A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
a0c8330781
13 new exploits SeaMonkey 1.1.14 - (marquee) Denial of Service SeaMonkey 1.1.14 - Denial of Service Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption (1) SapLPD 7.40 - Denial of Service CoolPlayer 2.19 - (PlaylistSkin) Buffer Overflow CoolPlayer 2.19 - 'PlaylistSkin' Buffer Overflow Rosoft media player 4.4.4 - Buffer Overflow (SEH) (2) Rosoft Media Player 4.4.4 - Buffer Overflow (SEH) (2) aSc Timetables 2017 - Buffer Overflow Nginx (Debian-Based Distributions) - 'logrotate' Local Privilege Escalation Nginx (Debian-Based + Gentoo) - 'logrotate' Local Privilege Escalation Cemu 1.6.4b - Information Leak + Buffer Overflow (Emulator Breakout) Cemu 1.6.4b - Information Leak / Buffer Overflow (Emulator Breakout) PlaySMS 0.7 - SQL Injection PlaySms 0.7 - SQL Injection SAP SAPLPD 6.28 - Buffer Overflow (Metasploit) SapLPD 6.28 - Buffer Overflow (Metasploit) Microsoft Windows Media Player 7.0 - '.wms' Arbitrary Script (MS00-090) phpMyFamily 1.4.0 - Authentication Bypass (SQL Injection) phpMyFamily 1.4.0 - Authentication Bypass ACNews 1.0 - Admin Authentication Bypass (SQL Injection) ACNews 1.0 - Authentication Bypass ASPThai.Net Guestbook 5.5 - (Authentication Bypass) SQL Injection ASPThai.Net Guestbook 5.5 - Authentication Bypass PNphpBB2 <= 1.2g - 'phpbb_root_path' Remote File Inclusion PNphpBB2 <= 1.2g - 'phpbb_root_path' Parameter Remote File Inclusion cutenews aj-fork 167f - 'cutepath' Parameter Remote File Inclusion CuteNews aj-fork 167f - 'cutepath' Parameter Remote File Inclusion WSN Guest 1.21 - (comments.php id) SQL Injection WSN Guest 1.21 - 'id' Parameter SQL Injection PNPHPBB2 <= 1.2 - (index.php c) SQL Injection PNPHPBB2 <= 1.2 - 'index.php' SQL Injection PNPHPBB2 <= 1.2i - viewforum.php SQL Injection PNPHPBB2 <= 1.2i - 'viewforum.php' SQL Injection PNPHPBB2 <= 1.2i - (printview.php PHPEx) Local File Inclusion PNPHPBB2 <= 1.2i - 'PHPEx' Parameter Local File Inclusion webClassifieds 2005 - (Authentication Bypass) SQL Injection webClassifieds 2005 - Authentication Bypass webSPELL 4.01.02 - 'id' Remote Edit Topics PNphpBB2 <= 12i - (ModName) Multiple Local File Inclusion WSN Guest 1.23 - 'Search' SQL Injection webSPELL 4.01.02 - 'id' Parameter Remote Edit Topics PNphpBB2 <= 1.2i - (ModName) Multiple Local File Inclusion WSN Guest 1.23 - 'Search' Parameter SQL Injection Ayemsis Emlak Pro - (Authentication Bypass) SQL Injection Ayemsis Emlak Pro - Authentication Bypass Joomla! Component com_phocadocumentation - 'id' SQL Injection phpauctionsystem - Cross-Site Scripting / SQL Injection Joomla! Component com_phocadocumentation - 'id' Parameter SQL Injection PHPAuctionSystem - Cross-Site Scripting / SQL Injection RiotPix 0.61 - (forumid) Blind SQL Injection RiotPix 0.61 - 'forumid' Parameter Blind SQL Injection RiotPix 0.61 - (Authentication Bypass) SQL Injection RiotPix 0.61 - Authentication Bypass playSms 0.9.3 - Multiple Remote / Local File Inclusion BlogHelper - 'common_db.inc' Remote Config File Disclosure PollHelper - 'poll.inc' Remote Config File Disclosure PlaySms 0.9.3 - Multiple Remote / Local File Inclusion BlogHelper - Remote Config File Disclosure PollHelper - Remote Config File Disclosure Fast FAQs System - (Authentication Bypass) SQL Injection Fast FAQs System - Authentication Bypass Fast Guest Book - (Authentication Bypass) SQL Injection Fast Guest Book - Authentication Bypass BKWorks ProPHP 0.50b1 - (Authentication Bypass) SQL Injection Weight Loss Recipe Book 3.1 - (Authentication Bypass) SQL Injection BKWorks ProPHP 0.50b1 - Authentication Bypass Weight Loss Recipe Book 3.1 - Authentication Bypass Dark Age CMS 0.2c Beta - (Authentication Bypass) SQL Injection Syzygy CMS 0.3 - (Authentication Bypass) SQL Injection Dark Age CMS 0.2c Beta - Authentication Bypass Syzygy CMS 0.3 - Authentication Bypass eFAQ - (Authentication Bypass) SQL Injection eReservations - (Authentication Bypass) SQL Injection The Walking Club - (Authentication Bypass) SQL Injection Ping IP - (Authentication Bypass) SQL Injection eFAQ - Authentication Bypass eReservations - Authentication Bypass The Walking Club - Authentication Bypass Ping IP - Authentication Bypass ASP ActionCalendar 1.3 - (Authentication Bypass) SQL Injection ASP ActionCalendar 1.3 - Authentication Bypass Click&Email - (Authentication Bypass) SQL Injection Click&Email - Authentication Bypass Web-Calendar Lite 1.0 - (Authentication Bypass) SQL Injection Web-Calendar Lite 1.0 - Authentication Bypass ClickAuction - (Authentication Bypass) SQL Injection ClickAuction - Authentication Bypass Netartmedia Car Portal 1.0 - (Authentication Bypass) SQL Injection Netartmedia Car Portal 1.0 - Authentication Bypass SalesCart - (Authentication Bypass) SQL Injection SalesCart - Authentication Bypass WholeHogSoftware Ware Support - (Authentication Bypass) SQL Injection WholeHogSoftware Password Protect - (Authentication Bypass) SQL Injection WholeHogSoftware Ware Support - Authentication Bypass WholeHogSoftware Password Protect - Authentication Bypass ClickCart 6.0 - (Authentication Bypass) SQL Injection ClickCart 6.0 - Authentication Bypass Online Grades 3.2.4 - (Authentication Bypass) SQL Injection Online Grades 3.2.4 - Authentication Bypass MyDesing Sayac 2.0 - (Authentication Bypass) SQL Injection MyDesing Sayac 2.0 - Authentication Bypass AuthPhp 1.0 - (Authentication Bypass) SQL Injection Mynews 0_10 - (Authentication Bypass) SQL Injection BlueBird Pre-Release - (Authentication Bypass) SQL Injection AuthPhp 1.0 - Authentication Bypass Mynews 0_10 - Authentication Bypass BlueBird Pre-Release - Authentication Bypass Grestul 1.x - Authentication Bypass (via Cookie SQL Injection) Grestul 1.x - Authentication Bypass (Cookie SQL Injection) XGuestBook 2.0 - (Authentication Bypass) SQL Injection XGuestBook 2.0 - Authentication Bypass PenPal 2.0 - (Authentication Bypass) SQL Injection PenPal 2.0 - Authentication Bypass BannerManager 0.81 - (Authentication Bypass) SQL Injection BannerManager 0.81 - Authentication Bypass Free PHP Petition Signing Script - (Authentication Bypass) SQL Injection Free PHP Petition Signing Script - Authentication Bypass Simbas CMS 2.0 - (Authentication Bypass) SQL Injection WebFileExplorer 3.1 - (Authentication Bypass) SQL Injection Simbas CMS 2.0 - Authentication Bypass WebFileExplorer 3.1 - Authentication Bypass My Dealer CMS 2.0 - (Authentication Bypass) SQL Injection My Dealer CMS 2.0 - Authentication Bypass XEngineSoft PMS/MGS/NM/Ams 1.0 - (Authentication Bypass) SQL Injection XEngineSoft PMS/MGS/NM/Ams 1.0 - Authentication Bypass NetHoteles 2.0/3.0 - (Authentication Bypass) SQL Injection NetHoteles 2.0/3.0 - Authentication Bypass Tiny Blogr 1.0.0 rc4 - (Authentication Bypass) SQL Injection Tiny Blogr 1.0.0 rc4 - Authentication Bypass ClanTiger 1.1.1 - (Authentication Bypass) SQL Injection ClanTiger 1.1.1 - Authentication Bypass Hot Project 7.0 - (Authentication Bypass) SQL Injection Hot Project 7.0 - Authentication Bypass EZ Webitor - (Authentication Bypass) SQL Injection EZ Webitor - Authentication Bypass Creasito E-Commerce 1.3.16 - (Authentication Bypass) SQL Injection Creasito E-Commerce 1.3.16 - Authentication Bypass I-Rater Pro/Plantinum 4.0 - (Authentication Bypass) SQL Injection I-Rater Pro/Plantinum 4.0 - Authentication Bypass 5 star Rating 1.2 - (Authentication Bypass) SQL Injection 5 star Rating 1.2 - Authentication Bypass Tiger Dms - (Authentication Bypass) SQL Injection Tiger Dms - Authentication Bypass The Recipe Script 5 - (Authentication Bypass) SQL Injection / DB Backup Realty Web-Base 1.0 - (Authentication Bypass) SQL Injection Luxbum 0.5.5/stable - (Authentication Bypass) SQL Injection The Recipe Script 5 - (Authentication Bypass) SQL Injection / Database Backup Realty Web-Base 1.0 - Authentication Bypass Luxbum 0.5.5/stable - Authentication Bypass My Game Script 2.0 - (Authentication Bypass) SQL Injection My Game Script 2.0 - Authentication Bypass Submitter Script - (Authentication Bypass) SQL Injection Submitter Script - Authentication Bypass PHP Dir Submit - (Authentication Bypass) SQL Injection PHP Dir Submit - Authentication Bypass DM FileManager 3.9.2 - (Authentication Bypass) SQL Injection DM FileManager 3.9.2 - Authentication Bypass VICIDIAL 2.0.5-173 - (Authentication Bypass) SQL Injection VICIDIAL 2.0.5-173 - Authentication Bypass Article Directory - (Authentication Bypass) SQL Injection Article Directory - Authentication Bypass phpBugTracker 1.0.3 - (Authentication Bypass) SQL Injection phpBugTracker 1.0.3 - Authentication Bypass Zen Help Desk 2.1 - (Authentication Bypass) SQL Injection Zen Help Desk 2.1 - Authentication Bypass EgyPlus 7ml 1.0.1 - (Authentication Bypass) SQL Injection EgyPlus 7ml 1.0.1 - Authentication Bypass Pixelactivo 3.0 - (Authentication Bypass) SQL Injection Pixelactivo 3.0 - Authentication Bypass MyCars Automotive - (Authentication Bypass) SQL Injection MyCars Automotive - Authentication Bypass Zip Store Chat 4.0/5.0 - (Authentication Bypass) SQL Injection Zip Store Chat 4.0/5.0 - Authentication Bypass AlumniServer 1.0.1 - (Authentication Bypass) SQL Injection AlumniServer 1.0.1 - Authentication Bypass ForumPal FE 1.1 - (Authentication Bypass) SQL Injection ForumPal FE 1.1 - Authentication Bypass Opial 1.0 - (Authentication Bypass) SQL Injection Opial 1.0 - Authentication Bypass webLeague 2.2.0 - (Authentication Bypass) SQL Injection webLeague 2.2.0 - Authentication Bypass AnotherPHPBook (APB) 1.3.0 - (Authentication Bypass) SQL Injection AnotherPHPBook (APB) 1.3.0 - Authentication Bypass SaphpLesson 4.0 - (Authentication Bypass) SQL Injection SaphpLesson 4.0 - Authentication Bypass Limny 1.01 - (Authentication Bypass) SQL Injection Limny 1.01 - Authentication Bypass Magician Blog 1.0 - (Authentication Bypass) SQL Injection Magician Blog 1.0 - Authentication Bypass AW BannerAd - (Authentication Bypass) SQL Injection AW BannerAd - Authentication Bypass Ajax Short URL Script - (Authentication Bypass) SQL Injection Ajax Short URL Script - Authentication Bypass TT Web Site Manager 0.5 - (Authentication Bypass) SQL Injection SimpleLoginSys 0.5 - (Authentication Bypass) SQL Injection TT Web Site Manager 0.5 - Authentication Bypass SimpleLoginSys 0.5 - Authentication Bypass Questions Answered 1.3 - (Authentication Bypass) SQL Injection Questions Answered 1.3 - Authentication Bypass Blink Blog System - (Authentication Bypass) SQL Injection Blink Blog System - Authentication Bypass MOC Designs PHP News 1.1 - (Authentication Bypass) SQL Injection MOC Designs PHP News 1.1 - Authentication Bypass PHotoLa Gallery 1.0 - (Authentication Bypass) SQL Injection PHotoLa Gallery 1.0 - Authentication Bypass PHPCityPortal - (Authentication Bypass) SQL Injection PHPCityPortal - Authentication Bypass Logoshows BBS 2.0 - (Authentication Bypass) SQL Injection Logoshows BBS 2.0 - Authentication Bypass SmilieScript 1.0 - (Authentication Bypass) SQL Injection SmilieScript 1.0 - Authentication Bypass humanCMS - (Authentication Bypass) SQL Injection humanCMS - Authentication Bypass Three Pillars Help Desk 3.0 - (Authentication Bypass) SQL Injection Three Pillars Help Desk 3.0 - Authentication Bypass AdsDX 3.05 - (Authentication Bypass) SQL Injection AdsDX 3.05 - Authentication Bypass Nephp Publisher Enterprise 4.5 - (Authentication Bypass) SQL Injection Nephp Publisher Enterprise 4.5 - Authentication Bypass W3infotech - (Authentication Bypass) SQL Injection W3infotech - Authentication Bypass Real Estate Portal X.0 - (Authentication Bypass) SQL Injection Real Estate Portal X.0 - Authentication Bypass PHP Inventory 1.2 - Remote Authentication Bypass (SQL Injection) PHP Inventory 1.2 - Authentication Bypass SitePal 1.1 - (Authentication Bypass) SQL Injection SitePal 1.1 - Authentication Bypass JM CMS 1.0 <= 1.0 - (Authentication Bypass) SQL Injection JM CMS 1.0 - Authentication Bypass Pre Hospital Management System - (Authentication Bypass) SQL Injection Pre Hospital Management System - Authentication Bypass Digiappz Freekot - (Authentication Bypass) SQL Injection Digiappz Freekot - Authentication Bypass Omnistar Affiliate - (Authentication Bypass) SQL Injection Omnistar Affiliate - Authentication Bypass PRE HOTELS&RESORTS MANAGEMENT SYSTEM - (Authentication Bypass) SQL Injection PRE HOTELS&RESORTS MANAGEMENT SYSTEM - Authentication Bypass Advance Biz Limited 1.0 - (Authentication Bypass) SQL Injection Advance Biz Limited 1.0 - Authentication Bypass e-topbiz banner exchange PHP - (Authentication Bypass) SQL Injection e-topbiz Slide Popups 1 PHP - (Authentication Bypass) SQL Injection e-topbiz banner exchange PHP - Authentication Bypass e-topbiz Slide Popups 1 PHP - Authentication Bypass Freewebscript'z Games - (Authentication Bypass) SQL Injection Freewebscript'z Games - Authentication Bypass DZOIC Handshakes - Authentication Bypass (SQL Injection) DZOIC Handshakes - Authentication Bypass DZOIC ClipHouse - Authentication Bypass (SQL Injection) DZOIC ClipHouse - Authentication Bypass PHP Car Rental-Script - (Authentication Bypass) SQL Injection PHP Car Rental-Script - Authentication Bypass Zen Tracking 2.2 - (Authentication Bypass) SQL Injection Baal Systems 3.8 - (Authentication Bypass) SQL Injection Zen Tracking 2.2 - Authentication Bypass Baal Systems 3.8 - Authentication Bypass Killmonster 2.1 - (Authentication Bypass) SQL Injection Killmonster 2.1 - Authentication Bypass Rostermain 1.1 - (Authentication Bypass) SQL Injection Rostermain 1.1 - Authentication Bypass NewsLetter Tailor - (Authentication Bypass) SQL Injection NewsLetter Tailor - Authentication Bypass WSN Guest 1.02 - (orderlinks) SQL Injection WSN Guest 1.02 - 'orderlinks' Parameter SQL Injection Project Man 1.0 - (Authentication Bypass) SQL Injection Project Man 1.0 - Authentication Bypass Uiga Fan Club 1.0 - (Authentication Bypass) SQL Injection Uiga Fan Club 1.0 - Authentication Bypass HazelPress Lite 0.0.4 - (Authentication Bypass) SQL Injection HazelPress Lite 0.0.4 - Authentication Bypass Majoda CMS - (Authentication Bypass) SQL Injection Majoda CMS - Authentication Bypass 4x CMS r26 - (Authentication Bypass) SQL Injection 4x CMS r26 - Authentication Bypass Satellite-X 4.0 - (Authentication Bypass) SQL Injection Huron CMS 8 11 2007 - (Authentication Bypass) SQL Injection Satellite-X 4.0 - Authentication Bypass Huron CMS 8 11 2007 - Authentication Bypass Zyke CMS 1.1 - (Authentication Bypass) SQL Injection Zyke CMS 1.1 - Authentication Bypass Online University - (Authentication Bypass) SQL Injection Online University - Authentication Bypass Online Job Board - (Authentication Bypass) SQL Injection Online Job Board - Authentication Bypass JE CMS 1.0.0 - Authentication Bypass (via SQL Injection) JE CMS 1.0.0 - Authentication Bypass ExtCalendar2 - (Authentication Bypass/Cookie) SQL Injection ExtCalendar2 - (Authentication Bypass / Cookie) SQL Injection SN News 1.2 - '/admin/loger.php' Authentication Bypass (SQL Injection) SN News 1.2 - '/admin/loger.php' Authentication Bypass RTTucson Quotations Database Script - (Authentication Bypass) SQL Injection RTTucson Quotations Database Script - Authentication Bypass PlaySms - 'index.php' Cross-Site Scripting PlaySms 0.8 - 'index.php' Cross-Site Scripting Practico CMS 13.7 - Authentication Bypass (SQL Injection) Practico CMS 13.7 - Authentication Bypass Airbnb Clone Script - Arbitrary File Upload Milw0rm Clone Script 1.0 - (Authentication Bypass) SQL Injection Milw0rm Clone Script 1.0 - Authentication Bypass PHPCollab CMS 2.5 - (emailusers.php) SQL Injection PHPCollab CMS 2.5 - 'emailusers.php' SQL Injection My link trader 1.1 - 'id' Parameter SQL Injection My Link Trader 1.1 - 'id' Parameter SQL Injection b2evolution 6.8.2 - Arbitrary File Upload Job Portal Script 9.11 - Authentication Bypass Online Food Delivery 2.04 - Authentication Bypass iTechscripts Freelancer Script 5.11 - 'sk' Parameter SQL Injection D-Link DIR-615 - Multiple Vulnerabilities School Management Software 2.75 - SQL Injection Penny Auction Script - Arbitrary File Upload ECommerce-TIBSECART - Arbitrary File Upload ECommerce-Multi-Vendor Software - Arbitrary File Upload |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | ./windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | ./windows/local/40564.c
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).