMP - '.SVG' File Processing Denial of Service

Wireshark 1.2.1 - OpcUa Dissector Unspecified Resource Exhaustion Denial of Service
Wireshark 1.2.1 - OpcUa Dissector Unspecified Resource Exhaustion (Denial of Service)

VMware Player and Workstation 6.5.3 - 'VMware-authd' Remote Denial of Service
VMware Player / VMware Workstation 6.5.3 - 'VMware-authd' Remote Denial of Service

Multiple Vendors - libc 'regcomp()' Stack Exhaustion Denial of Service
Libc - 'regcomp()' Stack Exhaustion Denial of Service

Multiple Aztech Routers - '/cgi-bin/AZ_Retrain.cgi' Denial of Service
Aztech Routers - '/cgi-bin/AZ_Retrain.cgi' Denial of Service

Multiple BSD Operating Systems - 'setusercontext()' Vulnerabilities
Multiple BSD Distributions - 'setusercontext()' Vulnerabilities

Multiple Cisco Products - Cisco Global Exploiter Tool
Cisco - Cisco Global Exploiter Tool

Multiple (Almost all) Browsers - Tabbed Browsing Vulnerabilities
Multiple Browsers - Tabbed Browsing Vulnerabilities

Skype extension for Firefox Beta 2.2.0.95 - Clipboard Writing
Skype Extension for Firefox Beta 2.2.0.95 - Clipboard Writing

Multiple D-Link Products - Captcha Bypass
D-Link - Captcha Bypass

Multiple Web Browser (FF3.6.7/SM 2.0.6) - Clickjacking
Multiple Browser (FF3.6.7/SM 2.0.6) - Clickjacking

Check Point Software Firewall-1 4.0/1.4.1 - Resource Exhaustion

hassan Consulting shopping cart 1.18 - Directory Traversal
Hassan Consulting Shopping Cart 1.18 - Directory Traversal

Adobe SVG Viewer 3.0 - postURL/getURL Restriction Bypass
Adobe SVG Viewer 3.0 - 'postURL'/'getURL' Restriction Bypass

ACLogic CesarFTP 0.99 - Remote Resource Exhaustion

Multiple Linksys Devices - DHCP Information Disclosure
Linksys - DHCP Information Disclosure

Oracle HTML DB 1.5/1.6 - wwv_flow.accept p_t02 Parameter Cross-Site Scripting
Oracle HTML DB 1.5/1.6 - 'wwv_flow.accept' 'p_t02' Parameter Cross-Site Scripting

Oracle HTML DB 1.5/1.6 - f p Parameter Cross-Site Scripting
Oracle HTML DB 1.5/1.6 - 'f?p=' Parameter Cross-Site Scripting

Multiple Cisco Products - WebSense Content Filtering Bypass
Cisco - WebSense Content Filtering Bypass

Multiple Vendors - RAR Handling Remote Null Pointer Dereference
ClamAV / UnRAR - .RAR Handling Remote Null Pointer Dereference

Multiple Cisco Products - 'file' Parameter Directory Traversal
Cisco - 'file' Parameter Directory Traversal

Multiple D-Link DCS Products - 'security.cgi' Cross-Site Request Forgery
D-Link DCS - 'security.cgi' Cross-Site Request Forgery

Multiple Vendors - 'RuntimeDiagnosticPing()' Stack Buffer Overflow
D-Link / PLANEX COMMUNICATIONS - 'RuntimeDiagnosticPing()' Stack Buffer Overflow

Multiple Aztech Modem Routers - Session Hijacking
Aztech Modem Routers - Session Hijacking

Mambo Component Security Images 3.0.5 - Inclusion
Mambo Component Security Images 3.0.5 - Remote File Inclusion

Joomla! Component com_bayesiannaivefilter 1.1 - Inclusion
Joomla! Component com_bayesiannaivefilter 1.1 - Remote File Inclusion
Mambo Component 'com_phpshop' 1.2 RC2b - File Inclusion
Mambo Component 'com_a6mambocredits' 1.0.0 - File Inclusion
Mambo Component 'com_phpshop' 1.2 RC2b - Remote File Inclusion
Mambo Component 'com_a6mambocredits' 1.0.0 - Remote File Inclusion
Mambo Component bigAPE-Backup 1.1 - File Inclusion
NES Game and NES System c108122 - File Inclusion
Mambo Component bigAPE-Backup 1.1 - Remote File Inclusion
NES Game and NES System c108122 - Remote File Inclusion

Mambo Component com_serverstat 0.4.4 - File Inclusion
Mambo Component com_serverstat 0.4.4 - Remote File Inclusion

Wili-CMS 0.1.1 - File Inclusion / Cross-Site Scripting / Full Path Disclosure
Wili-CMS 0.1.1 - Remote File Inclusion / Cross-Site Scripting / Full Path Disclosure

phpBB Admin Topic Action Logging Mod 0.94b - File Inclusion
phpBB Admin Topic Action Logging Mod 0.94b - Remote File Inclusion

phpBB User Viewed Posts Tracker 1.0 - File Inclusion
phpBB User Viewed Posts Tracker 1.0 - Remote File Inclusion

phpBB Random User Registration Number 1.0 Mod - Inclusion
phpBB Random User Registration Number 1.0 Mod - Remote File Inclusion

Softerra PHP Developer Library 1.5.3 - File Inclusion
Softerra PHP Developer Library 1.5.3 - Remote File Inclusion

phpBB ACP User Registration Mod 1.0 - File Inclusion
phpBB ACP User Registration Mod 1.0 - Remote File Inclusion

Electronic Engineering Tool (EE TOOL) 0.4.1 - File Inclusion
Electronic Engineering Tool (EE TOOL) 0.4.1 - Remote File Inclusion

phpBB Spider Friendly Module 1.3.10 - File Inclusion
phpBB Spider Friendly Module 1.3.10 - Remote File Inclusion

Tucows Client Code Suite (CSS) 1.2.1015 - File Inclusion
Tucows Client Code Suite (CSS) 1.2.1015 - Remote File Inclusion

pre Multiple Vendors shopping malls - Multiple Vulnerabilities
PreProject Multi-Vendor Shopping Malls - Multiple Vulnerabilities

Easy Px 41 CMS 09.00.00B1 - (fiche) Local File Inclusion
Easy Px 41 CMS 09.00.00B1 - 'fiche' Local File Inclusion

Joomla! Component Book Library 1.0 - File Inclusion
Joomla! Component Book Library 1.0 - Remote File Inclusion

Community Translate - File Inclusion
Community Translate - Remote File Inclusion
EZsneezyCal CMS 95.1-95.2 - File Inclusion
EZRecipeZee CMS 91 - File Inclusion
EZsneezyCal CMS 95.1-95.2 - Remote File Inclusion
EZRecipeZee CMS 91 - Remote File Inclusion

AIOCP 1.4.001 - File Inclusion
AIOCP 1.4.001 - Remote File Inclusion

Gbook MX 4.1.0 (Arabic Version) - File Inclusion
Gbook MX 4.1.0 (Arabic Version) - Remote File Inclusion

Multiple D-Link Routers - Authentication Bypass
D-Link Routers - Authentication Bypass (2)

29o3 CMS - (LibDir) Multiple Remote File Inclusion
29o3 CMS - 'LibDir' Multiple Remote File Inclusion

MyNews 1.0 CMS - SQL Injection / Local File Inclusion / Cross-Site Scripting
MyNews CMS 1.0 - SQL Injection / Local File Inclusion / Cross-Site Scripting

Pre Multiple Vendors Shopping Malls - SQL Injection
PreProject Multi-Vendor Shopping Malls - SQL Injection

Pre Multiple Vendors Shopping Malls - 'products.php?sid' SQL Injection
PreProject Multi-Vendor Shopping Malls - 'products.php?sid' SQL Injection

Pre Multiple Vendors Shopping Malls - SQL Injection / Authentication Bypass
PreProject Multi-Vendor Shopping Malls - SQL Injection / Authentication Bypass

Multiple D-Link Routers (Multiple Models) - Authentication Bypass
D-Link Routers - Authentication Bypass (1)

Multiple Linksys Routers - Cross-Site Request Forgery
Linksys Routers - Cross-Site Request Forgery

Joomla! Component 'Scriptegrator' 1.5 - File Inclusion
Joomla! Component 'Scriptegrator' 1.5 - Local File Inclusion

BbZL.php - File Inclusion
BbZL.php - Remote File Inclusion

FCMS 2.7.2 CMS - Multiple Cross-Site Request Forgery Vulnerabilities
FCMS CMS  2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities

Cyberoam Central Console 2.00.2 - File Inclusion
Cyberoam Central Console 2.00.2 - Remote File Inclusion
Dolibarr ERP & CRM 3 - Authenticated OS Command Injection (Metasploit)
Dolibarr ERP & CRM - OS Command Injection
Dolibarr ERP/CRM 3 - Authenticated OS Command Injection (Metasploit)
Dolibarr ERP/CRM - OS Command Injection
VamCart 0.9 CMS - Multiple Vulnerabilities
PBBoard 2.1.4 CMS - Multiple Vulnerabilities
VamCart CMS 0.9 - Multiple Vulnerabilities
PBBoard CMS 2.1.4 - Multiple Vulnerabilities

Flynax General Classifieds 4.0 CMS - Multiple Vulnerabilities
Flynax General Classifieds CMS 4.0 - Multiple Vulnerabilities

PG Dating Pro 1.0 CMS - Multiple Vulnerabilities
PG Dating Pro CMS 1.0 - Multiple Vulnerabilities

Artmedic Webdesign Kleinanzeigen Script - File Inclusion
Artmedic Webdesign Kleinanzeigen Script - Remote File Inclusion

Multiple D-Link Devices - Multiple Vulnerabilities
D-Link - Multiple Vulnerabilities

Utopia News Pro 1.1.3 - header.php sitetitle Parameter Cross-Site Scripting
Utopia News Pro 1.1.3 - 'header.php' 'sitetitle' Parameter Cross-Site Scripting

Utopia News Pro 1.1.3 - footer.php Multiple Parameter Cross-Site Scripting
Utopia News Pro 1.1.3 - 'footer.php' Multiple Parameter Cross-Site Scripting

Multiple D-Link Devices - OS-Command Injection via UPnP Interface
D-Link - OS-Command Injection via UPnP Interface

WordPress Plugin Spicy Blogroll - File Inclusion
WordPress Plugin Spicy Blogroll - Local File Inclusion

OliveOffice Mobile Suite 2.0.3 iOS - File Inclusion
OliveOffice Mobile Suite 2.0.3 iOS - Local File Inclusion

ActiveWeb Contentserver 5.6.2929 CMS - Client-Side Filtering Bypass
ActiveWeb Contentserver CMS 5.6.2929 - Client-Side Filtering Bypass

Piwigo 2.5.3 CMS - Multiple Web Vulnerabilities
Piwigo CMS 2.5.3 - Multiple Web Vulnerabilities

Office Assistant Pro 2.2.2 iOS - File Inclusion
Office Assistant Pro 2.2.2 iOS - Local File Inclusion

WiFiles HD 1.3 iOS - File Inclusion
WiFiles HD 1.3 iOS - Locla File Inclusion

PDF Album 1.7 iOS - File Inclusion
PDF Album 1.7 iOS - Local File Inclusion

Multiple D-Link Routers - Multiple Vulnerabilities
D-Link Routers - Multiple Vulnerabilities

Multiple Consona Products - 'n6plugindestructor.asp' Cross-Site Scripting
Consona - 'n6plugindestructor.asp' Cross-Site Scripting

Photo Org WonderApplications 8.3 iOS - File Inclusion
Photo Org WonderApplications 8.3 iOS - Local File Inclusion

Pre Projects Multiple Vendors Shopping Malls - 'products.php' SQL Injection
PreProject Multi-Vendor Shopping Malls - 'products.php' SQL Injection

PhotoSync Wifi & Bluetooth 1.0 - File Inclusion
PhotoSync Wifi & Bluetooth 1.0 - Local File Inclusion

Photorange 1.0 iOS - File Inclusion
Photorange 1.0 iOS - Local File Inclusion

GS Foto Uebertraeger 3.0 iOS - File Inclusion
GS Foto Uebertraeger 3.0 iOS - Local File Inclusion

iFunBox Free 1.1 iOS - File Inclusion
iFunBox Free 1.1 iOS - Local File Inclusion

Pimcore 2.3.0/3.0 CMS - SQL Injection
Pimcore CMS 2.3.0/3.0 - SQL Injection

Dolibarr 3.0 - Local File Inclusion / Cross-Site Scripting
Dolibarr CMS 3.0 - Local File Inclusion / Cross-Site Scripting

Dolibarr 3.1 ERP/CRM - Multiple Script URI Cross-Site Scripting
Dolibarr ERP/CRM 3.1 - Multiple Script URI Cross-Site Scripting

Dolibarr 3.x - 'adherents/fiche.php' SQL Injection
Dolibarr CMS 3.x - 'adherents/fiche.php' SQL Injection
11in1 CMS 1.2.1 - 'index.php' class Parameter Traversal Local File Inclusion
11in1 CMS 1.2.1 - admin/index.php class Parameter Traversal Local File Inclusion
11in1 CMS 1.2.1 - 'index.php' 'class' Parameter Traversal Local File Inclusion
11in1 CMS 1.2.1 - 'admin/index.php' 'class' Parameter Traversal Local File Inclusion
Wifi Drive Pro 1.2 iOS - File Inclusion
Photo Manager Pro 4.4.0 iOS - File Inclusion
Mobile Drive HD 1.8 - File Inclusion Web
Wifi Drive Pro 1.2 iOS - Local File Inclusion
Photo Manager Pro 4.4.0 iOS - Local File Inclusion
Mobile Drive HD 1.8 - Local File Inclusion

Dolibarr 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
Dolibarr CMS 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
11in1 CMS 1.2.1 - admin/comments topicID Parameter SQL Injection
11in1 CMS 1.2.1 - admin/tps id Parameter SQL Injection
11in1 CMS 1.2.1 - 'admin/comments' 'topicID' Parameter SQL Injection
11in1 CMS 1.2.1 - 'admin/tps' 'id' Parameter SQL Injection

PhotoWebsite 3.1 iOS - File Inclusion
PhotoWebsite 3.1 iOS - Local File Inclusion

vPhoto-Album 4.2 iOS - File Inclusion
vPhoto-Album 4.2 iOS - Local File Inclusion

PDF Converter & Editor 2.1 iOS - File Inclusion
PDF Converter & Editor 2.1 iOS - Local File Inclusion

Wireless Photo Transfer 3.0 iOS - File Inclusion
Wireless Photo Transfer 3.0 iOS - Local File Inclusion

WordPress Plugin Really Simple Guest Post 1.0.6 - File Inclusion
WordPress Plugin Really Simple Guest Post 1.0.6 - Local File Inclusion

My.WiFi USB Drive 1.0 iOS - File Inclusion
My.WiFi USB Drive 1.0 iOS - Local File Inclusion

Multiple D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure
D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure

WordPress Plugin Dharma Booking 2.38.3 - File Inclusion
WordPress Plugin Dharma Booking 2.38.3 -  Remote File Inclusion

Multiple Vendors (RomPager 4.34) - Misfortune Cookie Router Authentication Bypass
RomPager 4.34 (Multiple Router Vendors) - 'Misfortune Cookie' Authentication Bypass

Multiple NETGEAR Routers - Password Disclosure
NETGEAR Routers - Password Disclosure
2017-10-08 05:01:28 +00:00
platforms DB: 2017-10-08 2017-10-08 05:01:28 +00:00
files.csv DB: 2017-10-08 2017-10-08 05:01:28 +00:00
README.md Add "--exclude" to remove values from results 2017-06-14 15:58:54 +01:00
searchsploit Fix #101 - Git update issue & echo standard. 2017-09-18 18:22:53 +01:00

The Exploit Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

==========
 Examples
==========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446
  searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"

  For more examples, see the manual: https://www.exploit-db.com/searchsploit/

=========
 Options
=========
   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help                 Show this help screen.
   -j, --json     [Term]      Show result in JSON format.
   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
   -u, --update               Check for and install any exploitdb package updates (deb or git).
   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
       --colour               Disable colour highlighting in search results.
       --id                   Display the EDB-ID value rather than local path.
       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                                Use "-v" (verbose) to try even more combinations
       --exclude="term"       Remove values from results. By using "|" to separated you can chain multiple values.
                                e.g. --exclude="term1|term2|term3".

=======
 Notes
=======
 * You can use any number of search terms.
 * Search terms are not case-sensitive (by default), and ordering is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching using numbers - i.e. versions).
 * When updating or displaying help, search terms will be ignored.

root@kali:~#
root@kali:~# searchsploit afd windows local
---------------------------------------------------------------------------------------- -----------------------------------
 Exploit Title                                                                          |  Path
                                                                                        | (/usr/share/exploitdb/platforms/)
---------------------------------------------------------------------------------------- -----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service                         | windows/dos/17133.c
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046)                     | windows/dos/18755.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066)        | windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)                   | windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit)          | windows/local/21844.rb
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)  | win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)  | win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046)                     | win_x86/local/40564.c
---------------------------------------------------------------------------------------- -----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
    URL: https://www.exploit-db.com/exploits/39446/
   Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py

Copied EDB-ID 39446's path to the clipboard.

root@kali:~#

SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).