A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
7018b7742d
7 new exploits Microsoft Windows - Explorer (.WMF) CreateBrushIndirect Denial of Service Microsoft Windows Explorer - '.WMF' CreateBrushIndirect Denial of Service Microsoft Windows - Explorer (.AVI) Unspecified Denial of Service Microsoft Windows Explorer - '.AVI' Unspecified Denial of Service Microsoft Windows - Explorer Unspecified .ANI File Denial of Service Microsoft Windows Explorer - Unspecified '.ANI' File Denial of Service Microsoft Windows - explorer.exe Gif Image Denial of Service Microsoft Windows Explorer - '.GIF' Image Denial of Service Microsoft Windows Media Player - AIFF Divide By Zero Exception Denial of Service (PoC) Microsoft Windows Media Player - '.AIFF' Divide By Zero Exception Denial of Service (PoC) Microsoft Windows - Explorer Unspecified .doc File Denial of Service Microsoft Windows Explorer - Unspecified '.doc' File Denial of Service Microsoft Windows - GDI+ '.ico' Remote Division By Zero Exploit Microsoft Windows - GDI+ '.ICO' Remote Division By Zero Exploit DesignWorks Professional 4.3.1 - Local .CCT File Stack Buffer Overflow (PoC) DesignWorks Professional 4.3.1 - Local '.CCT' File Stack Buffer Overflow (PoC) IrfanView 4.33 - Format PlugIn .TTF File Parsing Stack Based Overflow IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Based Overflow Microsoft Windows NT 4/2000 - TCP/IP Printing Service Denial of Service Microsoft Windows NT 4.0/2000 - TCP/IP Printing Service Denial of Service Microsoft Windows NT 4.0 / 2000 - LPC Zone Memory Depletion Denial of Service Microsoft Windows NT 4.0/2000 - LPC Zone Memory Depletion Denial of Service Microsoft Windows NT / 2000 - Terminal Server Service RDP Denial of Service Microsoft Windows NT/2000 - Terminal Server Service RDP Denial of Service Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (1) Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (2) Microsoft Windows NT 4.0/2000 - TCP Stack Denial of Service (1) Microsoft Windows NT 4.0/2000 - TCP Stack Denial of Service (2) Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (1) Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (2) Microsoft Windows XP/2000/NT 4.0 - Network Share Provider SMB Request Buffer Overflow (1) Microsoft Windows XP/2000/NT 4.0 - Network Share Provider SMB Request Buffer Overflow (2) Microsoft Windows XP/2000/NT 4 - RPC Service Denial of Service (1) Microsoft Windows XP/2000/NT 4 - RPC Service Denial of Service (2) Microsoft Windows XP/2000/NT 4 - RPC Service Denial of Service (3) Microsoft Windows XP/2000/NT 4 - RPC Service Denial of Service (4) Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (1) Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (2) Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (3) Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (4) Microsoft Windows XP/95/98/2000/NT 4 - 'Riched20.dll' Attribute Buffer Overflow Microsoft Windows XP/95/98/2000/NT 4.0 - 'Riched20.dll' Attribute Buffer Overflow Microsoft Windows XP/2000/NT 4 - Shell Long Share Name Buffer Overrun Microsoft Windows XP/2000/NT 4.0 - Shell Long Share Name Buffer Overrun Microsoft Windows Explorer - 'explorer.exe' .WMV File Handling Denial of Service Microsoft Windows Explorer - 'explorer.exe' '.WMV' File Handling Denial of Service Apple Mac OSX 10.4.x - iMovie HD .imovieproj Filename Format String Apple Mac OSX 10.4.x - Help Viewer .help Filename Format String Apple Mac OSX 10.4.x - iMovie HD '.imovieproj' Filename Format String Apple Mac OSX 10.4.x - Help Viewer '.help' Filename Format String Microsoft Windows XP/2003 - Explorer .WMF File Handling Denial of Service Microsoft Windows XP/2003 - Explorer '.WMF' File Handling Denial of Service Microsoft Windows Cursor - Object Potential Memory Leak (MS15-115) Microsoft Windows - Cursor Object Potential Memory Leak (MS15-115) Microsoft Windows Kernel win32k!OffsetChildren - Null Pointer Dereference Microsoft Windows Kernel - win32k!OffsetChildren Null Pointer Dereference Palo Alto Networks PanOS appweb3 - Stack Buffer Overflow Palo Alto Networks PanOS - appweb3 Stack Buffer Overflow Cesanta Mongoose OS - Use-After-Free CommVault Edge 11 SP6 - Stack Buffer Overflow (PoC) GLIBC (via /bin/su) - Privilege Escalation GLIBC - '/bin/su' Privilege Escalation cPanel 10.8.x - (cpwrap via mysqladmin) Privilege Escalation cPanel 10.8.x - (cpwrap via MySQLAdmin) Privilege Escalation Microsoft Windows - NtRaiseHardError Csrss.exe Memory Disclosure Microsoft Windows - NtRaiseHardError 'Csrss.exe' Memory Disclosure Microsoft Windows Contacts - 'wab32res.dll' DLL Hijacking Microsoft Windows - Contacts 'wab32res.dll' DLL Hijacking Microsoft Visio - 'VISIODWG.dll' .DXF File Handling (MS10-028) (Metasploit) Microsoft Visio - 'VISIODWG.dll' '.DXF' File Handling (MS10-028) (Metasploit) Microsoft Windows - Task Scheduler .XML Privilege Escalation (MS10-092) (Metasploit) Microsoft Windows - Task Scheduler '.XML' Privilege Escalation (MS10-092) (Metasploit) Microsoft Windows NT 4/2000 - DLL Search Path Microsoft Windows NT 4.0/2000 - DLL Search Path Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier - Multiple Vulnerabilities Microsoft Windows NT 4.0/2000 Predictable LPC Message Identifier - Multiple Vulnerabilities Microsoft Windows NT 4.0 / 2000 - Spoofed LPC Request (MS00-003) Microsoft Windows NT 4.0/2000 - Spoofed LPC Request (MS00-003) Microsoft Windows NT 3/4 - CSRSS Memory Access Violation Microsoft Windows NT 3/4.0 - CSRSS Memory Access Violation Microsoft Windows NT 4/2000 - NTFS File Hiding Microsoft Windows NT 4.0/2000 - NTFS File Hiding Microsoft Windows NT 4/2000 - Process Handle Local Privilege Elevation Microsoft Windows NT 4.0/2000 - Process Handle Local Privilege Elevation Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (1) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (2) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (3) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (4) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (5) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (6) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (7) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (8) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (1) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (2) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (3) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (4) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (5) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (6) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (7) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (8) Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (1) Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (2) Microsoft Windows XP/2000/NT 4.0 - NetDDE Privilege Escalation (1) Microsoft Windows XP/2000/NT 4.0 - NetDDE Privilege Escalation (2) Microsoft Windows Server 2000 - Help Facility .CNT File :Link Buffer Overflow Microsoft Windows Server 2000 - Help Facility '.CNT' File :Link Buffer Overflow Microsoft Windows NT 4/2000 - Local Descriptor Table Privilege Escalation (MS04-011) Microsoft Windows NT 4.0/2000 - Local Descriptor Table Privilege Escalation (MS04-011) Microsoft Windows NT 4/2000 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020) Microsoft Windows NT 4.0/2000 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020) Microsoft Windows 10 Build 10130 - User Mode Font Driver Thread Permissions Privilege Escalation Microsoft Windows 10 (Build 10130) - User Mode Font Driver Thread Permissions Privilege Escalation Palo Alto Networks PanOS root_reboot - Privilege Escalation Palo Alto Networks PanOS - root_reboot Privilege Escalation Oracle 9i / 10g - File System Access via utl_file Exploit Oracle 9i / 10g - 'utl_file' File System Access Exploit KDE 4.4.1 - Ksysguard Remote Code Execution via Cross Application Scripting KDE 4.4.1 - Ksysguard Remote Code Execution (via Cross Application Scripting) QuickPHP Web Server Arbitrary - 'src .php' File Download QuickPHP Web Server - Arbitrary '.php' File Download Microsoft Windows Common Control Library (Comctl32) - Heap Overflow (MS10-081) Microsoft Windows - Common Control Library (Comctl32) Heap Overflow (MS10-081) Microsoft Internet Explorer 4 (Windows 95/NT 4) - Setupctl ActiveX Control Buffer Overflow Microsoft Internet Explorer 4 (Windows 95/NT 4.0) - Setupctl ActiveX Control Buffer Overflow Microsoft Internet Explorer 5 (Windows 95/98/2000/NT 4) - XML HTTP Redirect Microsoft Internet Explorer 5 (Windows 95/98/2000/NT 4.0) - XML HTTP Redirect Microsoft Windows NT 4/2000 - NetBIOS Name Conflict Microsoft Windows NT 4.0/2000 - NetBIOS Name Conflict X-Chat 1.2/1.3/1.4/1.5 - Command Execution Via URLs X-Chat 1.2/1.3/1.4/1.5 - Command Execution via URLs Microsoft Windows 95/98/2000/NT4 - WinHlp Item Buffer Overflow Microsoft Windows 95/98/2000/NT 4.0 - WinHlp Item Buffer Overflow Microsoft Windows XP/2000/NT 4 - Help Facility ActiveX Control Buffer Overflow Microsoft Windows XP/2000/NT 4.0 - Help Facility ActiveX Control Buffer Overflow Microsoft Windows XP/2000/NT 4 - Locator Service Buffer Overflow Microsoft Windows XP/2000/NT 4.0 - Locator Service Buffer Overflow AIX 3.x/4.x / Windows 95/98/2000/NT 4 / SunOS 5 gethostbyname() - Buffer Overflow AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 gethostbyname() - Buffer Overflow Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (1) Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (2) Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (3) Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (4) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (1) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (2) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (3) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (4) Microsoft Windows XP/2000/NT 4 - HTML Converter HR Align Buffer Overflow Microsoft Windows XP/2000/NT 4.0 - HTML Converter HR Align Buffer Overflow Microsoft Windows NT 4/2000 - Media Services 'nsiislog.dll' Remote Buffer Overflow Microsoft Windows NT 4.0/2000 - Media Services 'nsiislog.dll' Remote Buffer Overflow Cerulean Studios Trillian 3.0 - Remote .png Image File Parsing Buffer Overflow Cerulean Studios Trillian 3.0 - Remote '.png' Image File Parsing Buffer Overflow Zoom Player 3.30/5/6 - Crafted .ZPL File Error Message Arbitrary Code Execution Zoom Player 3.30/5/6 - Crafted '.ZPL' File Error Message Arbitrary Code Execution SpiceWorks 7.5 TFTP - Remote File Overwrite / Upload Windows 10 x64 - Egghunter Shellcode (45 bytes) eFiction 2.0 - 'Fake .gif' Arbitrary File Upload eFiction 2.0 - Fake '.GIF' Arbitrary File Upload cPanel 10.8.x - (cpwrap via mysqladmin) Privilege Escalation (PHP) cPanel 10.8.x - (cpwrap via MySQLAdmin) Privilege Escalation (PHP) Apple WebKit 10.0.2(12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting Apple WebKit 10.0.2(12602.3.12.0.1_ r210800) - 'constructJSReadableStreamDefaultReader' Type Confusion Apple WebKit 10.0.2 (12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting Apple WebKit 10.0.2 (12602.3.12.0.1_ r210800) - 'constructJSReadableStreamDefaultReader' Type Confusion SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure via XEE SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE) The Uploader 2.0.4 - (English/Italian) Arbitrary File Upload / Remote Code Execution (Metasploit) The Uploader 2.0.4 (English/Italian) - Arbitrary File Upload / Remote Code Execution (Metasploit) elFinder 2 - Remote Command Execution (Via File Creation) elFinder 2 - Remote Command Execution (via File Creation) Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize -> Arbitrary Write File Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize / Arbitrary Write File AXIS Multiple Products - Authenticated Remote Command Execution via devtools Vector AXIS Multiple Products - 'devtools ' Authenticated Remote Command Execution GeoMoose < 2.9.2 - Directory Traversal Moodle 2.x/3.x - SQL Injection HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | ./windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | ./windows/local/40564.c
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).