A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
Find a file
Offensive Security 5dc941e36b DB: 2016-12-06
5 new exploits

Foxit Reader 4.1.1 - Stack Overflow (Egghunter Mod)
Foxit Reader 4.1.1 - Stack Overflow (Egghunter)

iSQL 1.0 - Shell Command Injection
iSQL 1.0 - Command Injection
Microsoft Authorization Manager 6.1.7601 - 'azman' XML External Entity Injection
Microsoft Excel Starter 2010 - XML External Entity Injection
Microsoft Windows Media Center 6.1.7600 - 'ehshell.exe' XML External Entity Injection

Samba 2.2.x - Remote Root Buffer Overflow
Samba 2.2.x - Buffer Overflow
PoPToP PPTP 1.1.4-b3 - Remote Root Exploit
Snort 1.9.1 - 'p7snort191.sh' Remote Root Exploit
PoPToP PPTP 1.1.4-b3 - 'poptop-sane.c' Remote Root Exploit
PoPToP PPTP 1.1.4-b3 - Remote Command Execution
Snort 1.9.1 - 'p7snort191.sh' Remote Command Execution
PoPToP PPTP 1.1.4-b3 - 'poptop-sane.c' Remote Command Execution

Sendmail 8.12.8 - Prescan() BSD Remote Root Exploit
Sendmail 8.12.8 - Prescan() BSD Remote Command Execution

WsMp3d 0.x - Remote Root Heap Overflow
WsMp3d 0.x - Heap Overflow

Atftpd 0.6 - 'atftpdx.c' Remote Root Exploit
Atftpd 0.6 - 'atftpdx.c' Remote Command Execution

Samba 2.2.8 - (Brute Force Method) Remote Root Exploit
Samba 2.2.8 - (Brute Force Method) Remote Command Execution

WU-FTPD 2.6.2 - Off-by-One Remote Root Exploit
WU-FTPD 2.6.2 - Off-by-One Remote Command Execution

WU-FTPD 2.6.2 - Remote Root Exploit
WU-FTPD 2.6.2 - Remote Command Execution

WU-FTPD 2.6.0 - Remote Root Exploit
WU-FTPD 2.6.0 - Remote Command Execution

LPRng 3.6.22/23/24 - Remote Root Exploit
LPRng 3.6.22/23/24 - Remote Command Execution

LPRng 3.6.24-1 - Remote Root Exploit
LPRng 3.6.24-1 - Remote Command Execution
WU-FTPD 2.6.1 - Remote Root Exploit
SSH (x2) - Remote Root Exploit
WU-FTPD 2.6.1 - Remote Command Execution
SSH (x2) - Remote Command Execution

BSD TelnetD - Remote Root Exploit (1)
BSD TelnetD - Remote Command Execution (1)

Sendmail with clamav-milter < 0.91.2 - Remote Root Exploit
Sendmail with clamav-milter < 0.91.2 - Remote Command Execution

ProFTPd IAC 1.3.x - Remote Root Exploit
ProFTPd IAC 1.3.x - Remote Command Execution

Exim 4.63 - Remote Root Exploit
Exim 4.63 - Remote Command Execution

Splunk - Remote Root Exploit
Splunk - Remote Command Execution

FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
FreeBSD OpenSSH 3.5p1 - Remote Command Execution

HP Data Protector (Linux) - Remote Root Shell
HP Data Protector (Linux) - Remote Command Execution

FreeBSD ftpd and ProFTPd on FreeBSD - Remote Root Exploit
FreeBSD ftpd and ProFTPd on FreeBSD - Remote Command Execution

Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion (Root Remote Code Execution)
Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion (Remote Code Execution)

BSD TelnetD - Remote Root Exploit (2)
BSD TelnetD - Remote Command Execution (2)

Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion (Root Remote Code Execution)
Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion (Remote Command Execution)

Sendmail 8.6.9 IDENT - Remote Root Exploit
Sendmail 8.6.9 IDENT - Remote Command Execution

Sitecom MD-25x - Multiple Vulnerabilities / Reverse Root Shell
Sitecom MD-25x - Multiple Vulnerabilities / Reverse Root Exploit

ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM/root SQL Injection
ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM/Root SQL Injection

H-Sphere Webshell 2.4 - Remote Root Exploit
H-Sphere Webshell 2.4 - Remote Command Execution

MySQL 5.1/5.5 (Windows) - 'MySQLJackpot' Remote Root Exploit
MySQL 5.1/5.5 (Windows) - 'MySQLJackpot' Remote Command Execution

Ubiquiti AirOS 5.5.2 - Remote Authenticated Root Command Execution
Ubiquiti AirOS 5.5.2 - Authenticated Remote Command Execution

Allied Telesis AT-MCF2000M 3.0.2 - Gaining Root Shell Access
Allied Telesis AT-MCF2000M 3.0.2 - Remote Command Execution

Novell NCP - Unauthenticated Remote Root Exploit
Novell NCP - Unauthenticated Remote Command Execution

Seowonintech Devices - Remote Root Exploit
Seowonintech Devices - Remote Command Execution

ASUS RT-AC66U - acsd Parameter Remote Root Shell
ASUS RT-AC66U - 'acsd' Parameter  Remote Command Execution

ASUS RT-N56U - Remote Root Shell Buffer Overflow (ROP)
ASUS RT-N56U - Remote Buffer Overflow (ROP)

NovaSTOR NovaNET 12.0 - Remote Root Exploit
NovaSTOR NovaNET 12.0 - Remote Command Execution

ALCASAR 2.8 - Remote Root Code Execution
ALCASAR 2.8 - Remote Code Execution

F5 iControl - Remote Root Command Execution (Metasploit)
F5 iControl - Remote Command Execution (Metasploit)

Barracuda Firmware 5.0.0.012 - Authenticated Remote Root Exploit (Metasploit)
Barracuda Firmware 5.0.0.012 - Authenticated Remote Command Execution (Metasploit)

Seagate Central 2014.0410.0026-F - Remote Root Exploit
Seagate Central 2014.0410.0026-F - Remote Command Execution

Proxmox VE 3/4 - Insecure Hostname Checking Remote Root Exploit
Proxmox VE 3/4 - Insecure Hostname Checking Remote Command Execution

Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Authenticated Remote Root Exploit (Metasploit)
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Authenticated Remote Command Execution (Metasploit)
Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Authenticated Remote Root Exploit (Metasploit) (3)
Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Root Exploit (Metasploit)
Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Authenticated Remote Command Execution (Metasploit) (3)
Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Command Execution (Metasploit)
BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Code Execution
Alcatel Lucent Omnivista 8770 - Remote Code Execution

Windows x86 - Password Protected TCP Bind Shell (637 bytes)
Windows x86 - Password Protected TCP Bind Shellcode (637 bytes)

Windows x86 - URLDownloadToFileA() + SetFileAttributesA() + WinExec() + ExitProcess() Shellcode (394 bytes)
Windows x86 - URLDownloadToFileA() / SetFileAttributesA() / WinExec() / ExitProcess() Shellcode (394 bytes)

Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon Shellcode (83_ 148_ 177 bytes)
Linux/x86-64 - Syscall Persistent Bind Shell / Multi-terminal / Password / Daemon Shellcode (83_ 148_ 177 bytes)

Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal Shellcode (84_ 122_ 172 bytes)
Linux/x86-64 - Subtle Probing Reverse Shell / Timer_ Burst / Password / Multi-Terminal Shellcode (84_ 122_ 172 bytes)
Linux/x86 - NetCat Bind Shell with Port (44 / 52 bytes)
Linux/x86 - zsh TCP Bind Shell Port 9090 (96 bytes)
Linux/x86 - NetCat Bind Shellcode with Port (44 / 52 bytes)
Linux/x86 - zsh TCP Port 9090 Bind Shellcode (96 bytes)

Astium VoIP PBX 2.1 build 25399 - Multiple Vulnerabilities/Remote Root Exploit
Astium VoIP PBX 2.1 build 25399 - Multiple Vulnerabilities/Remote Command Execution

SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x - Remote Root/SYSTEM Exploit
SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x - Remote Command Execution

D-Link DSR Router Series - Remote Root Shell
D-Link DSR Router Series - Remote Command Execution

Alacate-Lucent OmniVista 4760 - Multiple Cross-Site Scripting Vulnerabilities
Alcatel Lucent Omnivista 4760 - Multiple Cross-Site Scripting Vulnerabilities

ALCASAR 2.8.1 - Remote Root Code Execution
ALCASAR 2.8.1 - Remote Code Execution

SevOne NMS 5.3.6.0 - Remote Root Exploit
SevOne NMS 5.3.6.0 - Remote Command Execution

Iris ID IrisAccess ICU 7000-2 - Remote Root Command Execution
Iris ID IrisAccess ICU 7000-2 - Remote Command Execution

NUUO NVRmini 2 3.0.8 - Remote Root Exploit
NUUO NVRmini 2 3.0.8 - Remote Code Execution

EyeLock nano NXT 3.5 - Remote Root Exploit
EyeLock nano NXT 3.5 - Remote Code Execution

InfraPower PPS-02-S Q213V1 - Unauthenticated Remote Root Command Execution
InfraPower PPS-02-S Q213V1 - Unauthenticated Remote Command Execution
2016-12-06 05:01:19 +00:00
platforms DB: 2016-12-06 2016-12-06 05:01:19 +00:00
files.csv DB: 2016-12-06 2016-12-06 05:01:19 +00:00
README.md DB: 2016-11-28 2016-11-28 05:01:17 +00:00
searchsploit Code cleanup - adds comments & formatting 2016-11-07 12:24:58 +00:00

The Exploit Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

==========
 Examples
==========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446

=========
 Options
=========
   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help                 Show this help screen.
   -j, --json     [Term]      Show result in JSON format.
   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
   -u, --update               Check for and install any exploitdb package updates (deb or git).
   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
       --colour               Disable colour highlighting in search results.
       --id                   Display the EDB-ID value rather than local path.
       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                              Use "-v" (verbose) to try even more combinations
=======
 Notes
=======
 * You can use any number of search terms.
 * Search terms are not case-sensitive (by default), and ordering is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching using numbers - i.e. versions).
 * When updating from git or displaying help, search terms will be ignored.

root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
 Exploit Title                                                                   |  Path
                                                                                 | (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin)            | ./windows/local/6757.txt
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service                  | ./windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)            | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080)                | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)   | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040)            | ./win_x86-64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
    URL: https://www.exploit-db.com/exploits/39446/
   Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py

Copied EDB-ID 39446's path to the clipboard.
root@kali:~#

SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).