A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
Find a file
Offensive Security d4e17b950d DB: 2017-10-05
9 new exploits

FreeBSD 6.0 - (nfsd) Remote Kernel Panic Denial of Service
FreeBSD 6.0 - 'nfsd' Remote Kernel Panic (Denial of Service)

FreeBSD 6.1 - (/dev/crypto) Local Kernel Denial of Service
FreeBSD 6.1 /dev/crypto - Local Kernel Denial of Service

SunOS 5.10 Sun Cluster - rpc.metad Denial of Service (PoC)
SunOS 5.10 Sun Cluster - 'rpc.metad' Denial of Service (PoC)
Minix 3.1.2a - tty panic Local Denial of Service
Minix 3.1.2a - tty panic Remote Denial of Service
Minix 3.1.2a - Local TTY Panic (Denial of Service)
Minix 3.1.2a - Remote TTY Panic (Denial of Service)

Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic Exploit
Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic (Denial of Service)

QNX 6.4.0 - bitflipped elf binary 'id' Kernel Panic Exploit
QNX 6.4.0 - bitflipped ELF Binary 'id' Kernel Panic (Denial of Service)

FreeBSD 7.x - (Dumping Environment) Local Kernel Panic Exploit
FreeBSD 7.x - Dumping Environment Local Kernel Panic (Denial of Service)

FreeBSD and OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service
FreeBSD / OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service

Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic Denial of Service (2)
Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic (Denial of Service) (2)

Apple Mac OSX < 10.6.7 - Kernel Panic
Apple Mac OSX < 10.6.7 - Kernel Panic (Denial of Service)

genstat 14.1.0.5943 - Multiple Vulnerabilities
GenStat 14.1.0.5943 - Multiple Vulnerabilities

FreeBSD 3.0 - UNIX-domain Panic (Denial of Service)

Solaris 7.0 - Recursive mutex_enter Remote Panic (Denial of Service)

Apple Mac OSX 10.2.2 - Directory Kernel Panic Denial of Service
Apple Mac OSX 10.2.2 - Directory Kernel Panic (Denial of Service)

OpenBSD 5.5 - Local Kernel Panic
OpenBSD 5.5 - Local Kernel Panic (Denial of Service)

OpenBSD 5.6 - Multiple Local Kernel Panics (Denial of Service)

FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
FreeBSD 10.2 Kernel (x64) - 'amd64_set_ldt' Heap Overflow

Microsoft Windows Kernel - .win32k.sys TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow)
Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow)

WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (2)

Apple Mac OSX 10.2.4 - DirectoryService (PATH) Privilege Escalation
Apple Mac OSX 10.2.4 - DirectoryService 'PATH' Privilege Escalation

FreeBSD TOP - Format String
FreeBSD /usr/bin/top - Format String

Qpopper 4.0.8 (FreeBSD) - (poppassd) Privilege Escalation
Qpopper 4.0.8 (FreeBSD) - Privilege Escalation

Sudo 1.6.9p18 - (Defaults setenv) Privilege Escalation
Sudo 1.6.9p18 - 'Defaults SetEnv' Privilege Escalation

FreeBSD 8.0 Run-Time Link-Editor (rtld) - Privilege Escalation
FreeBSD 8.0 Run-Time Link-Editor (RTLD) - Privilege Escalation

FreeBSD 3.0 - UNIX-domain panic

FreeBSD 3.5/4.x - top Format String
FreeBSD 3.5/4.x /usr/bin/top - Format String

OpenBSD 5.6 - Multiple Local Kernel Panics

Vm86 - Syscall Task Switch Kernel Panic / Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation

DiskBoss Enterprise 8.4.16 - Local Buffer Overflow

Microsoft Windows - RPC Locator Service Remote Exploit
Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Exploit

Microsoft Windows - SMB Authentication Remote Exploit
Microsoft Windows 2000/XP - SMB Authentication Remote Exploit

Webfroot Shoutbox < 2.32 - (Apache) Remote Exploit
Webfroot Shoutbox < 2.32 (Apache) - Remote Exploit

Winmail Mail Server 2.3 - Remote Format String
Winmail Mail Server 2.3 Build 0402 - Remote Format String

Linux eXtremail 1.5.x - Remote Format Strings Exploit
eXtremail 1.5.x (Linux) - Remote Format Strings Exploit

QBik WinGate WWW Proxy Server 6.1.1.1077 - (POST) Remote Buffer Overflow
QBik WinGate WWW Proxy Server 6.1.1.1077 - 'POST' Remote Buffer Overflow

Solaris 9 (UltraSPARC) - sadmind Remote Code Execution
Solaris 9 (UltraSPARC) - 'sadmind' Remote Code Execution

Sun One WebServer 6.1 - JSP Source Viewing
Sun One WebServer 6.1 - .JSP Source Viewing

Solaris 7.0 - Recursive mutex_enter Panic

MySQL - Windows Remote System Level Exploit (Stuxnet technique)
MySQL - 'Stuxnet Technique' Windows Remote System Exploit

vTigerCRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit)
vTiger CRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit)

vTiger CRM SOAP AddEmailAttachment - Arbitrary File Upload (Metasploit)
vTiger CRM 5.4.0 SOAP - AddEmailAttachment Arbitrary File Upload (Metasploit)

ERS Data System 1.8.1 - Java Deserialization

Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Linux/x86_64 - Kill All Processes Shellcode (19 bytes)
Linux/x86_64 - Fork Bomb Shellcode (11 bytes)
Linux/x86-64 - Kill All Processes Shellcode (19 bytes)
Linux/x86-64 - Fork Bomb Shellcode (11 bytes)

Linux/x86_64 - mkdir() 'evil' Shellcode (30 bytes)
Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes)

vtiger CRM 4.2 - (calpath) Multiple Remote File Inclusion
vTiger CRM 4.2 - 'calpath' Multiple Remote File Inclusion

Flatnuke 2.7.1 - (level) Privilege Escalation
Flatnuke 2.7.1 - 'level' Privilege Escalation

Vtiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting
vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting

Cilem Haber 1.4.4 (Tr) - Database Disclosure (Python)
Cilem Haber 1.4.4 (Tr) - Database Disclosure

Vtiger CRM 5.0.4 - Unauthenticated Local File Inclusion
vTiger CRM 5.0.4 - Unauthenticated Local File Inclusion

vtiger CRM 5.1.0 - Local File Inclusion
vTiger CRM 5.1.0 - Local File Inclusion
phpmychat plus 1.94 rc1 - Multiple Vulnerabilities
template CMS 2.1.1 - Multiple Vulnerabilities
phpmybittorrent 2.04 - Multiple Vulnerabilities
phpMyChat Plus 1.94 RC1 - Multiple Vulnerabilities
Template CMS 2.1.1 - Multiple Vulnerabilities
phpMyBitTorrent 2.04 - Multiple Vulnerabilities
vtiger CRM 4.2 Leads Module - record Parameter Cross-Site Scripting
vtiger CRM 4.2 - (RSS Aggregation Module Feed) Cross-Site Scripting
vtiger CRM 4.2 - SQL Injection
vTiger CRM 4.2 Leads Module - 'record' Parameter Cross-Site Scripting
vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting
vTiger CRM 4.2 - SQL Injection

DreamLevels Dream Poll 3.0 - View_Results.php SQL Injection
DreamLevels Dream Poll 3.0 - 'View_Results.php' SQL Injection

vtiger CRM 5.4.0 (SOAP Services) - Multiple Vulnerabilities
vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities

Vtiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection
vTiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection
osCommerce 2.2 - admin/orders_status.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/products_attributes.php page Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/orders_status.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/products_attributes.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - admin/banner_manager.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/banner_statistics.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/countries.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/currencies.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/languages.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/manufacturers.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/products_expected.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/reviews.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/specials.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/stats_products_purchased.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/stats_products_viewed.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/tax_classes.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/tax_rates.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/zones.php page Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/banner_manager.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/banner_statistics.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/countries.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/currencies.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/languages.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/manufacturers.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/products_expected.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/reviews.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/specials.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/stats_products_purchased.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/stats_products_viewed.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/tax_classes.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/tax_rates.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/zones.php' 'page' Parameter Cross-Site Scripting

Cilem Haber Free Edition - hata.asp hata Parameter Cross-Site Scripting
Cilem Haber Free Edition - 'hata.asp' 'hata' Parameter Cross-Site Scripting

GForge 3.1/4.5/4.6 - 'Verify.php' Cross-Site Scripting
GForge 4.6/4.5/3.1 - 'Verify.php' Cross-Site Scripting
Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/install_module.php level Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/uninstall_module.php level Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - upload/xax/admin/patch/index.php level Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/install_module.php level Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/uninstall_module.php level Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php' 'level' Parameter Remote File Inclusion

Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion
vTiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion

vtiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities
vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities

ITS SCADA 'Username' - SQL Injection
ITS SCADA - 'Username' SQL Injection

vtiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion
vTiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion

vtiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting
vTiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting
vtiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting
vtiger CRM 5.2.1 - PHPrint.php Multiple Parameter Cross-Site Scripting
vtiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection
vTiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting
vTiger CRM 5.2.1 - 'PHPrint.php' Multiple Parameter Cross-Site Scripting
vTiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection

vtiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

Vtiger CRM 6.3.0 - Authenticated Remote Code Execution
vTiger CRM 6.3.0 - Authenticated Remote Code Execution
EPESI 1.8.2 rev20170830 - Cross-Site Scripting
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution
ClipBucket 2.8.3 - Remote Code Execution
2017-10-05 05:01:29 +00:00
platforms DB: 2017-10-05 2017-10-05 05:01:29 +00:00
files.csv DB: 2017-10-05 2017-10-05 05:01:29 +00:00
README.md Add "--exclude" to remove values from results 2017-06-14 15:58:54 +01:00
searchsploit Fix #101 - Git update issue & echo standard. 2017-09-18 18:22:53 +01:00

The Exploit Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

==========
 Examples
==========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446
  searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"

  For more examples, see the manual: https://www.exploit-db.com/searchsploit/

=========
 Options
=========
   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help                 Show this help screen.
   -j, --json     [Term]      Show result in JSON format.
   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
   -u, --update               Check for and install any exploitdb package updates (deb or git).
   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
       --colour               Disable colour highlighting in search results.
       --id                   Display the EDB-ID value rather than local path.
       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                                Use "-v" (verbose) to try even more combinations
       --exclude="term"       Remove values from results. By using "|" to separated you can chain multiple values.
                                e.g. --exclude="term1|term2|term3".

=======
 Notes
=======
 * You can use any number of search terms.
 * Search terms are not case-sensitive (by default), and ordering is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching using numbers - i.e. versions).
 * When updating or displaying help, search terms will be ignored.

root@kali:~#
root@kali:~# searchsploit afd windows local
---------------------------------------------------------------------------------------- -----------------------------------
 Exploit Title                                                                          |  Path
                                                                                        | (/usr/share/exploitdb/platforms/)
---------------------------------------------------------------------------------------- -----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service                         | windows/dos/17133.c
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046)                     | windows/dos/18755.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066)        | windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)                   | windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit)          | windows/local/21844.rb
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)  | win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)  | win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046)                     | win_x86/local/40564.c
---------------------------------------------------------------------------------------- -----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
    URL: https://www.exploit-db.com/exploits/39446/
   Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py

Copied EDB-ID 39446's path to the clipboard.

root@kali:~#

SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).