A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
5bd93d7e45
12 new exploits Apple Mac OSX xnu 1228.0 - mach-o Local Kernel Denial of Service (PoC) Apple Mac OSX xnu 1228.0 - 'mach-o' Local Kernel Denial of Service (PoC) Apple Mac OSX xnu 1228.0 - super_blob Local kernel Denial of Service (PoC) Apple Mac OSX xnu 1228.0 - 'super_blob' Local kernel Denial of Service (PoC) Administrador de Contenidos - Admin Login Bypass Administrador de Contenidos - Admin Authentication Bypass Microsoft Windows Kernel - DeferWindowPos Use-After-Free (MS15-073) Microsoft Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073) Microsoft Windows Kernel - 'DeferWindowPos' Use-After-Free (MS15-073) Microsoft Windows Kernel - 'UserCommitDesktopMemory' Use-After-Free (MS15-073) Microsoft Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061) Microsoft Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061) Microsoft Windows Kernel - SURFOBJ Null Pointer Dereference (MS15-061) Microsoft Windows Kernel - 'HmgAllocateObjectAttr' Use-After-Free (MS15-061) Microsoft Windows Kernel - 'win32k!vSolidFillRect' Buffer Overflow (MS15-061) Microsoft Windows Kernel - 'SURFOBJ' Null Pointer Dereference (MS15-061) Microsoft Windows Kernel - FlashWindowEx Memory Corruption (MS15-097) Microsoft Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097) Microsoft Windows Kernel - 'FlashWindowEx' Memory Corruption (MS15-097) Microsoft Windows Kernel - 'bGetRealizedBrush' Use-After-Free (MS15-097) Microsoft Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097) Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflows (MS15-097) Microsoft Windows Kernel - NtGdiBitBlt Buffer Overflow (MS15-097) Microsoft Windows Kernel - 'NtGdiBitBlt' Buffer Overflow (MS15-097) Blue Coat ProxySG 5.x - and Security Gateway OS Denial of Service Blue Coat ProxySG 5.x and Security Gateway OS - Denial of Service Microsoft Windows Kernel - win32k!OffsetChildren Null Pointer Dereference Microsoft Windows Kernel - 'win32k!OffsetChildren' Null Pointer Dereference Apple Mac OSX - IOBluetoothHCIUserClient Arbitrary Kernel Code Execution Apple Mac OSX - 'IOBluetoothHCIUserClient' Arbitrary Kernel Code Execution Apple Mac OSX - gst_configure Kernel Buffer Overflow Apple Mac OSX - IntelAccelerator::gstqConfigure Exploitable Kernel NULL Dereference Apple Mac OSX - 'gst_configure' Kernel Buffer Overflow Apple Mac OSX - 'IntelAccelerator::gstqConfigure' Exploitable Kernel NULL Dereference Microsoft Windows Kernel - NtGdiGetTextExtentExW Out-of-Bounds Memory Read Microsoft Windows Kernel - 'NtGdiGetTextExtentExW'' Out-of-Bounds Memory Read Microsoft Windows Kernel - win32k Denial of Service (MS16-135) Microsoft Windows Kernel - 'win32k' Denial of Service (MS16-135) Microsoft Windows 10 Kernel - nt!NtTraceControl (EtwpSetProviderTraits) Pool Memory Disclosure Microsoft Windows 10 Kernel - 'nt!NtTraceControl (EtwpSetProviderTraits)' Pool Memory Disclosure Microsoft Windows Kernel - win32k.sys '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath) Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow) Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath) Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow) AIX 5.2 - netpmon Local Elevated Privileges Exploit AIX 5.2 - ipl_varyon Local Elevated Privileges Exploit AIX 5.2 - 'netpmon' Local Privilege Escalation AIX 5.2 - 'ipl_varyon' Local Privilege Escalation Willing Webcam 2.8 - Licence Info Disclosure Local Exploit Willing Webcam 2.8 - Licence Information Disclosure Local Exploit Solaris 7.0 cancel - Exploit Solaris 7.0 chkperm - Exploit Solaris 7.0 - 'cancel' Exploit Solaris 7.0 - 'chkperm' Exploit Apple Mac OSX 10.4.x - Shared_Region_Make_Private_Np Kernel Function Local Memory Corruption Apple Mac OSX 10.4.x - 'Shared_Region_Make_Private_Np' Kernel Function Local Memory Corruption Apple macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free Apple macOS < 10.12.2 / iOS < 10.2 - '_kernelrpc_mach_port_insert_right_trap' Kernel Reference Count Leak / Use-After-Free Mikogo 5.4.1.160608 - Local Credentials Disclosure THOMSON ST585 - 'user.ini' Arbitrary Download THOMSON ST585 - 'user.ini' Arbitrary Disclosure THOMSON TG585n 7.4.3.2 - 'user.ini' Arbitrary Download THOMSON TG585n 7.4.3.2 - 'user.ini' Arbitrary Disclosure Adobe Flash and Reader - Live Malware (PoC) Adobe Flash / Reader - Live Malware (PoC) Unify eWave ServletExec 3 - JSP Source Disclosure Unify eWave ServletExec 3 - .JSP Source Disclosure 1C: Arcadia Internet Store 1.0 - Show Path 1C: Arcadia Internet Store 1.0 - Path Disclosure Adobe ColdFusion 9 - Administrative Login Bypass (Metasploit) Adobe ColdFusion 9 - Administrative Authentication Bypass (Metasploit) Apache Tomcat 6.0.13 - Cookie Handling Quote Delimiter Session ID Disclosure Apache Tomcat 6.0.13 - Insecure Cookie Handling Quote Delimiter Session ID Disclosure myNewsletter 1.1.2 - 'adminLogin.asp' Login Bypass myNewsletter 1.1.2 - 'adminLogin.asp' Authentication Bypass 2BGal 3.0 - '/admin/configuration.inc.php' Local Inclusion Exploit 2BGal 3.0 - '/admin/configuration.inc.php' Local File Inclusion Estate Agent Manager 1.3 - 'default.asp' Login Bypass Property Pro 1.0 - 'vir_Login.asp' Remote Login Bypass Estate Agent Manager 1.3 - 'default.asp' Authentication Bypass Property Pro 1.0 - 'vir_Login.asp' Remote Authentication Bypass Hpecs Shopping Cart - Remote Login Bypass Hpecs Shopping Cart - Remote Authentication Bypass HR Assist 1.05 - 'vdateUsr.asp' Remote Login Bypass HR Assist 1.05 - 'vdateUsr.asp' Remote Authentication Bypass PHPX 3.5.16 - Cookie Poisoning / Login Bypass PHPX 3.5.16 - Cookie Poisoning / Authentication Bypass Absolute File Send 1.0 - Remote Cookie Handling Absolute File Send 1.0 - Remote Insecure Cookie Handling Absolute Poll Manager XE 4.1 - Cookie Handling Absolute Poll Manager XE 4.1 - Insecure Cookie Handling TR News 2.1 - 'login.php' Remote Login Bypass TR News 2.1 - 'login.php' Remote Authentication Bypass PhpAddEdit 1.3 - 'cookie' Login Bypass PhpAddEdit 1.3 - 'cookie' Authentication Bypass 2532/Gigs 1.2.2 Stable - Remote Login Bypass 2532/Gigs 1.2.2 Stable - Remote Authentication Bypass Flexcustomer 0.0.6 - Admin Login Bypass / Possible PHP code writing Flexcustomer 0.0.6 - Admin Authentication Bypass / Possible PHP code writing ClearBudget 0.6.1 - Insecure Database Download ClearBudget 0.6.1 - Insecure Database Disclosure ClanTiger < 1.1.1 - Multiple Cookie Handling Vulnerabilities ClanTiger < 1.1.1 - Multiple Insecure Cookie Handling Vulnerabilities 2DayBiz Custom T-shirt Design -(SQL Injection / Cross-Site Scripting 2DayBiz Custom T-shirt Design - SQL Injection / Cross-Site Scripting ILIAS Lms 3.9.9/3.10.7 - Arbitrary Edition/Info Disclosure Vulnerabilities ILIAS Lms 3.9.9/3.10.7 - Arbitrary Edition/Information Disclosure Vulnerabilities Amiro.CMS 5.4.0.0 - Folder Disclosure Amiro.CMS 5.4.0.0 - Path Disclosure Mura CMS 5.1 - Root Folder Disclosure Mura CMS 5.1 - Root Path Disclosure jgbbs-3.0beta1 - Database Download PSnews - Database Download jgbbs-3.0beta1 - Database Disclosure PSnews - Database Disclosure AspBB - Active Server Page Bulletin Board Database Download Futility Forum 1.0 Revamp - Database Download htmlArea 2.03 - Database Download Uguestbook - Database Download BaalASP 2.0 - Database Download Fully Functional ASP Forum 1.0 - Database Download makit news/blog poster 3.1 - Database Download AspBB - Active Server Page Bulletin Board Database Disclosure Futility Forum 1.0 Revamp - Database Disclosure htmlArea 2.03 - Database Disclosure Uguestbook - Database Disclosure BaalASP 2.0 - Database Disclosure Fully Functional ASP Forum 1.0 - Database Disclosure makit news/blog poster 3.1 - Database Disclosure ASP Battle Blog - Database Download ASP Battle Blog - Database Disclosure Proxyroll.com Clone PHP Script - Cookie Handling Proxyroll.com Clone PHP Script - Insecure Cookie Handling YP Portal MS-Pro Surumu 1.0 - Database Download YP Portal MS-Pro Surumu 1.0 - Database Disclosure Lebi soft Ziyaretci Defteri 7.5 - Database Download Net Gitar Shop 1.0 - Database Download Lebi soft Ziyaretci Defteri 7.5 - Database Disclosure Net Gitar Shop 1.0 - Database Disclosure VP-ASP Shopping Cart 7.0 - Database Download VP-ASP Shopping Cart 7.0 - Database Disclosure Asp VevoCart Control System 3.0.4 - Database Download Asp VevoCart Control System 3.0.4 - Database Disclosure MoME CMS 0.8.5 - Remote Login Bypass RoseOnlineCMS 3 B1 - Remote Login Bypass MoME CMS 0.8.5 - Remote Authentication Bypass RoseOnlineCMS 3 B1 - Remote Authentication Bypass al3jeb script - Remote Login Bypass al3jeb script - Remote Authentication Bypass Al Sat Scripti - Database Download Al Sat Scripti - Database Disclosure Mp3 MuZik - DataBase Download Mp3 MuZik - Database Disclosure My School Script - Data Base Download My School Script - Database Disclosure Azimut Technologie - Admin Login Bypass Azimut Technologie - Admin Authentication Bypass Auction_Software Script - Admin Login Bypass Auction_Software Script - Admin Authentication Bypass BSI Hotel Booking System Admin 1.4/2.0 - Login Bypass BSI Hotel Booking System Admin 1.4/2.0 - Authentication Bypass DeluxeBB 1.3 - Private Info Disclosure DeluxeBB 1.3 - Private Information Disclosure Qcodo Development Framework 0.3.3 - Full Info Disclosure Qcodo Development Framework 0.3.3 - Full Information Disclosure CosmoQuest - Login Bypass CosmoQuest - Authentication Bypass PHProjekt 2.x/3.x - Login Bypass PHProjekt 2.x/3.x - Authentication Bypass MapInfo Discovery 1.0/1.1 - Administrative Login Bypass MapInfo Discovery 1.0/1.1 - Administrative Authentication Bypass Keyvan1 ImageGallery - Database Download Keyvan1 ImageGallery - Database Disclosure Simple File Manager 024 - Login Bypass Simple File Manager 024 - Authentication Bypass Adobe ColdFusion 9 - Administrative Login Bypass Adobe ColdFusion 9 - Administrative Authentication Bypass RASPcalendar 1.01 - [ASP] Admin Login RASPcalendar 1.01 (ASP) - Admin Login Zend-Framework - Full Info Disclosure Zend-Framework - Full Information Disclosure Simple E-document 1.31 - Login Bypass Simple E-document 1.31 - Authentication Bypass ZYXEL P-660HN-T1A Router - Login Bypass ZYXEL P-660HN-T1A Router - Authentication Bypass agXchange ESM - 'ucschcancelproc.jsp' Open redirection agXchange ESM - 'ucschcancelproc.jsp' Open Redirection ESRI ArcGIS for Server - 'where' Form Field SQL Injection ESRI ArcGIS for Server - 'where' Form SQL Injection ZTE ZXHN H108N Router - Unauthenticated Config Download ZTE ZXHN H108N Router - Unauthenticated Config Disclosure FS Car Rental Script - 'pickup_location' SQL Injection FS Amazon Clone - 'category_id' SQL Injection FS Book Store Script - 'category' SQL Injection FS Ebay Clone - 'pd_maincat_id' SQL Injection FS Food Delivery Script - 'keywords' SQL Injection FS Expedia Clone - 'hid' SQL Injection FS Freelancer Clone - 'sk' SQL Injection FS Groupon Clone - 'category' SQL Injection FS Indiamart Clone - 'keywords' SQL Injection FS Lynda Clone - 'category' SQL Injection FS OLX Clone - 'catg_id' SQL Injection |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"
For more examples, see the manual: https://www.exploit-db.com/searchsploit/
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
--exclude="term" Remove values from results. By using "|" to separated you can chain multiple values.
e.g. --exclude="term1|term2|term3".
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
---------------------------------------------------------------------------------------- -----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms/)
---------------------------------------------------------------------------------------- -----------------------------------
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | win_x86/local/40564.c
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | windows/local/21844.rb
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046) | windows/dos/18755.c
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86-64/local/39525.py
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86/local/39446.py
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | windows/local/18176.py
---------------------------------------------------------------------------------------- -----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).