![]() 1 new exploits PunBB 2.0.10 - (Register Multiple Users) Denial of Service PunBB 2.0.10 - (Register Multiple Users) Denial Of Service QuickTime 7.4.1 - QTPlugin.ocx Multiple Stack Overflow Vulnerabilities QuickTime 7.4.1 - 'QTPlugin.ocx' Multiple Stack Overflow Vulnerabilities Apple iTunes 8.0.2.20/QuickTime 7.5.5 - (.mov) Multiple Off By Overflow (PoC) Apple iTunes 8.0.2.20/QuickTime 7.5.5 - '.mov' Multiple Off By Overflow (PoC) Apple QuickTime - MOV File Parsing Memory Corruption Apple QuickTime - '.mov' Parsing Memory Corruption Apple QuickTime - (rtsp URL Handler) Stack Buffer Overflow Apple QuickTime - 'rtsp URL Handler' Stack Buffer Overflow Apple QuickTime (Windows 2000) - (rtsp URL Handler) Buffer Overflow Apple QuickTime 7.1.3 - (HREFTrack) Cross-Zone Scripting Exploit Apple QuickTime (Windows 2000) - 'rtsp URL Handler' Buffer Overflow Apple QuickTime 7.1.3 - 'HREFTrack' Cross-Zone Scripting Citrix Presentation Server Client - WFICA.OCX ActiveX Heap Buffer Overflow Citrix Presentation Server Client - 'WFICA.OCX' ActiveX Heap Buffer Overflow Philips VOIP841 - (Firmware 1.0.4.800) Multiple Vulnerabilities Philips VOIP841 'Firmware 1.0.4.800' - Multiple Vulnerabilities Ourgame GLWorld 2.x - hgs_startNotify() ActiveX Buffer Overflow Ourgame GLWorld 2.x - 'hgs_startNotify()' ActiveX Buffer Overflow Citrix Presentation Server Client 9.200 - WFICA.OCX ActiveX Component Heap Buffer Overflow PunBB 1.2.4 - (change_email) SQL Injection PunBB 1.2.4 - 'id' Parameter SQL Injection PHP Live Helper 1.x - 'abs_path' Remote File Inclusion PHP Live Helper 1.x - 'abs_path' Parameter Remote File Inclusion PHP Live! 3.2.1 - (help.php) Remote File Inclusion PHP Live! 3.2.1 - 'help.php' Remote File Inclusion PHP Live Helper 2.0 - 'abs_path' Remote File Inclusion PHP Live Helper 2.0 - 'abs_path' Parameter Remote File Inclusion nuBoard 0.5 - (index.php site) Remote File Inclusion nuBoard 0.5 - 'site' Parameter Remote File Inclusion vKios 2.0.0 - (products.php cat) SQL Injection vKios 2.0.0 - 'cat' Parameter SQL Injection Joomla! Component xfaq 1.2 - (aid) SQL Injection Joomla! Component xfaq 1.2 - 'aid' Parameter SQL Injection nuBoard 0.5 - (threads.php ssid) SQL Injection nuBoard 0.5 - 'ssid' Parameter SQL Injection Joomla! Component paxxgallery 0.2 - (iid) SQL Injection Joomla! Component MCQuiz 0.9 Final - (tid) SQL Injection Joomla! Component Quiz 0.81 - (tid) SQL Injection Joomla! Component mediaslide (albumnum) - Blind SQL Injection LookStrike Lan Manager 0.9 - Remote File Inclusion / Local File Inclusion Joomla! Component paxxgallery 0.2 - 'iid' Parameter SQL Injection Joomla! Component MCQuiz 0.9 Final - 'tid' Parameter SQL Injection Joomla! Component Quiz 0.81 - 'tid' Parameter SQL Injection Joomla! Component mediaslide - 'albumnum' Blind SQL Injection LookStrike Lan Manager 0.9 - Remote / Local File Inclusion PHP Live! 3.2.2 - (questid) SQL Injection (1) PHP Live! 3.2.2 - 'questid' Parameter SQL Injection (1) Mambo Component Quran 1.1 - (surano) SQL Injection Mambo Component Quran 1.1 - 'surano' Parameter SQL Injection Simple CMS 1.0.3 - (indexen.php area) SQL Injection Simple CMS 1.0.3 - 'area' Parameter SQL Injection XPWeb 3.3.2 - (download.php url) Remote File Disclosure XPWeb 3.3.2 - 'url' Parameter Remote File Disclosure Joomla! Component com_pccookbook - (user_id) SQL Injection Joomla! Component com_clasifier - 'cat_id' SQL Injection PHP-Nuke Module books SQL - 'cid' SQL Injection XOOPS Module myTopics - 'articleId' SQL Injection Joomla! Component com_pccookbook - 'user_id' Parameter SQL Injection Joomla! Component com_clasifier - 'cat_id' Parameter SQL Injection PHP-Nuke Module books SQL - 'cid' Parameter SQL Injection XOOPS Module myTopics - 'articleId' Parameter SQL Injection PHP-Nuke Module Sections - (artid) SQL Injection PHP-Nuke Module EasyContent - (page_id) SQL Injection RunCMS Module MyAnnonces - 'cid' SQL Injection XOOPS Module eEmpregos - 'cid' SQL Injection XOOPS Module Classifieds - 'cid' SQL Injection PHP-Nuke Modules Okul 1.0 - (okulid) SQL Injection Joomla! Component com_hwdvideoshare - SQL Injection PHP-Nuke Module Docum - (artid) SQL Injection Globsy 1.0 - (file) Remote File Disclosure PHP-Nuke Module Inhalt - 'cid' SQL Injection PHP-Nuke Module Sections - 'artid' Parameter SQL Injection PHP-Nuke Module EasyContent - 'page_id' Parameter SQL Injection RunCMS Module MyAnnonces - 'cid' Parameter SQL Injection XOOPS Module eEmpregos - 'cid' Parameter SQL Injection XOOPS Module Classifieds - 'cid' Parameter SQL Injection PHP-Nuke Modules Okul 1.0 - 'okulid' Parameter SQL Injection Joomla! Component Highwood Design hwdVideoShare - SQL Injection PHP-Nuke Module Docum - 'artid' Parameter SQL Injection Globsy 1.0 - 'file' Parameter Remote File Disclosure PHP-Nuke Module Inhalt - 'cid' Parameter SQL Injection Joomla! Component paxxgallery 0.2 - (gid) Blind SQL Injection Joomla! Component paxxgallery 0.2 - 'gid' Parameter Blind SQL Injection Pre Simple CMS - (Authentication Bypass) SQL Injection Pre Simple CMS - SQL Injection (Authentication Bypass) Joomla! Component com_pccookbook - (recipe_id) Blind SQL Injection Joomla! Component com_pccookbook - 'recipe_id' Parameter Blind SQL Injection PHP Live! 3.2.1/2 - '&x=' Blind SQL Injection PHP Live! 3.2.1/2 - 'x' Parameter Blind SQL Injection PHP Live! 3.2.2 - (questid) SQL Injection (2) PHP Live! 3.2.2 - 'questid' Parameter SQL Injection (2) PunBB Automatic Image Upload 1.3.5 - Delete Arbitrary File Exploit PunBB Automatic Image Upload 1.3.5 - Arbitrary File Delete Really Simple CMS 0.3a - (pagecontent.php PT) Local File Inclusion Really Simple CMS 0.3a - 'PT' Parameter Local File Inclusion Simple CMS Framework 1.0 - (page) SQL Injection Simple CMS Framework 1.0 - 'page' Parameter SQL Injection PHP Live! 3.3 - (deptid) SQL Injection PHP Live! 3.3 - 'deptid' Parameter SQL Injection Getsimple CMS 2.01 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities Getsimple CMS 2.01 - Multiple Vulnerabilities GNUBoard 4.33.02 - tp.php PATH_INFO SQL Injection GNUBoard 4.33.02 - 'tp.php' PATH_INFO SQL Injection auraCMS 1.5 - Multiple Cross-Site Scripting Vulnerabilities PunBB 1.x - profile.php User Profile Edit Module SQL Injection PunBB 1.x - 'profile.php' User Profile Edit Module SQL Injection PunBB 1.2.x - search.php SQL Injection PunBB 1.2.x - 'search.php' SQL Injection PHP Live! 3.0 - Status_Image.php Cross-Site Scripting PHP Live Helper 2.0 - chat.php Cross-Site Scripting PHP Live! 3.2.2 - setup/transcripts.php search_string Parameter Cross-Site Scripting PHP Live! 3.2.2 - 'index.php' l Parameter Cross-Site Scripting PHP Live! 3.2.2 - PHPlive/message_box.php Multiple Parameter Cross-Site Scripting artmedic weblog - artmedic_print.php date Parameter Cross-Site Scripting artmedic weblog - 'index.php' jahrneu Parameter Cross-Site Scripting PunBB 1.2.x - 'p' Parameter Multiple Cross-Site Scripting Vulnerabilities PunBB 1.3 - 'viewtopic.php' Cross-Site Scripting InvoicePlane 1.4.8 - Password Reset Getsimple CMS 2.01 - admin/template/error_checking.php Multiple Parameter Cross-Site Scripting Getsimple CMS 2.01 - 'admin/changedata.php' Cross-Site Scripting Getsimple CMS 2.01 - 'changedata.php' Cross-Site Scripting Getsimple CMS 2.03 - 'admin/upload-ajax.php' Arbitrary File Upload Getsimple CMS 2.03 - 'upload-ajax.php' Arbitrary File Upload PunBB 1.3.6 - 'browse.php' Cross-Site Scripting Getsimple CMS 3.1 - admin/theme.php err Parameter Reflected Cross-Site Scripting Getsimple CMS 3.1 - admin/pages.php error Parameter Reflected Cross-Site Scripting Getsimple CMS 3.1 - admin/index.php Multiple Parameter Reflected Cross-Site Scripting Getsimple CMS 3.1 - admin/upload.php path Parameter Cross-Site Scripting Getsimple CMS - /admin/edit.php Multiple Parameter Cross-Site Scripting Getsimple CMS - /admin/filebrowser.php Multiple Parameter Cross-Site Scripting |
||
---|---|---|
platforms | ||
files.csv | ||
README.md | ||
searchsploit |
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) | ./windows/local/6757.txt
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash
, sed
, grep
, awk
, etc.) for the core features to work. The self updating function will require git
, and the Nmap XML option to work, will require xmllint
(found in the libxml2-utils
package in Debian-based systems).