A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
ca6eab30f8
6 new exploits Linux Kernel 2.2.x - 2.4.x ptrace/kmod Local Root Exploit Linux Kernel 2.2.x - 2.4.x - ptrace/kmod Local Root Exploit Apache HTTP Server 2.x Memory Leak Exploit Apache HTTP Server 2.x - Memory Leak Exploit Mac OS X <= 10.2.4 DirectoryService (PATH) Local Root Exploit Mac OS X <= 10.2.4 - DirectoryService (PATH) Local Root Exploit CommuniGate Pro Webmail 4.0.6 Session Hijacking Exploit CommuniGate Pro Webmail 4.0.6 - Session Hijacking Exploit OpenBSD (ibcs2_exec) Kernel Local Exploit OpenBSD - (ibcs2_exec) Kernel Local Exploit HP-UX B11.11 /usr/bin/ct Local Format String Root Exploit HP-UX B11.11 - /usr/bin/ct Local Format String Root Exploit traceroute Local Root Exploit traceroute - Local Root Exploit vixie-cron Local Root Exploit vixie-cron - Local Root Exploit BSDi 3.0 inc Local Root Buffer Overflow Exploit BSDi 3.0 inc - Local Root Buffer Overflow Exploit GLIBC (via /bin/su) Local Root Exploit GLIBC (via /bin/su) - Local Root Exploit Linux Kernel 2.2 (TCP/IP Weakness) Exploit Linux Kernel 2.2 - (TCP/IP Weakness) Exploit BSD chpass (pw_error(3)) Local Root Exploit BSD chpass - (pw_error(3)) Local Root Exploit Tru64 UNIX 4.0g /usr/bin/at Local Root Exploit Tru64 UNIX 4.0g - /usr/bin/at Local Root Exploit FreeBSD 3.5.1/4.2 ports package xklock Local Root Exploit FreeBSD 3.5.1/4.2 Ports Package elvrec Local Root Exploit Progress Database Server 8.3b (prodb) Local Root Exploit FreeBSD 3.5.1/4.2 - ports package xklock Local Root Exploit FreeBSD 3.5.1/4.2 - Ports Package elvrec Local Root Exploit Progress Database Server 8.3b - (prodb) Local Root Exploit Xt Library Local Root Command Execution Exploit Xt Library - Local Root Command Execution Exploit AIX lquerylv Local Root Buffer Overflow Exploit AIX lquerylv - Local Root Buffer Overflow Exploit IRIX 5.3 /usr/sbin/iwsh Local Root Buffer Overflow Solaris 5.5.1 X11R6.3 xterm (-xrm) Local Root Exploit IRIX 5.3 - /usr/sbin/iwsh Local Root Buffer Overflow Solaris 5.5.1 X11R6.3 - xterm (-xrm) Local Root Exploit Mac OS X Panther Internet Connect Local Root Exploit Mac OS X - Panther Internet Connect Local Root Exploit Linux Kernel File Offset Pointer Handling Memory Disclosure Exploit Linux Kernel - File Offset Pointer Handling Memory Disclosure Exploit SquirrelMail (chpasswd) Local Root Bruteforce Exploit SquirrelMail - (chpasswd) Local Root Bruteforce Exploit CDRDAO Local Root Exploit CDRDAO - Local Root Exploit SCO Openserver 5.0.7 (MMDF deliver) Local Root Exploit SCO Openserver 5.0.7 - (MMDF deliver) Local Root Exploit OpenText FirstClass 8.0 HTTP Daemon /Search Remote DoS OpenText FirstClass 8.0 - HTTP Daemon /Search Remote DoS Solaris 8/9 passwd circ() Local Root Exploit Solaris 8/9 - passwd circ() Local Root Exploit PaX Double-Mirrored VMA munmap Local Root Exploit PaX - Double-Mirrored VMA munmap Local Root Exploit Mac OS X <= 10.3.8 (CF_CHARSET_PATH) Local Root Buffer Overflow Mac OS X <= 10.3.8 - (CF_CHARSET_PATH) Local Root Buffer Overflow Solaris 10.x ESRI Arcgis Local Root Format String Exploit Solaris 10.x - ESRI Arcgis Local Root Format String Exploit dSMTP Mail Server 3.1b Linux Remote Root Format String Exploit dSMTP Mail Server 3.1b - Linux Remote Root Format String Exploit AIX 5.2 paginit Local Root Exploit AIX 5.2 - paginit Local Root Exploit Solaris 9 / 10 ld.so Local Root Exploit (1) Solaris 9 / 10 - ld.so Local Root Exploit (1) phpBB 2.0.15 - Remote PHP Code Execution Exploit (Metasploit phpBB 2.0.15 - Remote PHP Code Execution Exploit (Metasploit) vBulletin <= 3.0.6 (Template) Command Execution Exploit (Metasploit vBulletin <= 3.0.6 (Template) Command Execution Exploit (Metasploit) Microsoft Windows XP SP2 (rdpwd.sys) Remote Kernel DoS Exploit Microsoft Windows XP SP2 - (rdpwd.sys) Remote Kernel DoS Exploit WordPress <= 1.5.1.3 - Remote Code Execution eXploit (Metasploit WordPress <= 1.5.1.3 - Remote Code Execution exploit (Metasploit) Solaris <= 10 LPD Arbitrary File Delete Exploit (Metasploit Solaris <= 10 LPD Arbitrary File Delete Exploit (Metasploit) Debian 2.2 /usr/bin/pileup Local Root Exploit Debian 2.2 - /usr/bin/pileup Local Root Exploit Solaris 2.6/7/8/9 (ld.so.1) Local Root Exploit (sparc) Solaris 2.6/7/8/9 - (ld.so.1) Local Root Exploit (sparc) Wireless Tools 26 (iwconfig) Local Root Exploit (some setuid) Wireless Tools 26 - (iwconfig) Local Root Exploit (some setuid) Qpopper <= 4.0.8 (poppassd) Local Root Exploit (freebsd) Qpopper <= 4.0.8 - (poppassd) Local Root Exploit (freebsd) Solaris 10 DtPrintinfo/Session Local Root Exploit (x86) Solaris 10 - DtPrintinfo/Session Local Root Exploit (x86) XMail 1.21 (-t Command Line Option) Local Root Buffer Overflow Exploit XMail 1.21 - (-t Command Line Option) Local Root Buffer Overflow Exploit linux-ftpd-ssl 0.17 (MKD/CWD) Remote Root Exploit linux-ftpd-ssl 0.17 - (MKD/CWD) Remote Root Exploit QNX Neutrino 6.2.1 (phfont) Race Condition Local Root Exploit QNX Neutrino 6.2.1 - (phfont) Race Condition Local Root Exploit FreeBSD 6.0 (nfsd) Remote Kernel Panic Denial of Service Exploit FreeBSD 6.0 - (nfsd) Remote Kernel Panic Denial of Service Exploit Apple Mac OS X (/usr/bin/passwd) Custom Passwd Local Root Exploit Apple Mac OS X - (/usr/bin/passwd) Custom Passwd Local Root Exploit Horde <= 3.0.9/3.1.0 - (Help Viewer) Remote Code Execution (Metasploit Horde <= 3.0.9/3.1.0 - (Help Viewer) Remote Code Execution (Metasploit) Rocks Clusters <= 4.1 (mount-loop) Local Root Exploit Rocks Clusters <= 4.1 - (mount-loop) Local Root Exploit Solaris <= 10 sysinfo() Local Kernel Memory Disclosure Exploit Solaris <= 10 - sysinfo() Local Kernel Memory Disclosure Exploit liblesstif <= 2-0.93.94-4mdk (DEBUG_FILE) Local Root Exploit liblesstif <= 2-0.93.94-4mdk - (DEBUG_FILE) Local Root Exploit Mac OS X <= 10.4.7 Mach Exception Handling Local Root Exploit Mac OS X <= 10.4.7 - Mach Exception Handling Local Root Exploit Xcode OpenBase <= 9.1.5 (root file create) Local Root Exploit (OSX) Xcode OpenBase <= 9.1.5 - (root file create) Local Root Exploit (OSX) HP-UX 11i (swpackage) Stack Overflow Local Root Exploit HP-UX 11i (swmodify) Stack Overflow Local Root Exploit HP-UX 11i (swask) Format String Local Root Exploit HP-UX 11i (LIBC TZ enviroment variable) Local Root Exploit HP-UX 11i - (swpackage) Stack Overflow Local Root Exploit HP-UX 11i - (swmodify) Stack Overflow Local Root Exploit HP-UX 11i - (swask) Format String Local Root Exploit HP-UX 11i - (LIBC TZ enviroment variable) Local Root Exploit FreeBSD 6.1 (/dev/crypto) Local Kernel Denial of Service Exploit FreeBSD 6.1 - (/dev/crypto) Local Kernel Denial of Service Exploit Apple Airport 802.11 Probe Response Kernel Memory Corruption PoC Apple Airport - 802.11 Probe Response Kernel Memory Corruption PoC Xcode OpenBase <= 10.0.0 (symlink) Local Root Exploit (OSX) Xcode OpenBase <= 10.0.0 (unsafe system call) Local Root Exploit (OSX) Xcode OpenBase <= 10.0.0 - (symlink) Local Root Exploit (OSX) Xcode OpenBase <= 10.0.0 - (unsafe system call) Local Root Exploit (OSX) Intel 2200BG 802.11 Beacon frame Kernel Memory Corruption Exploit Intel 2200BG 802.11 - Beacon frame Kernel Memory Corruption Exploit Mac OS X 10.4.x Kernel shared_region_map_file_np() Memory Corruption Mac OS X 10.4.x Kernel - shared_region_map_file_np() Memory Corruption Intel 2200BG 802.11 disassociation packet Kernel Memory Corruption Intel 2200BG 802.11 - disassociation packet Kernel Memory Corruption Plan 9 Kernel (devenv.c OTRUNC/pwrite) Local Exploit Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit Plan 9 Kernel - (devenv.c OTRUNC/pwrite) Local Exploit Ubuntu/Debian Apache 1.3.33/1.3.34 - (CGI TTY) Local Root Exploit madwifi <= 0.9.2.1 WPA/RSN IE Remote Kernel Buffer Overflow Exploit madwifi <= 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow Exploit PHP FirstPost 0.1 (block.php Include) Remote File Inclusion Exploit PHP FirstPost 0.1 - (block.php Include) Remote File Inclusion Exploit IBM AIX <= 5.3 sp6 capture Terminal Sequence Local Root Exploit IBM AIX <= 5.3 sp6 pioout Arbitrary Library Loading Local Root Exploit IBM AIX <= 5.3 sp6 ftp gets() Local Root Exploit IBM AIX <= 5.3 sp6 - capture Terminal Sequence Local Root Exploit IBM AIX <= 5.3 sp6 - pioout Arbitrary Library Loading Local Root Exploit IBM AIX <= 5.3 sp6 - ftp gets() Local Root Exploit Linux Kernel 2.4/2.6 x86-64 System Call Emulation Exploit Linux Kernel 2.4/2.6 - x86-64 System Call Emulation Exploit Solaris 10 x86/sparc sysinfo Kernel Memory Disclosure Exploit Solaris fifofs I_PEEK Kernel Memory Disclosure Exploit (x86/sparc) Solaris 10 - x86/sparc sysinfo Kernel Memory Disclosure Exploit Solaris - fifofs I_PEEK Kernel Memory Disclosure Exploit (x86/sparc) Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow PoC Apple Mac OS X 10.4.x Kernel - i386_set_ldt() Integer Overflow PoC Apple Mac OS X xnu <= 1228.0 mach-o Local Kernel Denial of Service PoC Apple Mac OS X xnu <= 1228.0 - mach-o Local Kernel Denial of Service PoC Cisco VPN Client IPSec Driver Local kernel system pool Corruption PoC Cisco VPN Client - IPSec Driver Local kernel system pool Corruption PoC DESlock+ <= 3.2.6 (list) Local Kernel Memory Leak PoC DESlock+ <= 3.2.6 DLMFENC.sys Local Kernel ring0 link list zero PoC DESlock+ <= 3.2.6 - (list) Local Kernel Memory Leak PoC DESlock+ <= 3.2.6 - DLMFENC.sys Local Kernel ring0 link list zero PoC DESlock+ <= 3.2.6 DLMFDISK.sys Local kernel ring0 SYSTEM Exploit DESlock+ <= 3.2.6 - DLMFDISK.sys Local kernel ring0 SYSTEM Exploit SCO UnixWare < 7.1.4 p534589 (pkgadd) Local Root Exploit SCO UnixWare < 7.1.4 p534589 - (pkgadd) Local Root Exploit SCO UnixWare Merge mcd Local Root Exploit SCO UnixWare Merge - mcd Local Root Exploit Deterministic Network Enhancer dne2000.sys kernel ring0 SYSTEM Exploit Deterministic Network Enhancer - dne2000.sys kernel ring0 SYSTEM Exploit OpenBSD 4.0 (FIRST ANIMATED EXPLOIT) Local Root Exploit (vga) OpenBSD 4.0 - Local Root Exploit (vga) DESlock+ <= 3.2.7 (probe read) Local Kernel Denial of Service PoC DESlock+ <= 3.2.7 - (probe read) Local Kernel Denial of Service PoC QNX 6.4.0 bitflipped elf binary (id) Kernel Panic Exploit QNX 6.4.0 - bitflipped elf binary (id) Kernel Panic Exploit FreeBSD 7.x (Dumping Environment) Local Kernel Panic Exploit FreeBSD 7.x - (Dumping Environment) Local Kernel Panic Exploit FreeBSD 7.0/7.1 (ktimer) Local Kernel Root Exploit Mac OS X xnu <= 1228.3.13 (zip-notify) Remote Kernel Overflow PoC Mac OS X xnu <= 1228.3.13 (macfsstat) Local Kernel Memory Leak/DoS Mac OS X xnu <= 1228.3.13 (profil) Kernel Memory Leak/DoS PoC FreeBSD 7.0/7.1 - (ktimer) Local Kernel Root Exploit Mac OS X xnu <= 1228.3.13 - (zip-notify) Remote Kernel Overflow PoC Mac OS X xnu <= 1228.3.13 - (macfsstat) Local Kernel Memory Leak/DoS Mac OS X xnu <= 1228.3.13 - (profil) Kernel Memory Leak/DoS PoC Mac OS X xnu <= 1228.x (hfs-fcntl) Local Kernel Root Exploit Mac OS X xnu <= 1228.x - (hfs-fcntl) Local Kernel Root Exploit Solaris 10 / OpenSolaris (dtrace) Local Kernel Denial of Service PoC Solaris 10 / OpenSolaris (fasttrap) Local Kernel Denial of Service PoC Solaris 10 / OpenSolaris - (dtrace) Local Kernel Denial of Service PoC Solaris 10 / OpenSolaris - (fasttrap) Local Kernel Denial of Service PoC DESlock+ 4.0.2 dlpcrypt.sys Local Kernel ring0 Code Execution Exploit DESlock+ 4.0.2 - dlpcrypt.sys Local Kernel ring0 Code Execution Exploit FreeBSD 7.2-RELEASE SCTP Local Kernel Denial of Service Exploit FreeBSD 7.2-RELEASE - SCTP Local Kernel Denial of Service Exploit VMWare Fusion <= 2.0.5 vmx86 kext Local kernel Root Exploit VMWare Fusion <= 2.0.5 - vmx86 kext Local kernel Root Exploit Linux Kernel < 2.6.31-rc4 nfs4_proc_lock() Denial of Service Linux Kernel < 2.6.31-rc4 - nfs4_proc_lock() Denial of Service Authentium SafeCentral <= 2.6 shdrv.sys Local kernel ring0 SYSTEM Exploit Authentium SafeCentral <= 2.6 - shdrv.sys Local kernel ring0 SYSTEM Exploit Windows 2000/XP/2003 Win32k.sys SfnLOGONNOTIFY Local kernel Denial of Service Vulnerability Windows 2000/XP/2003 Win32k.sys SfnINSTRING Local kernel Denial of Service Vulnerability Windows 2000/XP/2003 - Win32k.sys SfnLOGONNOTIFY Local kernel Denial of Service Vulnerability Windows 2000/XP/2003 - Win32k.sys SfnINSTRING Local kernel Denial of Service Vulnerability linux/x86 chroot & standart 66 bytes linux/x86 - chroot & standart 66 bytes linux/x86 break chroot 34 bytes linux/x86 break chroot 46 bytes linux/x86 break chroot execve /bin/sh 80 bytes linux/x86 - break chroot 34 bytes linux/x86 - break chroot 46 bytes linux/x86 - break chroot execve /bin/sh 80 bytes linux chroot()/execve() code linux - chroot()/execve() code linux/x86 break chroot setuid(0) + /bin/sh 132 bytes linux/x86 - break chroot setuid(0) + /bin/sh 132 bytes linux/x86 break chroot 79 bytes linux/x86 - break chroot 79 bytes FreeBSD Kernel nfs_mount() Exploit FreeBSD Kernel mountnfs() Exploit FreeBSD Kernel - nfs_mount() Exploit FreeBSD Kernel - mountnfs() Exploit FreeBSD 8.1/7.3 vm.pmap Kernel Local Race Condition FreeBSD 8.1/7.3 - vm.pmap Kernel Local Race Condition Kingsoft Antivirus <= 2010.04.26.648 Kernel Buffer Overflow Exploit Kingsoft Antivirus <= 2010.04.26.648 - Kernel Buffer Overflow Exploit Linux Kernel Stack Infoleaks Vulnerability Linux Kernel - Stack Infoleaks Vulnerability Linux Kernel 'setup_arg_pages()' Denial of Service Vulnerability Linux Kernel - 'setup_arg_pages()' Denial of Service Vulnerability IBM Tivoli Storage Manager (TSM) Local Root IBM Tivoli Storage Manager (TSM) - Local Root DESlock+ <= 4.1.10 vdlptokn.sys Local Kernel ring0 SYSTEM Exploit DESlock+ <= 4.1.10 - vdlptokn.sys Local Kernel ring0 SYSTEM Exploit Linux Kernel < 2.6.37-rc2 TCP_MAXSEG Kernel Panic DoS Linux Kernel < 2.6.37-rc2 - TCP_MAXSEG Kernel Panic DoS IPComp encapsulation pre-auth kernel memory corruption IPComp - encapsulation pre-auth kernel memory corruption Linux Kernel 'perf_count_sw_cpu_clock' event Denial of Service Linux Kernel - 'perf_count_sw_cpu_clock' event Denial of Service Mac OS X < 10.6.7 Kernel Panic Exploit Mac OS X < 10.6.7 - Kernel Panic Exploit Calibre E-Book Reader Local Root Exploit Calibre E-Book Reader - Local Root Exploit (1) Calibre E-Book Reader Local Root Exploit Calibre E-Book Reader Local Root Race Condition Exploit Calibre E-Book Reader - Local Root Exploit (2) Calibre E-Book Reader - Local Root Race Condition Exploit Calibre E-Book Reader Local Root Calibre E-Book Reader - Local Root Vanilla FirstLastNames 1.3.2 Plugin Persistant XSS Vanilla FirstLastNames 1.3.2 Plugin - Persistant XSS Webspell FIRSTBORN Movie-Addon Blind SQL Injection Vulnerability Webspell FIRSTBORN Movie-Addon - Blind SQL Injection Vulnerability Linux kernel 2.0/2.1 SIGIO Vulnerability Linux kernel 2.0/2.1 - SIGIO Vulnerability Digital UNIX <= 4.0 D_FreeBSD <= 2.2.4_HP HP-UX 10.20/11.0_IBM AIX <= 3.2.5_Linux kernel 2.0/2.1_NetBSD 1.2_Solaris <= 2.5.1 Smurf Denial of Service Vulnerability Digital UNIX <= 4.0 D_FreeBSD <= 2.2.4_HP HP-UX 10.20/11.0_IBM AIX <= 3.2.5_Linux kernel 2.0/2.1_NetBSD 1.2_Solaris <= 2.5.1 - Smurf Denial of Service Vulnerability Slackware Linux <= 3.5 /etc/group missing results in Root access Vulnerability Slackware Linux <= 3.5 - /etc/group missing results in Root access Vulnerability Linux kernel 2.0/2.1/2.2 autofs Vulnerability Linux kernel 2.0/2.1/2.2 - autofs Vulnerability Linux kernel 2.0 TCP Port DoS Vulnerability Linux kernel 2.2 ldd core Vulnerability Linux kernel 2.0 - TCP Port DoS Vulnerability Linux kernel 2.2 - ldd core Vulnerability Linux kernel 2.0.33 IP Fragment Overlap Vulnerability Linux kernel 2.0.33 - IP Fragment Overlap Vulnerability Linux kernel 2.0/2.0.33 i_count Overflow Vulnerability Linux kernel 2.0/2.0.33 - i_count Overflow Vulnerability Linux kernel 2.0.37 Segment Limit Vulnerability Linux kernel 2.0.37 - Segment Limit Vulnerability BSD/OS <= 4.0_FreeBSD <= 3.2_Linux kernel <= 2.3_NetBSD <= 1.4 Shared Memory Denial of Service Vulnerability BSD/OS <= 4.0_FreeBSD <= 3.2_Linux kernel <= 2.3_NetBSD <= 1.4 - Shared Memory Denial of Service Vulnerability Linux kernel 2.2 Predictable TCP Initial Sequence Number Vulnerability Linux kernel 2.2 - Predictable TCP Initial Sequence Number Vulnerability Debian 2.1_Linux kernel 2.0.x_RedHat 5.2 Packet Length with Options Vulnerability Debian 2.1_Linux kernel 2.0.x_RedHat 5.2 - Packet Length with Options Vulnerability FreeBSD Kernel SCTP Remote NULL Ptr Dereference DoS FreeBSD Kernel - SCTP Remote NULL Ptr Dereference DoS Linux Kernel 2.2.x Non-Readable File Ptrace Vulnerability Linux Kernel 2.2.x - Non-Readable File Ptrace Vulnerability Linux kernel 2.1.89/2.2.x Zero-Length Fragment Vulnerability Linux kernel 2.1.89/2.2.x - Zero-Length Fragment Vulnerability Linux kernel 2.4 IPTables FTP Stateful Inspection Arbitrary Filter Rule Insertion Linux kernel 2.4 - IPTables FTP Stateful Inspection Arbitrary Filter Rule Insertion Microsoft Windows Kernel Intel x64 SYSRET PoC Microsoft Windows Kernel - Intel x64 SYSRET PoC Microsoft Visual Studio RAD Support Buffer Overflow Vulnerability (Metasploit Microsoft Visual Studio RAD Support Buffer Overflow Vulnerability (Metasploit) Linux kernel 2.2/2.4 procfs Stream Redirection to Process Memory Vulnerability Linux kernel 2.2/2.4 - procfs Stream Redirection to Process Memory Vulnerability CylantSecure 1.0 Kernel Module Syscall Rerouting Vulnerability CylantSecure 1.0 - Kernel Module Syscall Rerouting Vulnerability HP-UX 11_Linux kernel 2.4_Windows 2000/NT 4.0_IRIX 6.5 Small TCP MSS DoS HP-UX 11_Linux kernel 2.4_Windows 2000/NT 4.0_IRIX 6.5 - Small TCP MSS DoS Linux kernel 2.2/2.4 Deep Symbolic Link Denial of Service Vulnerability Linux kernel 2.2/2.4 - Deep Symbolic Link Denial of Service Vulnerability Linux Kernel 2.2/2.4 Ptrace/Setuid Exec Vulnerability Linux Kernel 2.2/2.4 - Ptrace/Setuid Exec Vulnerability Linux Kernel 2.2.x/2.3/2.4.x d_path() Path Truncation Vulnerability Linux Kernel 2.2.x/2.3/2.4.x - d_path() Path Truncation Vulnerability grsecurity Kernel Patch 1.9.4 Linux Kernel Memory Protection Weakness grsecurity Kernel Patch 1.9.4 - Linux Kernel Memory Protection Weakness BubbleMon 1.x Kernel Memory File Descriptor Leakage Vulnerability ASCPU 0.60 Kernel Memory File Descriptor Leakage Vulnerability BubbleMon 1.x Kernel - Memory File Descriptor Leakage Vulnerability ASCPU 0.60 Kernel - Memory File Descriptor Leakage Vulnerability Linux Kernel 2.0.x/2.2.x/2.4.x_FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure Linux Kernel 2.0.x/2.2.x/2.4.x_FreeBSD 4.x - Network Device Driver Frame Padding Information Disclosure Linux kernel 2.2.x/2.4.x I/O System Call File Existence Weakness Linux kernel 2.2.x/2.4.x - I/O System Call File Existence Weakness Linux kernel 2.2./2.4.x /proc Filesystem Potential Information Disclosure Vulnerability Linux kernel 2.2./2.4.x - /proc Filesystem Potential Information Disclosure Vulnerability Centrinity FirstClass 7.1 HTTP Server Directory Disclosure Vulnerability Centrinity FirstClass 7.1 - HTTP Server Directory Disclosure Vulnerability Linux VServer Project 1.2x CHRoot Breakout Vulnerability Linux VServer Project 1.2x - CHRoot Breakout Vulnerability Sun Solaris 8/9 Unspecified Passwd Local Root Compromise Vulnerability Sun Solaris 8/9 - Unspecified Passwd Local Root Compromise Vulnerability Centrinity FirstClass HTTP Server 5/7 TargetName Parameter Cross-Site Scripting Vulnerability Centrinity FirstClass HTTP Server 5/7 - TargetName Parameter Cross-Site Scripting Vulnerability Darwin Kernel 7.1 Mach File Parsing Local Integer Overflow Vulnerability Darwin Kernel 7.1 - Mach File Parsing Local Integer Overflow Vulnerability Linux Kernel NFS and EXT3 Combination Remote Denial of Service Vulnerability Linux Kernel - NFS and EXT3 Combination Remote Denial of Service Vulnerability Campsite 2.6.1 SubscriptionSection.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 SystemPref.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - SubscriptionSection.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - SystemPref.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 Template.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 TimeUnit.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - Template.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - TimeUnit.php g_documentRoot Parameter Remote File Inclusion Sienzo Digital Music Mentor DSKernel2.DLL ActiveX Control Stack Buffer Overflow Vulnerabilities Sienzo Digital Music Mentor - DSKernel2.DLL ActiveX Control Stack Buffer Overflow Vulnerabilities Campsite 2.6.1 Alias.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 Article.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 ArticleAttachment.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 ArticleComment.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 ArticleData.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 ArticleImage.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 ArticleIndex.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 ArticlePublish.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 ArticleTopic.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 ArticleType.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 ArticleTypeField.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 Country.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 DatabaseObject.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - Alias.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - Article.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - ArticleAttachment.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - ArticleComment.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - ArticleData.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - ArticleImage.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - ArticleIndex.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - ArticlePublish.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - ArticleTopic.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - ArticleType.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - ArticleTypeField.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - Country.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - DatabaseObject.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 Event.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 IPAccess.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 Image.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 Issue.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 IssuePublish.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 Language.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 Log.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 LoginAttempts.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 Publication.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 Section.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 ShortURL.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 Subscription.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 SubscriptionDefaultTime.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 Topic.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 UrlType.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 User.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 UserType.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - Event.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - IPAccess.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - Image.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - Issue.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - IssuePublish.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - Language.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - Log.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - LoginAttempts.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - Publication.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - Section.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - ShortURL.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - Subscription.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - SubscriptionDefaultTime.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - Topic.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - UrlType.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - User.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - UserType.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 implementation/management/configuration.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 implementation/management/db_connect.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - implementation/management/configuration.php g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - implementation/management/db_connect.php g_documentRoot Parameter Remote File Inclusion Linux Kernel 2.6.22 IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability Linux Kernel 2.6.22 - IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability CORE FORCE Firewall 0.95.167 and Registry Modules Multiple Local Kernel Buffer Overflow Vulnerabilities CORE FORCE Firewall 0.95.167 and Registry Modules - Multiple Local Kernel Buffer Overflow Vulnerabilities Fedora 8/9 Linux Kernel 'utrace_control' NULL Pointer Dereference Denial of Service Vulnerability Fedora 8/9 Linux Kernel - 'utrace_control' NULL Pointer Dereference Denial of Service Vulnerability MySQL <= 6.0.9 GeomFromWKB() Function First Argument Geometry Value Handling DoS MySQL <= 6.0.9 - GeomFromWKB() Function First Argument Geometry Value Handling DoS VMware Workstations 10.0.0.40273 vmx86.sys Arbitrary Kernel Read VMware Workstations 10.0.0.40273 - vmx86.sys Arbitrary Kernel Read Linux Kernel <= 3.0.4 '/proc/interrupts' Password Length Local Information Disclosure Weakness Linux Kernel <= 3.0.4 - '/proc/interrupts' Password Length Local Information Disclosure Weakness Linux Kernel Network Namespace Remote Denial of Service Vulnerability Linux Kernel - Network Namespace Remote Denial of Service Vulnerability Linux Kernel <= 3.1.8 KVM Local Denial of Service Vulnerability Linux Kernel <= 3.1.8 - KVM Local Denial of Service Vulnerability Linux Kernel 2.6.x 'rds_recvmsg()' Function Local Information Disclosure Vulnerability Linux Kernel 2.6.x - 'rds_recvmsg()' Function Local Information Disclosure Vulnerability Linux Kernel 3.2.x 'uname()' System Call Local Information Disclosure Vulnerability Linux Kernel 3.2.x - 'uname()' System Call Local Information Disclosure Vulnerability Linux Kernel <= 3.3.5 Btrfs CRC32C feature Infinite Loop Local Denial of Service Vulnerability Linux Kernel <= 3.3.5 - Btrfs CRC32C feature Infinite Loop Local Denial of Service Vulnerability Linux Kernel 3.3.5 'CLONE_NEWUSER|CLONE_FS' Local Privilege Escalation Vulnerability Linux Kernel 3.3.5 - 'CLONE_NEWUSER|CLONE_FS' Local Privilege Escalation Vulnerability Linux Kernel <= 3.2.1 Tracing Mutiple Local Denial of Service Vulnerabilities Linux Kernel <= 3.2.1 - Tracing Mutiple Local Denial of Service Vulnerabilities Win10Pcap - Local Privilege Escalation Vulnerability Samsung m2m1shot Kernel Driver Buffer Overflow Samsung seiren Kernel Driver Buffer Overflow Samsung - m2m1shot Kernel Driver Buffer Overflow Samsung - seiren Kernel Driver Buffer Overflow Linux Kernel <= 3.3.5 'b43' Wireless Driver Local Privilege Escalation Vulnerability Linux Kernel <= 3.3.5 - 'b43' Wireless Driver Local Privilege Escalation Vulnerability NetUSB Kernel Stack Buffer Overflow NetUSB - Kernel Stack Buffer Overflow Linux Kernel <= 3.0.5 'test_root()' Function Local Denial of Service Vulnerability Linux Kernel <= 3.0.5 - 'test_root()' Function Local Denial of Service Vulnerability Windows Kernel win32k.sys Malformed TrueType Program TTF Font Processing Pool-Based Buffer Overflow (MS15-115) Windows Kernel win32k.sys Malformed OS/2 Table TTF Font Processing Pool-Based Buffer Overflow (MS15-115) Windows Kernel - win32k.sys Malformed TrueType Program TTF Font Processing Pool-Based Buffer Overflow (MS15-115) Windows Kernel - win32k.sys Malformed OS/2 Table TTF Font Processing Pool-Based Buffer Overflow (MS15-115) Chkrootkit Local Privilege Escalation Chkrootkit - Local Privilege Escalation Windows Kernel Device Contexts and NtGdiSelectBitmap Use-After-Free (MS15-115) Windows Kernel - Device Contexts and NtGdiSelectBitmap Use-After-Free (MS15-115) Linux Kernel <= 3.0.5 'ath9k_htc_set_bssid_mask()' Function Information Disclosure Vulnerability Linux Kernel <= 3.0.5 - 'ath9k_htc_set_bssid_mask()' Function Information Disclosure Vulnerability Acunetix WVS 10 - Local Privilege escalation Acunetix WVS 10 - Local Privilege Escalation Linux Kernel <= 3.3.5 '/drivers/media/media-device.c' Local Information Disclosure Vulnerability Linux Kernel <= 3.3.5 - '/drivers/media/media-device.c' Local Information Disclosure Vulnerability Linux Kernel REFCOUNT Overflow/Use-After-Free in Keyrings Linux Kernel - REFCOUNT Overflow/Use-After-Free in Keyrings Android sensord Local Root Exploit Android - sensord Local Root Exploit OS X and iOS Unsandboxable Kernel Use-After-Free in Mach Vouchers OS X and iOS - Unsandboxable Kernel Use-After-Free in Mach Vouchers Microsoft Windows WebDAV - Privilege Escalation (MS16-016) Microsoft Windows WebDAV - (BSoD) Privilege Escalation (MS16-016) Proxmox VE 3/4 Insecure Hostname Checking Remote Root Exploit Proxmox VE 3/4 - Insecure Hostname Checking Remote Root Exploit Windows Kernel ATMFD.DLL OTF Font Processing Pool-Based Buffer Overflow (MS16-026) Windows Kernel ATMFD.DLL OTF Font Processing Stack Corruption (MS16-026) Windows Kernel - ATMFD.DLL OTF Font Processing Pool-Based Buffer Overflow (MS16-026) Windows Kernel - ATMFD.DLL OTF Font Processing Stack Corruption (MS16-026) WordPress HB Audio Gallery Lite Plugin 1.0.0 - Arbitrary File Download Joomla Easy Youtube Gallery 1.0.2 - SQL Injection Vulnerability WordPress Brandfolder Plugin 3.0 - RFI / LFI Vulnerability WordPress Dharma booking Plugin 2.38.3 - File Inclusion Vulnerability WordPress Memphis Document Library Plugin 3.1.5 - Arbitrary File Download |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit-Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
Example:
searchsploit afd windows local
searchsploit -t oracle windows
=========
Options
=========
-c, --case Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-o, --overflow Exploit title's are allowed to overflow their columns.
-p, --path Show the full path to an exploit (Copies path to clipboard if possible).
-t, --title Search just the exploit title (Default is title AND the file's path).
-u, --update Update exploit database from git.
-w, --www Show URLs to Exploit-DB.com rather than local path.
--id Display EDB-ID value rather than local path.
--colour Disable colour highlighting.
=======
Notes
=======
* Use any number of search terms.
* Search terms are not case sensitive, and order is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching numbers/major versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - AFD.sys Privilege Escalation Exploit (K-plugin) | ./windows/local/6757.txt
Microsoft Windows XP - AFD.sys Local Kernel DoS Exploit | ./windows/dos/17133.c
Microsoft Windows XP/2003 Afd.sys - Local Privilege Escalation Exploit (MS11-080)| ./windows/local/18176.py
Microsoft Windows - AfdJoinLeaf Privilege Escalation (MS11-080) | ./windows/local/21844.rb
Microsoft Windows - AFD.SYS Dangling Pointer Privilege Escalation (MS14-040) | ./win32/local/39446.py
Microsoft Windows 7 x64 - AFD.SYS Privilege Escalation (MS14-040) | ./win64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#