![]() 9 new exploits Sambar FTP Server 6.4 - (SIZE) Remote Denial of Service Sambar FTP Server 6.4 - 'SIZE' Remote Denial of Service Samba 3.0.29 (client) - 'receive_smb_raw()' Buffer Overflow (PoC) Samba 3.0.29 (Client) - 'receive_smb_raw()' Buffer Overflow (PoC) 2WIRE DSL Router (xslt) - Denial of Service 2WIRE DSL Router - 'xslt' Denial of Service ooVoo 1.7.1.35 - (URL Protocol) Remote Unicode Buffer Overflow (PoC) ooVoo 1.7.1.35 - 'URL Protocol' Remote Unicode Buffer Overflow (PoC) Optimal Archive 1.38 - '.zip' File (SEH) (PoC) Optimal Archive 1.38 - '.zip' File Exploit (SEH) (PoC) Subtitle Translation Wizard 3.0.0 - (SEH) (PoC) Subtitle Translation Wizard 3.0.0 - Exploit (SEH) (PoC) Virtual DJ Trial 6.1.2 - Buffer Overflow (SEH) Crash (PoC) Virtual DJ Trial 6.1.2 - Buffer Overflow Crash (SEH) (PoC) VideoLAN VLC Media Player 1.1.9 - XSPF Local File Integer Overflow in XSPF Playlist parser VideoLAN VLC Media Player 1.1.9 - XSPF Playlist Local File Integer Overflow Winlog Lite SCADA HMI system - (SEH) Overwrite Winlog Lite SCADA HMI system - Overwrite (SEH) FL Studio 10 Producer Edition - (SEH) Buffer Overflow (PoC) FL Studio 10 Producer Edition -Buffer Overflow (SEH) (PoC) Sony PC Companion 2.1 - (DownloadURLToFile()) Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - (Load()) Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - (CheckCompatibility()) Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - (Admin_RemoveDirectory()) Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'DownloadURLToFile()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'Load()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'CheckCompatibility()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Stack Based Unicode Buffer Overflow Sambar Server 6.0 - results.stm Post Request Buffer Overflow Sambar Server 6.0 - 'results.stm' POST Request Buffer Overflow Samba nttrans Reply - Integer Overflow Samba 3.5.22/3.6.17/4.0.8 - nttrans Reply Integer Overflow Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) Denial of Service Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) Denial of Service Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) (Denial of Service) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) (Denial of Service) i.FTP 2.21 - (SEH) Overflow Crash (PoC) i.FTP 2.21 - Overflow Crash (SEH) (PoC) Sam Spade 1.14 - Scan From IP Address Field (SEH) Overflow Crash (SEH) (PoC) Sam Spade 1.14 - Scan From IP Address Field Overflow Crash (SEH) (PoC) TECO SG2 FBD Client 3.51 - '.gfb' Overwrite (SEH) Buffer Overflow TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH) Network Scanner 4.0.0.0 - (SEH)Crash (PoC) Network Scanner 4.0.0.0 - Crash (SEH) (PoC) Zortam Mp3 Media Studio 20.15 - Overflow (SEH) Denial of Service Zortam Mp3 Media Studio 20.15 - Overflow (SEH) (Denial of Service) Symantec AntiVirus - Remote Stack Buffer Overflow in dec2lha Library Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow WebKit JSC - Heap Buffer Overflow in Intl.getCanonicalLocales WebKit JSC - 'Intl.getCanonicalLocales' Heap Buffer Overflow Firebird 1.0.2 FreeBSD 4.7-RELEASE - Privilege Escalation Firebird 1.0.2 (FreeBSD 4.7-RELEASE) - Privilege Escalation CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (Unicode SEH) CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (SEH Unicode) Quick Player 1.2 - Unicode Buffer Overflow DJ Studio Pro 5.1.6.5.2 - (SEH) Exploit Quick Player 1.2 - Unicode Buffer Overflow (1) DJ Studio Pro 5.1.6.5.2 - Exploit (SEH) Quick Player 1.2 - Unicode Buffer Overflow (Bindshell) Quick Player 1.2 - Unicode Buffer Overflow (2) Winamp 5.572 - (SEH) Exploit Winamp 5.572 - Exploit (SEH) ZipScan 2.2c - (SEH) Exploit ZipScan 2.2c - Exploit (SEH) Winamp 5.572 - 'whatsnew.txt' (SEH) (Metasploit) Winamp 5.572 - 'whatsnew.txt' Exploit (SEH) (Metasploit) Mediacoder 0.7.3.4672 - (SEH) Exploit Mediacoder 0.7.3.4672 - Exploit (SEH) SureThing CD Labeler (m3u/pls) - Unicode Stack Overflow (PoC) SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow (PoC) MoreAmp - '.maf' Local Stack Buffer Overflow (SEH) (calc) BlazeDVD 6.0 - '.plf' File (SEH) Universal Buffer Overflow MoreAmp - '.maf' Local Stack Buffer Overflow (SEH) BlazeDVD 6.0 - '.plf' File Universal Buffer Overflow (SEH) ASX to MP3 Converter 3.1.2.1 - (SEH) Multiple OS ASLR + DEP Bypass (Metasploit) ASX to MP3 Converter 3.1.2.1 - Multiple OS ASLR + DEP Bypass (SEH) (Metasploit) MP3 Workstation 9.2.1.1.2 - (SEH) Exploit MP3 Workstation 9.2.1.1.2 - Exploit (SEH) DJ Studio Pro 8.1.3.2.1 - (SEH) Exploit DJ Studio Pro 8.1.3.2.1 - Exploit (SEH) MP3 Workstation 9.2.1.1.2 - (SEH) (Metasploit) MP3 Workstation 9.2.1.1.2 - Exploit (SEH) (Metasploit) iworkstation 9.3.2.1.4 - (SEH) Exploit iworkstation 9.3.2.1.4 - Exploit (SEH) Winamp 5.6 - Arbitrary Code Execution in MIDI Parser Winamp 5.6 - 'MIDI Parser' Arbitrary Code Execution BS.Player 2.57 - Buffer Overflow (Unicode SEH) BS.Player 2.57 - Buffer Overflow (SEH Unicode) Nokia MultiMedia Player 1.0 - (SEH Unicode) Nokia MultiMedia Player 1.0 - Exploit (SEH Unicode) POP Peeper 3.7 - (SEH) Exploit POP Peeper 3.7 - Exploit (SEH) Download Accelerator Plus (DAP) 9.7 - '.M3U' File Buffer Overflow (Unicode SEH) Download Accelerator Plus (DAP) 9.7 - '.M3U' File Buffer Overflow (SEH Unicode) BS.Player 2.57 - Buffer Overflow (Unicode SEH) (Metasploit) BS.Player 2.57 - Buffer Overflow (SEH Unicode) (Metasploit) DJ Studio Pro 5.1.6.5.2 - (SEH) (Metasploit) DJ Studio Pro 5.1.6.5.2 - Exploit (SEH) (Metasploit) Samba 2.0.7 SWAT - Logfile Permissions Samba 2.0.7 - SWAT Logfile Permissions Static HTTP Server 1.0 - (SEH) Overflow Static HTTP Server 1.0 - Overflow (SEH) ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (Unicode SEH) ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (SEH Unicode) Light Alloy 4.7.3 - '.m3u' Buffer Overflow (SEH) 'UNICODE' Light Alloy 4.7.3 - '.m3u' Buffer Overflow (SEH Unicode) GOM Player 2.2.53.5169 - Buffer Overflow (SEH) (.reg) GOM Player 2.2.53.5169 - '.reg' Buffer Overflow (SEH) Quick Search 1.1.0.189 - 'search textbox Buffer Overflow (Unicode SEH) (Egghunter) Quick Search 1.1.0.189 - search textbox Buffer Overflow (SEH Unicode) (Egghunter) Total Commander 8.52 - Overwrite (SEH) Buffer Overflow Total Commander 8.52 - Overwrite Buffer Overflow (SEH) TECO SG2 LAD Client 3.51 - '.gen' Overwrite (SEH) Buffer Overflow TECO JN5 L510-DriveLink 1.482 - '.lf5' Overwrite (SEH) Buffer Overflow TECO SG2 LAD Client 3.51 - '.gen' Overwrite Buffer Overflow (SEH) TECO JN5 L510-DriveLink 1.482 - '.lf5' Overwrite Buffer Overflow (SEH) Jungo DriverWizard WinDriver - Kernel Pool Overflow Jungo DriverWizard WinDriver - Kernel Out-of-Bounds Write Privilege Escalation Tor - Linux Sandbox Breakout via X11 Samba < 2.2.8 (Linux/BSD) - Remote Code Execution Samba 3.0.4 SWAT - Authorisation Buffer Overflow Samba 3.0.4 - SWAT Authorisation Buffer Overflow BigAnt Server 2.50 - GET Request Remote Buffer Overflow (SEH) Universal BigAnt Server 2.50 - GET Request Universal Remote Buffer Overflow (SEH) Samba 2.2.x - nttrans Overflow (Metasploit) Samba 2.2.x - 'nttrans' Overflow (Metasploit) BigAnt Server 2.52 - (SEH) Exploit BigAnt Server 2.52 - Exploit (SEH) File Sharing Wizard 1.5.0 - (SEH) Exploit File Sharing Wizard 1.5.0 - Exploit (SEH) Samba - 'Username' map script' Command Execution (Metasploit) Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution (Metasploit) Samba 2.2.8 (*BSD x86) - 'trans2open' Overflow Exploit (Metasploit) Samba 2.2.8 (BSD x86) - 'trans2open' Overflow Exploit (Metasploit) Samba 2.0.7 SWAT - Logging Failure Samba 2.0.7 - SWAT Logging Failure Sambar Server 4.4/5.0 - pagecount File Overwrite Sambar Server 4.4/5.0 - 'pagecount' File Overwrite Sambar Server 5.x - results.stm Cross-Site Scripting Sambar Server 5.x - 'results.stm' Cross-Site Scripting Samba SMB 2.2.x - CIFS/9000 Server A.01.x Packet Assembling Buffer Overflow Samba 2.2.x - CIFS/9000 Server A.01.x Packet Assembling Buffer Overflow BigAnt Server 2.52 SP5 - (SEH) Stack Overflow ROP-Based Exploit (ASLR + DEP Bypass) BigAnt Server 2.52 SP5 - Stack Overflow ROP-Based Exploit (SEH) (ASLR + DEP Bypass) Sambar 5.x - Open Proxy / Authentication Bypass Sambar Server 5.x - Open Proxy / Authentication Bypass Sambar Server 6.1 Beta 2 - show.asp show Parameter Cross-Site Scripting Sambar Server 6.1 Beta 2 - showperf.asp title Parameter Cross-Site Scripting Sambar Server 6.1 Beta 2 - showini.asp Arbitrary File Access Sambar Server 6.1 Beta 2 - 'show.asp' show Parameter Cross-Site Scripting Sambar Server 6.1 Beta 2 - 'showperf.asp' title Parameter Cross-Site Scripting Sambar Server 6.1 Beta 2 - 'showini.asp' Arbitrary File Access Sambar Server 5.x/6.0/6.1 - results.stm indexname Cross-Site Scripting Sambar Server 5.x/6.0/6.1 - 'results.stm' indexname Cross-Site Scripting Ruby 1.9.1 - WEBrick Terminal Escape Sequence in Logs Command Injection Ruby 1.9.1 - WEBrick 'Terminal Escape Sequence in Logs' Command Injection Varnish 2.0.6 - Terminal Escape Sequence in Logs Command Injection Varnish 2.0.6 - 'Terminal Escape Sequence in Logs' Command Injection Yaws 1.55 - Terminal Escape Sequence in Logs Command Injection Orion Application Server 2.0.7 - Terminal Escape Sequence in Logs Command Injection Yaws 1.55 - 'Terminal Escape Sequence in Logs' Command Injection Orion Application Server 2.0.7 - 'Terminal Escape Sequence in Logs' Command Injection Sysax Multi Server 6.50 - HTTP File Share Overflow (SEH) Remote Code Execution (SEH) Sysax Multi Server 6.50 - HTTP File Share Overflow Remote Code Execution (SEH) Easy File Sharing Web Server 7.2 - (SEH) Overflow (Egghunter) Easy File Sharing Web Server 7.2 - Overflow (Egghunter) (SEH) Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit) Samba 3.5.0 < 4.4.14/4.5.10/4.6.4 - 'is_known_pipename()' Arbitrary Module Load (Metasploit) WordPress Core & MU & Plugins - Privileges Unchecked in 'admin.php' / Multiple Information Disclosures WordPress Core & MU & Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures PHP-Nuke 8.0 - Cross-Site Scripting / HTML Code Injection in News Module PHP-Nuke 8.0 - ' News Module Cross-Site Scripting / HTML Code Injection PHP-decoda - Cross-Site Scripting In Video Tag PHP-decoda - 'Video Tag' Cross-Site Scripting vBulletin 4.x/5.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API vBulletin 4.x - Authenticated SQL Injection in breadcrumbs via xmlrpc API vBulletin 4.x/5.x - AdminCP/ApiLog via xmlrpc API Authenticated Persistent Cross-Site Scripting vBulletin 4.x - breadcrumbs via xmlrpc API Authenticated SQL Injection Advertiz PHP Script 0.2 - Cross-Site Request Forgery (Update Admin) WebKit - Stealing Variables via Page Navigation in 'FrameLoader::clear' WebKit - 'FrameLoader::clear' Stealing Variables via Page Navigation FineCMS 1.0 - Multiple Vulnerabilities FineCMS 1.0 - Multiple Vulnerabilities A2billing 2.x - SQL Injection Cory Support - 'pr' Parameter SQL Injection Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery (Update Admin) Pay Banner Text Link Ad 1.0.6.1 - SQL Injection |
||
---|---|---|
platforms | ||
files.csv | ||
README.md | ||
searchsploit |
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"
For more examples, see the manual: https://www.exploit-db.com/searchsploit/
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
--exclude="term" Remove values from results. By using "|" to separated you can chain multiple values.
e.g. --exclude="term1|term2|term3".
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
---------------------------------------------------------------------------------------- -----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms/)
---------------------------------------------------------------------------------------- -----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | windows/dos/17133.c
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046) | windows/dos/18755.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | windows/local/21844.rb
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | win_x86/local/40564.c
---------------------------------------------------------------------------------------- -----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash
, sed
, grep
, awk
, etc.) for the core features to work. The self updating function will require git
, and the Nmap XML option to work, will require xmllint
(found in the libxml2-utils
package in Debian-based systems).