![]() 12 new exploits KarjaSoft Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow Apple iOS 4.0.3 - DPAP Server Denial of Service KarjaSoft Sami FTP Server 2.02 - USER Overflow (Metasploit) KarjaSoft Sami FTP Server 2.0.2 - USER Remote Buffer Overflow (Metasploit) Freefloat FTP Server - (LIST command) Buffer Overflow Freefloat FTP Server - 'LIST' Command Buffer Overflow Freefloat FTP Server 1.00 - MKD Buffer Overflow Freefloat FTP Server - MKD Buffer Overflow (Metasploit) Freefloat FTP Server 1.0 - 'MKD' Buffer Overflow Freefloat FTP Server - 'MKD' Buffer Overflow (Metasploit) Freefloat FTP Server 1.0 - REST & PASV Buffer Overflow Freefloat FTP Server 1.0 - 'REST' / 'PASV' Buffer Overflow Freefloat FTP Server - REST Buffer Overflow (Metasploit) Freefloat FTP Server - 'REST' Buffer Overflow (Metasploit) Freefloat FTP Server 1.0 - ACCL Buffer Overflow Freefloat FTP Server 1.0 - 'ACCL' Buffer Overflow Nagios Plugin check_ups - Local Buffer Overflow (PoC) Nagios Plugins check_ups - Local Buffer Overflow (PoC) Joomla! Component KISS Advertiser - Remote File / Bypass Upload Joomla! Component 'com_ksadvertiser' - Remote File / Bypass Upload Joomla! Component OS Property 2.0.2 - Unrestricted Arbitrary File Upload Joomla! Component 'com_osproperty' 2.0.2 - Unrestricted Arbitrary File Upload Joomla! Component com_niceajaxpoll 1.3.0 - SQL Injection Joomla! Component 'com_niceajaxpoll' 1.3.0 - SQL Injection Joomla! Extension Movm Extension (com_movm) - SQL Injection Joomla! Component 'com_movm' - SQL Injection Joomla! Component joomgalaxy 1.2.0.4 - Multiple Vulnerabilities Joomla! Component 'com_joomgalaxy' 1.2.0.4 - Multiple Vulnerabilities Joomla! Component En Masse 1.2.0.4 - SQL Injection Joomla! Component 'com_enmasse' 1.2.0.4 - SQL Injection Joomla! Component FireBoard (com_fireboard) - SQL Injection Joomla! Component 'com_fireboard' - SQL Injection Joomla! Component Spider Calendar Lite (com_spidercalendar) - SQL Injection Joomla! Component 'com_spidercalendar' - SQL Injection Joomla! Component RokModule - 'index.php module Parameter' Blind SQL Injection Joomla! Component 'com_rokmodule' - 'module' Parameter Blind SQL Injection Joomla! Component iCagenda - (id Parameter) Multiple Vulnerabilities Joomla! Component 'com_icagenda' - 'id' Parameter Multiple Vulnerabilities Joomla! Component FreeStyle Support com_fss 1.9.1.1447 - SQL Injection Joomla! Component Tags - 'index.php tag Parameter' SQL Injection Joomla! Component 'com_fss' 1.9.1.1447 - SQL Injection Joomla! Component 'com_tag' - 'tag' Parameter SQL Injection Joomla! Plugin Commedia - 'index.php task Parameter' SQL Injection Joomla! Component Kunena - 'index.php search Parameter' SQL Injection Joomla! Component 'com_commedia' - 'task' Parameter SQL Injection Joomla! Component 'com_kunena' - 'search' Parameter SQL Injection Freefloat FTP Server - PUT Command Buffer Overflow Freefloat FTP Server - 'PUT' Command Buffer Overflow Joomla! Component Spider Catalog - 'index.php Product_ID Parameter' SQL Injection Joomla! Component 'com_spidercatalog' - 'Product_ID' Parameter SQL Injection Free Float FTP Server - USER Command Buffer Overflow Freefloat FTP Server - 'USER' Command Buffer Overflow Joomla! Component JooProperty 1.13.0 - Multiple Vulnerabilities Joomla! Component 'com_jooproperty' 1.13.0 - Multiple Vulnerabilities Joomla! Component Spider Calendar - 'index.php date Parameter' Blind SQL Injection Joomla! Component 'com_spidercalendar' - 'date' Parameter Blind SQL Injection Joomla! Component com_collector - Arbitrary File Upload Joomla! Component 'com_collector' - Arbitrary File Upload Freefloat FTP 1.0 - Raw Commands Buffer Overflow Freefloat FTP Server 1.0 - 'Raw' Commands Buffer Overflow Joomla! 3.0.2 - (highlight.php) PHP Object Injection Joomla! 3.0.2 - 'highlight.php' PHP Object Injection Joomla! Component RSfiles - (cid parameter) SQL Injection Joomla! Component 'com_rsfiles' - 'cid' Parameter SQL Injection Joomla! Component CiviCRM 4.2.2 - Remote Code Injection Joomla! Component 'com_civicrm' 4.2.2 - Remote Code Injection Freefloat FTP 1.0 - DEP Bypass with ROP Freefloat FTP Server 1.0 - DEP Bypass with ROP Joomla! 3.0.3 - (remember.php) PHP Object Injection Joomla! 3.0.3 - 'remember.php' PHP Object Injection Joomla! Extension DJ Classifieds 2.0 - Blind SQL Injection Joomla! Component 'dj-classifieds' 2.0 - Blind SQL Injection Joomla! Component S5 Clan Roster com_s5clanroster - 'index.php id Parameter' SQL Injection Joomla! Component 'com_s5clanroster' - 'id' Parameter SQL Injection Joomla! Component Sectionex 2.5.96 - SQL Injection Joomla! Component 'com_sectionex' 2.5.96 - SQL Injection Joomla! Component redSHOP 1.2 - SQL Injection Joomla! Component 'com_redshop' 1.2 - SQL Injection Joomla! Component Media Manager - Arbitrary File Upload (Metasploit) Joomla! Component 'com_media' - Arbitrary File Upload (Metasploit) Apple iOS Mobile Safari - Memory Exhaustion Remote Denial of Service check_dhcp - Nagios Plugins 2.0.1 - Arbitrary Option File Read Nagios Plugins check_dhcp 2.0.1 - Arbitrary Option File Read check_dhcp 2.0.2 (Nagios Plugins) - Arbitrary Option File Read Race Condition Nagios Plugins check_dhcp 2.0.2 - Arbitrary Option File Read Race Condition Apple iOS 4.0.2 - Networking Packet Filter Rules Privilege Escalation Joomla! Component IDoEditor - 'image.php' Arbitrary File Upload Joomla! Component jFancy - 'script.php' Arbitrary File Upload Joomla! Component 'IDoEditor' - 'image.php' Arbitrary File Upload Joomla! Component 'mod_jfancy' - 'script.php' Arbitrary File Upload Joomla! Component hwdVideoShare - 'flash_upload.php' Arbitrary File Upload Joomla! Component 'com_hwdvideoshare' - 'flash_upload.php' Arbitrary File Upload Joomla! Component Maian Media - 'uploadhandler.php' Arbitrary File Upload Joomla! Component JCal Pro Calendar - SQL Injection Joomla! Component 'com_maianmedia' - 'uploadhandler.php' Arbitrary File Upload Joomla! Component 'com_jcalpro' - SQL Injection Joomla! Component com_szallasok - 'id' Parameter SQL Injection Joomla! Component 'com_szallasok' - 'id' Parameter SQL Injection Joomla! Module Language Switcher 2.5.x - Multiple Cross-Site Scripting Vulnerabilities My Little Forum 2.3.7 - Multiple Vulnerabilities Joomla! Component com_hello - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_hello' - 'Controller' Parameter Local File Inclusion Joomla! Component Odudeprofile - 'profession' Parameter SQL Injection Joomla! Component 'com_odudeprofile' - 'profession' Parameter SQL Injection Joomla! Component com_photo - Multiple SQL Injections Joomla! Component 'com_photo' - Multiple SQL Injections Joomla! Component CiviCRM - Multiple Arbitrary File Upload Vulnerabilities Joomla! Component 'com_civicrm' - Multiple Arbitrary File Upload Vulnerabilities Joomla! Component Komento - 'cid' Parameter SQL Injection Joomla! Component 'Komento' - 'cid' Parameter SQL Injection Joomla! Component com_quiz - SQL Injection Joomla! Component 'com_quiz' - SQL Injection Joomla! Component com_parcoauto - 'idVeicolo' Parameter SQL Injection Joomla! Component 'com_parcoauto' - 'idVeicolo' Parameter SQL Injection Joomla! Component ZT Autolinks - 'Controller' Parameter Local File Inclusion Joomla! Component Bit - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_ztautolink' - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_bit' - 'Controller' Parameter Local File Inclusion Joomla! Component Incapsula - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component 'com_incapsula' - Multiple Cross-Site Scripting Vulnerabilities Apple Mac OSX 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation Apple Mac OSX 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation (Metasploit) Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation (Metasploit) Joomla! Component RokDownloads - Arbitrary File Upload Joomla! Component 'com_rokdownloads' - Arbitrary File Upload Apple Intel HD 3000 Graphics driver 10.0.0 - Privilege Escalation Apple Intel HD 3000 Graphics Driver 10.0.0 - Privilege Escalation MyLittleForum 2.3.5 - PHP Command Injection My Little Forum 2.3.5 - PHP Command Injection Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free OS X/iOS Kernel - IOSurface Use-After-Free OS X/iOS - mach_ports_register Multiple Memory Safety Issues Apple OS X - Kernel IOBluetoothFamily.kext Use-After-Free Apple OS X/iOS - Kernel IOSurface Use-After-Free Apple OS X/iOS - mach_ports_register Multiple Memory Safety Issues MacOS 10.12 - 'task_t' Privilege Escalation Apple MacOS 10.12 - 'task_t' Privilege Escalation Freefloat FTP Server 1.0 - 'ABOR' Command Buffer Overflow School Registration and Fee System - Authentication Bypass Freefloat FTP Server 1.0 - 'RMD' Command Buffer Overflow Freefloat FTP Server 1.0 - 'HOST' Command Buffer Overflow KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow (SEH) Freefloat FTP Server 1.0 - 'RENAME' Command Buffer Overflow MySQL / MariaDB / PerconaDB - 'mysql' System User Privilege Escalation / Race Condition MySQL / MariaDB / PerconaDB - 'root' Privilege Escalation |
||
---|---|---|
platforms | ||
files.csv | ||
README.md | ||
searchsploit |
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) | ./windows/local/6757.txt
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash
, sed
, grep
, awk
, etc.) for the core features to work. The self updating function will require git
, and the Nmap XML option to work, will require xmllint
(found in the libxml2-utils
package in Debian-based systems).