A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb

Find a file

Offensive Security d4e17b950d DB: 2017-10-05 9 new exploits FreeBSD 6.0 - (nfsd) Remote Kernel Panic Denial of Service FreeBSD 6.0 - 'nfsd' Remote Kernel Panic (Denial of Service) FreeBSD 6.1 - (/dev/crypto) Local Kernel Denial of Service FreeBSD 6.1 /dev/crypto - Local Kernel Denial of Service SunOS 5.10 Sun Cluster - rpc.metad Denial of Service (PoC) SunOS 5.10 Sun Cluster - 'rpc.metad' Denial of Service (PoC) Minix 3.1.2a - tty panic Local Denial of Service Minix 3.1.2a - tty panic Remote Denial of Service Minix 3.1.2a - Local TTY Panic (Denial of Service) Minix 3.1.2a - Remote TTY Panic (Denial of Service) Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic Exploit Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic (Denial of Service) QNX 6.4.0 - bitflipped elf binary 'id' Kernel Panic Exploit QNX 6.4.0 - bitflipped ELF Binary 'id' Kernel Panic (Denial of Service) FreeBSD 7.x - (Dumping Environment) Local Kernel Panic Exploit FreeBSD 7.x - Dumping Environment Local Kernel Panic (Denial of Service) FreeBSD and OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service FreeBSD / OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic Denial of Service (2) Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic (Denial of Service) (2) Apple Mac OSX < 10.6.7 - Kernel Panic Apple Mac OSX < 10.6.7 - Kernel Panic (Denial of Service) genstat 14.1.0.5943 - Multiple Vulnerabilities GenStat 14.1.0.5943 - Multiple Vulnerabilities FreeBSD 3.0 - UNIX-domain Panic (Denial of Service) Solaris 7.0 - Recursive mutex_enter Remote Panic (Denial of Service) Apple Mac OSX 10.2.2 - Directory Kernel Panic Denial of Service Apple Mac OSX 10.2.2 - Directory Kernel Panic (Denial of Service) OpenBSD 5.5 - Local Kernel Panic OpenBSD 5.5 - Local Kernel Panic (Denial of Service) OpenBSD 5.6 - Multiple Local Kernel Panics (Denial of Service) FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow FreeBSD 10.2 Kernel (x64) - 'amd64_set_ldt' Heap Overflow Microsoft Windows Kernel - .win32k.sys TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow) Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow) WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (2) Apple Mac OSX 10.2.4 - DirectoryService (PATH) Privilege Escalation Apple Mac OSX 10.2.4 - DirectoryService 'PATH' Privilege Escalation FreeBSD TOP - Format String FreeBSD /usr/bin/top - Format String Qpopper 4.0.8 (FreeBSD) - (poppassd) Privilege Escalation Qpopper 4.0.8 (FreeBSD) - Privilege Escalation Sudo 1.6.9p18 - (Defaults setenv) Privilege Escalation Sudo 1.6.9p18 - 'Defaults SetEnv' Privilege Escalation FreeBSD 8.0 Run-Time Link-Editor (rtld) - Privilege Escalation FreeBSD 8.0 Run-Time Link-Editor (RTLD) - Privilege Escalation FreeBSD 3.0 - UNIX-domain panic FreeBSD 3.5/4.x - top Format String FreeBSD 3.5/4.x /usr/bin/top - Format String OpenBSD 5.6 - Multiple Local Kernel Panics Vm86 - Syscall Task Switch Kernel Panic / Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation DiskBoss Enterprise 8.4.16 - Local Buffer Overflow Microsoft Windows - RPC Locator Service Remote Exploit Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Exploit Microsoft Windows - SMB Authentication Remote Exploit Microsoft Windows 2000/XP - SMB Authentication Remote Exploit Webfroot Shoutbox < 2.32 - (Apache) Remote Exploit Webfroot Shoutbox < 2.32 (Apache) - Remote Exploit Winmail Mail Server 2.3 - Remote Format String Winmail Mail Server 2.3 Build 0402 - Remote Format String Linux eXtremail 1.5.x - Remote Format Strings Exploit eXtremail 1.5.x (Linux) - Remote Format Strings Exploit QBik WinGate WWW Proxy Server 6.1.1.1077 - (POST) Remote Buffer Overflow QBik WinGate WWW Proxy Server 6.1.1.1077 - 'POST' Remote Buffer Overflow Solaris 9 (UltraSPARC) - sadmind Remote Code Execution Solaris 9 (UltraSPARC) - 'sadmind' Remote Code Execution Sun One WebServer 6.1 - JSP Source Viewing Sun One WebServer 6.1 - .JSP Source Viewing Solaris 7.0 - Recursive mutex_enter Panic MySQL - Windows Remote System Level Exploit (Stuxnet technique) MySQL - 'Stuxnet Technique' Windows Remote System Exploit vTigerCRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit) vTiger CRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit) vTiger CRM SOAP AddEmailAttachment - Arbitrary File Upload (Metasploit) vTiger CRM 5.4.0 SOAP - AddEmailAttachment Arbitrary File Upload (Metasploit) ERS Data System 1.8.1 - Java Deserialization Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Linux/x86_64 - Kill All Processes Shellcode (19 bytes) Linux/x86_64 - Fork Bomb Shellcode (11 bytes) Linux/x86-64 - Kill All Processes Shellcode (19 bytes) Linux/x86-64 - Fork Bomb Shellcode (11 bytes) Linux/x86_64 - mkdir() 'evil' Shellcode (30 bytes) Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes) vtiger CRM 4.2 - (calpath) Multiple Remote File Inclusion vTiger CRM 4.2 - 'calpath' Multiple Remote File Inclusion Flatnuke 2.7.1 - (level) Privilege Escalation Flatnuke 2.7.1 - 'level' Privilege Escalation Vtiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting Cilem Haber 1.4.4 (Tr) - Database Disclosure (Python) Cilem Haber 1.4.4 (Tr) - Database Disclosure Vtiger CRM 5.0.4 - Unauthenticated Local File Inclusion vTiger CRM 5.0.4 - Unauthenticated Local File Inclusion vtiger CRM 5.1.0 - Local File Inclusion vTiger CRM 5.1.0 - Local File Inclusion phpmychat plus 1.94 rc1 - Multiple Vulnerabilities template CMS 2.1.1 - Multiple Vulnerabilities phpmybittorrent 2.04 - Multiple Vulnerabilities phpMyChat Plus 1.94 RC1 - Multiple Vulnerabilities Template CMS 2.1.1 - Multiple Vulnerabilities phpMyBitTorrent 2.04 - Multiple Vulnerabilities vtiger CRM 4.2 Leads Module - record Parameter Cross-Site Scripting vtiger CRM 4.2 - (RSS Aggregation Module Feed) Cross-Site Scripting vtiger CRM 4.2 - SQL Injection vTiger CRM 4.2 Leads Module - 'record' Parameter Cross-Site Scripting vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting vTiger CRM 4.2 - SQL Injection DreamLevels Dream Poll 3.0 - View_Results.php SQL Injection DreamLevels Dream Poll 3.0 - 'View_Results.php' SQL Injection vtiger CRM 5.4.0 (SOAP Services) - Multiple Vulnerabilities vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities Vtiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection vTiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection osCommerce 2.2 - admin/orders_status.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/products_attributes.php page Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/orders_status.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/products_attributes.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - admin/banner_manager.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/banner_statistics.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/countries.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/currencies.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/languages.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/manufacturers.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/products_expected.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/reviews.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/specials.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/stats_products_purchased.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/stats_products_viewed.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/tax_classes.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/tax_rates.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/zones.php page Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/banner_manager.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/banner_statistics.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/countries.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/currencies.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/languages.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/manufacturers.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/products_expected.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/reviews.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/specials.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/stats_products_purchased.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/stats_products_viewed.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/tax_classes.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/tax_rates.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/zones.php' 'page' Parameter Cross-Site Scripting Cilem Haber Free Edition - hata.asp hata Parameter Cross-Site Scripting Cilem Haber Free Edition - 'hata.asp' 'hata' Parameter Cross-Site Scripting GForge 3.1/4.5/4.6 - 'Verify.php' Cross-Site Scripting GForge 4.6/4.5/3.1 - 'Verify.php' Cross-Site Scripting Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/install_module.php level Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/uninstall_module.php level Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - upload/xax/admin/patch/index.php level Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/install_module.php level Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/uninstall_module.php level Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php' 'level' Parameter Remote File Inclusion Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion vTiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion vtiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities ITS SCADA 'Username' - SQL Injection ITS SCADA - 'Username' SQL Injection vtiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion vTiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion vtiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting vTiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting vtiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting vtiger CRM 5.2.1 - PHPrint.php Multiple Parameter Cross-Site Scripting vtiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection vTiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting vTiger CRM 5.2.1 - 'PHPrint.php' Multiple Parameter Cross-Site Scripting vTiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection vtiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities Vtiger CRM 6.3.0 - Authenticated Remote Code Execution vTiger CRM 6.3.0 - Authenticated Remote Code Execution EPESI 1.8.2 rev20170830 - Cross-Site Scripting Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution ClipBucket 2.8.3 - Remote Code Execution		2017-10-05 05:01:29 +00:00
platforms	DB: 2017-10-05	2017-10-05 05:01:29 +00:00
files.csv	DB: 2017-10-05	2017-10-05 05:01:29 +00:00
README.md	Add "--exclude" to remove values from results	2017-06-14 15:58:54 +01:00
searchsploit	Fix #101 - Git update issue & echo standard.	2017-09-18 18:22:53 +01:00

README.md

The Exploit Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

==========
 Examples
==========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446
  searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"

  For more examples, see the manual: https://www.exploit-db.com/searchsploit/

=========
 Options
=========
   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help                 Show this help screen.
   -j, --json     [Term]      Show result in JSON format.
   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
   -u, --update               Check for and install any exploitdb package updates (deb or git).
   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
       --colour               Disable colour highlighting in search results.
       --id                   Display the EDB-ID value rather than local path.
       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                                Use "-v" (verbose) to try even more combinations
       --exclude="term"       Remove values from results. By using "|" to separated you can chain multiple values.
                                e.g. --exclude="term1|term2|term3".

=======
 Notes
=======
 * You can use any number of search terms.
 * Search terms are not case-sensitive (by default), and ordering is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching using numbers - i.e. versions).
 * When updating or displaying help, search terms will be ignored.

root@kali:~#
root@kali:~# searchsploit afd windows local
---------------------------------------------------------------------------------------- -----------------------------------
 Exploit Title                                                                          |  Path
                                                                                        | (/usr/share/exploitdb/platforms/)
---------------------------------------------------------------------------------------- -----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service                         | windows/dos/17133.c
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046)                     | windows/dos/18755.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066)        | windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)                   | windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit)          | windows/local/21844.rb
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)  | win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)  | win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046)                     | win_x86/local/40564.c
---------------------------------------------------------------------------------------- -----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
    URL: https://www.exploit-db.com/exploits/39446/
   Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py

Copied EDB-ID 39446's path to the clipboard.

root@kali:~#

SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).