![]() 3 new exploits Mandrake Linux 8.2 - /usr/mail Local Exploit /usr/mail (Mandrake Linux 8.2) - Local Exploit Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Root Exploit (3) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Local Root Exploit (3) Linux Kernel 2.2 - (TCP/IP Weakness) Exploit Linux Kernel 2.2 - TCP/IP Weakness Spoof IP Exploit CDRecord's ReadCD - Local Root Privileges CDRecord's ReadCD - Local Root Exploit NetBSD FTPd / tnftpd Remote Stack Overflow PoC NetBSD FTPd / Tnftpd - Remote Stack Overflow PoC Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 & Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - ip_append_data() ring0 Root Exploit (1) Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' ring0 Root Exploit (1) Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation Local Root Exploit (1) Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (1) SimpNews 2.16.2 and Below Multiple SQL Injection Vulnerabilities SimpNews <= 2.16.2 - Multiple SQL Injection Vulnerabilities NetBSD 5.0 and below Hack GENOCIDE Environment Overflow proof of concept NetBSD 5.0 and below Hack PATH Environment Overflow proof of concept NetBSD <= 5.0 - Hack GENOCIDE Environment Overflow proof of concept NetBSD <= 5.0 - Hack PATH Environment Overflow proof of concept Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation Local Root Exploit (2) Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (2) Linux Kernel < 2.6.34 (Ubuntu 10.10) - CAP_SYS_ADMIN x86 Local Privilege Escalation Exploit (1) Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Local Privilege Escalation Exploit (1) Linux Kernel < 2.6.34 (Ubuntu 11.10 x86/x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2) Linux Kernel < 2.6.34 (Ubuntu 10.10 x86/x64) - 'CAP_SYS_ADMIN' Local Privilege Escalation Exploit (2) Linux Kernel <= 2.6.37-rc1 - serial_multiport_struct Local Info Leak Exploit Linux Kernel <= 2.6.37-rc1 - serial_multiport_struct Local Information Leak Exploit NetBSD <= 1.3.2_SGI IRIX <= 6.5.1 at(1) NetBSD <= 1.3.2_SGI IRIX <= 6.5.1 at(1) - Exploit NetBSD <= 1.4_OpenBSD <= 2.5_Solaris <= 7.0 profil(2) NetBSD <= 1.4 / OpenBSD <= 2.5 /Solaris <= 7.0 profil(2) - Exploit FreeBSD 3.4/4.0/5.0_NetBSD 1.4 Unaligned IP Option Denial of Service FreeBSD 3.4/4.0/5.0 / NetBSD 1.4 - Unaligned IP Option Denial of Service FreeBSD 2.2-4.2_NetBSD 1.2-4.5_OpenBSD 2.x ftpd glob() Buffer Overflow FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - glob() Buffer Overflow NetBSD 1.x TalkD User Validation NetBSD 1.x TalkD - User Validation FreeBSD 4.x_NetBSD 1.4.x/1.5.x/1.6_OpenBSD 3 pppd Arbitrary File Permission Modification Race Condition FreeBSD 4.x / NetBSD 1.4.x/1.5.x/1.6 / OpenBSD 3 - pppd Arbitrary File Permission Modification Race Condition Linux Kernel 2.4 - execve() System Call Race Condition PoC Linux Kernel 2.4 - suid execve() System Call Race Condition PoC Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index PoC (1) Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index (Proof of Concept) (1) Linux Kernel < 3.8.9 (x86_64) - perf_swevent_init Local Root Exploit (2) Linux Kernel < 3.8.9 (x86_64) - 'perf_swevent_init' Local Root Exploit (2) NetBSD 3.1 Ftpd and Tnftpd Port Remote Buffer Overflow NetBSD 3.1 FTPd / Tnftpd - Port Remote Buffer Overflow OpenBSD 4.6 and NetBSD 5.0.1 - 'printf(1)' Format String Parsing Denial of Service OpenBSD 4.6 / NetBSD 5.0.1 - 'printf(1)' Format String Parsing Denial of Service Linux Kernel <= 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04.0/1/2 x64) - perf_swevent_init Local Root Exploit (3) Linux Kernel <= 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Root Exploit (3) Mozilla Firefox SeaMonkey <= 3.6.10 and Thunderbird <= 3.1.4 - 'document.write' Memory Corruption Mozilla Firefox SeaMonkey <= 3.6.10 / Thunderbird <= 3.1.4 - 'document.write' Memory Corruption Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities Mozilla Firefox/Thunderbird/SeaMonkey - Multiple HTML Injection Vulnerabilities Linux Kernel <= 3.14.5 (RHEL/CentOS 7) - libfutex Local Root Linux Kernel <= 3.14.5 (RHEL / CentOS 7) - 'libfutex' Local Root Exploit NetBSD 5.1 Multiple 'libc/net' Functions Stack Buffer Overflow NetBSD 5.1 - Multiple 'libc/net' Functions Stack Buffer Overflow VSAT Sailor 900 - Remote Exploit Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow (Proof of Concept) Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - rootpipe Local Privilege Escalation Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'rootpipe' Privilege Escalation Apple OS X Entitlements Rootpipe Privilege Escalation Apple OS X Entitlements - 'Rootpipe' Privilege Escalation OS-X/x86-64 - /bin/sh Shellcode - NULL Byte Free (34 bytes) OS-X/x86-64 - /bin/sh Shellcode NULL Byte Free (34 bytes) OS X Install.framework suid root Runner Binary Privilege Escalation OS X Install.framework - suid root Runner Binary Privilege Escalation Linux/MIPS Kernel 2.6.36 NetUSB - Remote Code Execution Exploit Linux/MIPS Kernel 2.6.36 - 'NetUSB' Remote Code Execution Exploit Linux/x86-64 - bindshell (Pori: 5600) shellcode (81 bytes) Linux/x86-64 - bindshell (Port 5600) shellcode (81 bytes) Linux Kernel 4.4.x (Ubuntu 16.04) - double-fdput() in bpf(BPF_PROG_LOAD) Local Root Exploit Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' in bpf(BPF_PROG_LOAD) Local Root Exploit Exim 4 (Debian/Ubuntu) - Spool Local Root Privilege Escalation Exim 4 (Debian / Ubuntu) - Spool Local Privilege Escalation Windows 7-10 and 2k8-2k12 x86/x64 - Secondary Logon Handle Privilege Escalation (MS16-032) Windows 7-10 and 2008-2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032) Internet Explorer 11 (on Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051) Internet Explorer 11 (Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051) Linux/x86-64 - Syscall Persistent Bind Shell + (Multi-terminal) + Password + Daemon (83_ 148_ 177 bytes) Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon (83_ 148_ 177 bytes) mail.local(8) (NetBSD) - Local Root Exploit (NetBSD-SA2016-006) Apache 2.4.7 & PHP <= 7.0.2 - openssl_seal() Uninitialized Memory Code Execution |
||
---|---|---|
platforms | ||
files.csv | ||
README.md | ||
searchsploit |
The Exploit-Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
Example:
searchsploit afd windows local
searchsploit -t oracle windows
=========
Options
=========
-c, --case Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-o, --overflow Exploit title's are allowed to overflow their columns.
-p, --path Show the full path to an exploit (Copies path to clipboard if possible).
-t, --title Search just the exploit title (Default is title AND the file's path).
-u, --update Update exploit database from git.
-w, --www Show URLs to Exploit-DB.com rather than local path.
--colour Disable colour highlighting.
--id Display EDB-ID value rather than local path.
=======
Notes
=======
* Use any number of search terms.
* Search terms are not case sensitive, and order is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching numbers/major versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - AFD.sys Privilege Escalation Exploit (K-plugin) | ./windows/local/6757.txt
Microsoft Windows XP - AFD.sys Local Kernel DoS Exploit | ./windows/dos/17133.c
Microsoft Windows XP/2003 Afd.sys - Local Privilege Escalation Exploit (MS11-080)| ./windows/local/18176.py
Microsoft Windows - AfdJoinLeaf Privilege Escalation (MS11-080) | ./windows/local/21844.rb
Microsoft Windows - AFD.SYS Dangling Pointer Privilege Escalation (MS14-040) | ./win32/local/39446.py
Microsoft Windows 7 x64 - AFD.SYS Privilege Escalation (MS14-040) | ./win64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#