![]() 5 new exploits Foxit Reader 4.1.1 - Stack Overflow (Egghunter Mod) Foxit Reader 4.1.1 - Stack Overflow (Egghunter) iSQL 1.0 - Shell Command Injection iSQL 1.0 - Command Injection Microsoft Authorization Manager 6.1.7601 - 'azman' XML External Entity Injection Microsoft Excel Starter 2010 - XML External Entity Injection Microsoft Windows Media Center 6.1.7600 - 'ehshell.exe' XML External Entity Injection Samba 2.2.x - Remote Root Buffer Overflow Samba 2.2.x - Buffer Overflow PoPToP PPTP 1.1.4-b3 - Remote Root Exploit Snort 1.9.1 - 'p7snort191.sh' Remote Root Exploit PoPToP PPTP 1.1.4-b3 - 'poptop-sane.c' Remote Root Exploit PoPToP PPTP 1.1.4-b3 - Remote Command Execution Snort 1.9.1 - 'p7snort191.sh' Remote Command Execution PoPToP PPTP 1.1.4-b3 - 'poptop-sane.c' Remote Command Execution Sendmail 8.12.8 - Prescan() BSD Remote Root Exploit Sendmail 8.12.8 - Prescan() BSD Remote Command Execution WsMp3d 0.x - Remote Root Heap Overflow WsMp3d 0.x - Heap Overflow Atftpd 0.6 - 'atftpdx.c' Remote Root Exploit Atftpd 0.6 - 'atftpdx.c' Remote Command Execution Samba 2.2.8 - (Brute Force Method) Remote Root Exploit Samba 2.2.8 - (Brute Force Method) Remote Command Execution WU-FTPD 2.6.2 - Off-by-One Remote Root Exploit WU-FTPD 2.6.2 - Off-by-One Remote Command Execution WU-FTPD 2.6.2 - Remote Root Exploit WU-FTPD 2.6.2 - Remote Command Execution WU-FTPD 2.6.0 - Remote Root Exploit WU-FTPD 2.6.0 - Remote Command Execution LPRng 3.6.22/23/24 - Remote Root Exploit LPRng 3.6.22/23/24 - Remote Command Execution LPRng 3.6.24-1 - Remote Root Exploit LPRng 3.6.24-1 - Remote Command Execution WU-FTPD 2.6.1 - Remote Root Exploit SSH (x2) - Remote Root Exploit WU-FTPD 2.6.1 - Remote Command Execution SSH (x2) - Remote Command Execution BSD TelnetD - Remote Root Exploit (1) BSD TelnetD - Remote Command Execution (1) Sendmail with clamav-milter < 0.91.2 - Remote Root Exploit Sendmail with clamav-milter < 0.91.2 - Remote Command Execution ProFTPd IAC 1.3.x - Remote Root Exploit ProFTPd IAC 1.3.x - Remote Command Execution Exim 4.63 - Remote Root Exploit Exim 4.63 - Remote Command Execution Splunk - Remote Root Exploit Splunk - Remote Command Execution FreeBSD OpenSSH 3.5p1 - Remote Root Exploit FreeBSD OpenSSH 3.5p1 - Remote Command Execution HP Data Protector (Linux) - Remote Root Shell HP Data Protector (Linux) - Remote Command Execution FreeBSD ftpd and ProFTPd on FreeBSD - Remote Root Exploit FreeBSD ftpd and ProFTPd on FreeBSD - Remote Command Execution Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion (Root Remote Code Execution) Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion (Remote Code Execution) BSD TelnetD - Remote Root Exploit (2) BSD TelnetD - Remote Command Execution (2) Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion (Root Remote Code Execution) Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion (Remote Command Execution) Sendmail 8.6.9 IDENT - Remote Root Exploit Sendmail 8.6.9 IDENT - Remote Command Execution Sitecom MD-25x - Multiple Vulnerabilities / Reverse Root Shell Sitecom MD-25x - Multiple Vulnerabilities / Reverse Root Exploit ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM/root SQL Injection ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM/Root SQL Injection H-Sphere Webshell 2.4 - Remote Root Exploit H-Sphere Webshell 2.4 - Remote Command Execution MySQL 5.1/5.5 (Windows) - 'MySQLJackpot' Remote Root Exploit MySQL 5.1/5.5 (Windows) - 'MySQLJackpot' Remote Command Execution Ubiquiti AirOS 5.5.2 - Remote Authenticated Root Command Execution Ubiquiti AirOS 5.5.2 - Authenticated Remote Command Execution Allied Telesis AT-MCF2000M 3.0.2 - Gaining Root Shell Access Allied Telesis AT-MCF2000M 3.0.2 - Remote Command Execution Novell NCP - Unauthenticated Remote Root Exploit Novell NCP - Unauthenticated Remote Command Execution Seowonintech Devices - Remote Root Exploit Seowonintech Devices - Remote Command Execution ASUS RT-AC66U - acsd Parameter Remote Root Shell ASUS RT-AC66U - 'acsd' Parameter Remote Command Execution ASUS RT-N56U - Remote Root Shell Buffer Overflow (ROP) ASUS RT-N56U - Remote Buffer Overflow (ROP) NovaSTOR NovaNET 12.0 - Remote Root Exploit NovaSTOR NovaNET 12.0 - Remote Command Execution ALCASAR 2.8 - Remote Root Code Execution ALCASAR 2.8 - Remote Code Execution F5 iControl - Remote Root Command Execution (Metasploit) F5 iControl - Remote Command Execution (Metasploit) Barracuda Firmware 5.0.0.012 - Authenticated Remote Root Exploit (Metasploit) Barracuda Firmware 5.0.0.012 - Authenticated Remote Command Execution (Metasploit) Seagate Central 2014.0410.0026-F - Remote Root Exploit Seagate Central 2014.0410.0026-F - Remote Command Execution Proxmox VE 3/4 - Insecure Hostname Checking Remote Root Exploit Proxmox VE 3/4 - Insecure Hostname Checking Remote Command Execution Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Authenticated Remote Root Exploit (Metasploit) Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Authenticated Remote Command Execution (Metasploit) Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Authenticated Remote Root Exploit (Metasploit) (3) Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Root Exploit (Metasploit) Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Authenticated Remote Command Execution (Metasploit) (3) Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Command Execution (Metasploit) BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Code Execution Alcatel Lucent Omnivista 8770 - Remote Code Execution Windows x86 - Password Protected TCP Bind Shell (637 bytes) Windows x86 - Password Protected TCP Bind Shellcode (637 bytes) Windows x86 - URLDownloadToFileA() + SetFileAttributesA() + WinExec() + ExitProcess() Shellcode (394 bytes) Windows x86 - URLDownloadToFileA() / SetFileAttributesA() / WinExec() / ExitProcess() Shellcode (394 bytes) Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon Shellcode (83_ 148_ 177 bytes) Linux/x86-64 - Syscall Persistent Bind Shell / Multi-terminal / Password / Daemon Shellcode (83_ 148_ 177 bytes) Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal Shellcode (84_ 122_ 172 bytes) Linux/x86-64 - Subtle Probing Reverse Shell / Timer_ Burst / Password / Multi-Terminal Shellcode (84_ 122_ 172 bytes) Linux/x86 - NetCat Bind Shell with Port (44 / 52 bytes) Linux/x86 - zsh TCP Bind Shell Port 9090 (96 bytes) Linux/x86 - NetCat Bind Shellcode with Port (44 / 52 bytes) Linux/x86 - zsh TCP Port 9090 Bind Shellcode (96 bytes) Astium VoIP PBX 2.1 build 25399 - Multiple Vulnerabilities/Remote Root Exploit Astium VoIP PBX 2.1 build 25399 - Multiple Vulnerabilities/Remote Command Execution SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x - Remote Root/SYSTEM Exploit SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x - Remote Command Execution D-Link DSR Router Series - Remote Root Shell D-Link DSR Router Series - Remote Command Execution Alacate-Lucent OmniVista 4760 - Multiple Cross-Site Scripting Vulnerabilities Alcatel Lucent Omnivista 4760 - Multiple Cross-Site Scripting Vulnerabilities ALCASAR 2.8.1 - Remote Root Code Execution ALCASAR 2.8.1 - Remote Code Execution SevOne NMS 5.3.6.0 - Remote Root Exploit SevOne NMS 5.3.6.0 - Remote Command Execution Iris ID IrisAccess ICU 7000-2 - Remote Root Command Execution Iris ID IrisAccess ICU 7000-2 - Remote Command Execution NUUO NVRmini 2 3.0.8 - Remote Root Exploit NUUO NVRmini 2 3.0.8 - Remote Code Execution EyeLock nano NXT 3.5 - Remote Root Exploit EyeLock nano NXT 3.5 - Remote Code Execution InfraPower PPS-02-S Q213V1 - Unauthenticated Remote Root Command Execution InfraPower PPS-02-S Q213V1 - Unauthenticated Remote Command Execution |
||
---|---|---|
platforms | ||
files.csv | ||
README.md | ||
searchsploit |
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) | ./windows/local/6757.txt
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash
, sed
, grep
, awk
, etc.) for the core features to work. The self updating function will require git
, and the Nmap XML option to work, will require xmllint
(found in the libxml2-utils
package in Debian-based systems).