A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
Find a file
Offensive Security 8a72733f20 DB: 2016-11-12
1 new exploits

PunBB 2.0.10 - (Register Multiple Users) Denial of Service
PunBB 2.0.10 - (Register Multiple Users) Denial Of Service

QuickTime 7.4.1 - QTPlugin.ocx Multiple Stack Overflow Vulnerabilities
QuickTime 7.4.1 - 'QTPlugin.ocx' Multiple Stack Overflow Vulnerabilities

Apple iTunes 8.0.2.20/QuickTime 7.5.5 - (.mov) Multiple Off By Overflow (PoC)
Apple iTunes 8.0.2.20/QuickTime 7.5.5 - '.mov' Multiple Off By Overflow (PoC)

Apple QuickTime - MOV File Parsing Memory Corruption
Apple QuickTime - '.mov' Parsing Memory Corruption

Apple QuickTime - (rtsp URL Handler) Stack Buffer Overflow
Apple QuickTime - 'rtsp URL Handler' Stack Buffer Overflow
Apple QuickTime (Windows 2000) - (rtsp URL Handler) Buffer Overflow
Apple QuickTime 7.1.3 - (HREFTrack) Cross-Zone Scripting Exploit
Apple QuickTime (Windows 2000) - 'rtsp URL Handler' Buffer Overflow
Apple QuickTime 7.1.3 - 'HREFTrack' Cross-Zone Scripting

Citrix Presentation Server Client - WFICA.OCX ActiveX Heap Buffer Overflow
Citrix Presentation Server Client - 'WFICA.OCX' ActiveX Heap Buffer Overflow

Philips VOIP841 - (Firmware 1.0.4.800) Multiple Vulnerabilities
Philips VOIP841 'Firmware 1.0.4.800' - Multiple Vulnerabilities

Ourgame GLWorld 2.x - hgs_startNotify() ActiveX Buffer Overflow
Ourgame GLWorld 2.x - 'hgs_startNotify()' ActiveX Buffer Overflow

Citrix Presentation Server Client 9.200 - WFICA.OCX ActiveX Component Heap Buffer Overflow

PunBB 1.2.4 - (change_email) SQL Injection
PunBB 1.2.4 - 'id' Parameter SQL Injection

PHP Live Helper 1.x - 'abs_path' Remote File Inclusion
PHP Live Helper 1.x - 'abs_path' Parameter Remote File Inclusion

PHP Live! 3.2.1 - (help.php) Remote File Inclusion
PHP Live! 3.2.1 - 'help.php' Remote File Inclusion

PHP Live Helper 2.0 - 'abs_path' Remote File Inclusion
PHP Live Helper 2.0 - 'abs_path' Parameter Remote File Inclusion

nuBoard 0.5 - (index.php site) Remote File Inclusion
nuBoard 0.5 - 'site' Parameter Remote File Inclusion

vKios 2.0.0 - (products.php cat) SQL Injection
vKios 2.0.0 - 'cat' Parameter SQL Injection

Joomla! Component xfaq 1.2 - (aid) SQL Injection
Joomla! Component xfaq 1.2 - 'aid' Parameter SQL Injection

nuBoard 0.5 - (threads.php ssid) SQL Injection
nuBoard 0.5 - 'ssid' Parameter SQL Injection
Joomla! Component paxxgallery 0.2 - (iid) SQL Injection
Joomla! Component MCQuiz 0.9 Final - (tid) SQL Injection
Joomla! Component Quiz 0.81 - (tid) SQL Injection
Joomla! Component mediaslide (albumnum) - Blind SQL Injection
LookStrike Lan Manager 0.9 - Remote File Inclusion / Local File Inclusion
Joomla! Component paxxgallery 0.2 - 'iid' Parameter SQL Injection
Joomla! Component MCQuiz 0.9 Final - 'tid' Parameter SQL Injection
Joomla! Component Quiz 0.81 - 'tid' Parameter SQL Injection
Joomla! Component mediaslide - 'albumnum' Blind SQL Injection
LookStrike Lan Manager 0.9 - Remote / Local File Inclusion

PHP Live! 3.2.2 - (questid) SQL Injection (1)
PHP Live! 3.2.2 - 'questid' Parameter SQL Injection (1)

Mambo Component Quran 1.1 - (surano) SQL Injection
Mambo Component Quran 1.1 - 'surano' Parameter SQL Injection

Simple CMS 1.0.3 - (indexen.php area) SQL Injection
Simple CMS 1.0.3 - 'area' Parameter SQL Injection

XPWeb 3.3.2 - (download.php url) Remote File Disclosure
XPWeb 3.3.2 - 'url' Parameter Remote File Disclosure
Joomla! Component com_pccookbook - (user_id) SQL Injection
Joomla! Component com_clasifier - 'cat_id' SQL Injection
PHP-Nuke Module books SQL - 'cid' SQL Injection
XOOPS Module myTopics - 'articleId' SQL Injection
Joomla! Component com_pccookbook - 'user_id' Parameter SQL Injection
Joomla! Component com_clasifier - 'cat_id' Parameter SQL Injection
PHP-Nuke Module books SQL - 'cid' Parameter SQL Injection
XOOPS Module myTopics - 'articleId' Parameter SQL Injection
PHP-Nuke Module Sections - (artid) SQL Injection
PHP-Nuke Module EasyContent - (page_id) SQL Injection
RunCMS Module MyAnnonces - 'cid' SQL Injection
XOOPS Module eEmpregos - 'cid' SQL Injection
XOOPS Module Classifieds - 'cid' SQL Injection
PHP-Nuke Modules Okul 1.0 - (okulid) SQL Injection
Joomla! Component com_hwdvideoshare - SQL Injection
PHP-Nuke Module Docum - (artid) SQL Injection
Globsy 1.0 - (file) Remote File Disclosure
PHP-Nuke Module Inhalt - 'cid' SQL Injection
PHP-Nuke Module Sections - 'artid' Parameter SQL Injection
PHP-Nuke Module EasyContent - 'page_id' Parameter SQL Injection
RunCMS Module MyAnnonces - 'cid' Parameter SQL Injection
XOOPS Module eEmpregos - 'cid' Parameter SQL Injection
XOOPS Module Classifieds - 'cid' Parameter SQL Injection
PHP-Nuke Modules Okul 1.0 - 'okulid' Parameter SQL Injection
Joomla! Component Highwood Design hwdVideoShare - SQL Injection
PHP-Nuke Module Docum - 'artid' Parameter SQL Injection
Globsy 1.0 - 'file' Parameter Remote File Disclosure
PHP-Nuke Module Inhalt - 'cid' Parameter SQL Injection

Joomla! Component paxxgallery 0.2 - (gid) Blind SQL Injection
Joomla! Component paxxgallery 0.2 - 'gid' Parameter Blind SQL Injection

Pre Simple CMS - (Authentication Bypass) SQL Injection
Pre Simple CMS - SQL Injection (Authentication Bypass)

Joomla! Component com_pccookbook - (recipe_id) Blind SQL Injection
Joomla! Component com_pccookbook - 'recipe_id' Parameter Blind SQL Injection

PHP Live! 3.2.1/2 - '&x=' Blind SQL Injection
PHP Live! 3.2.1/2 - 'x' Parameter Blind SQL Injection

PHP Live! 3.2.2 - (questid) SQL Injection (2)
PHP Live! 3.2.2 - 'questid' Parameter SQL Injection (2)

PunBB Automatic Image Upload 1.3.5 - Delete Arbitrary File Exploit
PunBB Automatic Image Upload 1.3.5 - Arbitrary File Delete

Really Simple CMS 0.3a - (pagecontent.php PT) Local File Inclusion
Really Simple CMS 0.3a - 'PT' Parameter Local File Inclusion

Simple CMS Framework 1.0 - (page) SQL Injection
Simple CMS Framework 1.0 - 'page' Parameter SQL Injection

PHP Live! 3.3 - (deptid) SQL Injection
PHP Live! 3.3 - 'deptid' Parameter SQL Injection

Getsimple CMS 2.01 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities
Getsimple CMS 2.01 - Multiple Vulnerabilities

GNUBoard 4.33.02 - tp.php PATH_INFO SQL Injection
GNUBoard 4.33.02 - 'tp.php' PATH_INFO SQL Injection

auraCMS 1.5 - Multiple Cross-Site Scripting Vulnerabilities

PunBB 1.x - profile.php User Profile Edit Module SQL Injection
PunBB 1.x - 'profile.php' User Profile Edit Module SQL Injection

PunBB 1.2.x - search.php SQL Injection
PunBB 1.2.x - 'search.php' SQL Injection

PHP Live! 3.0 - Status_Image.php Cross-Site Scripting

PHP Live Helper 2.0 - chat.php Cross-Site Scripting
PHP Live! 3.2.2 - setup/transcripts.php search_string Parameter Cross-Site Scripting
PHP Live! 3.2.2 - 'index.php' l Parameter Cross-Site Scripting
PHP Live! 3.2.2 - PHPlive/message_box.php Multiple Parameter Cross-Site Scripting
artmedic weblog - artmedic_print.php date Parameter Cross-Site Scripting
artmedic weblog - 'index.php' jahrneu Parameter Cross-Site Scripting

PunBB 1.2.x - 'p' Parameter Multiple Cross-Site Scripting Vulnerabilities

PunBB 1.3 - 'viewtopic.php' Cross-Site Scripting
InvoicePlane 1.4.8 - Password Reset

Getsimple CMS 2.01 - admin/template/error_checking.php Multiple Parameter Cross-Site Scripting

Getsimple CMS 2.01 - 'admin/changedata.php' Cross-Site Scripting
Getsimple CMS 2.01 - 'changedata.php' Cross-Site Scripting

Getsimple CMS 2.03 - 'admin/upload-ajax.php' Arbitrary File Upload
Getsimple CMS 2.03 - 'upload-ajax.php' Arbitrary File Upload

PunBB 1.3.6 - 'browse.php' Cross-Site Scripting
Getsimple CMS 3.1 - admin/theme.php err Parameter Reflected Cross-Site Scripting
Getsimple CMS 3.1 - admin/pages.php error Parameter Reflected Cross-Site Scripting
Getsimple CMS 3.1 - admin/index.php Multiple Parameter Reflected Cross-Site Scripting
Getsimple CMS 3.1 - admin/upload.php path Parameter Cross-Site Scripting
Getsimple CMS - /admin/edit.php Multiple Parameter Cross-Site Scripting
Getsimple CMS - /admin/filebrowser.php Multiple Parameter Cross-Site Scripting
2016-11-12 05:01:20 +00:00
platforms DB: 2016-11-12 2016-11-12 05:01:20 +00:00
files.csv DB: 2016-11-12 2016-11-12 05:01:20 +00:00
README.md Note about dependencies 2016-10-26 16:44:58 +01:00
searchsploit Code cleanup - adds comments & formatting 2016-11-07 12:24:58 +00:00

The Exploit Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

==========
 Examples
==========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446

=========
 Options
=========
   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help                 Show this help screen.
   -j, --json     [Term]      Show result in JSON format.
   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
   -u, --update               Check for and install any exploitdb package updates (deb or git).
   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
       --colour               Disable colour highlighting in search results.
       --id                   Display the EDB-ID value rather than local path.
       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                              Use "-v" (verbose) to try even more combinations
=======
 Notes
=======
 * You can use any number of search terms.
 * Search terms are not case-sensitive (by default), and ordering is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching using numbers - i.e. versions).
 * When updating from git or displaying help, search terms will be ignored.

root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
 Exploit Title                                                                   |  Path
                                                                                 | (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin)            | ./windows/local/6757.txt
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service                  | ./windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)            | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080)                | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)   | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040)            | ./win_x86-64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
    URL: https://www.exploit-db.com/exploits/39446/
   Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py

Copied EDB-ID 39446's path to the clipboard.
root@kali:~#

SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).