A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
e1c4e9e1ec
3 new exploits Redhat 6.1 / 6.2 - TTY Flood Users Exploit RedHat 6.1 / 6.2 - TTY Flood Users Exploit Microsoft Windows - Kernel ANI File Parsing Crash Microsoft Windows Kernel - '.ANI' File Parsing Crash PunBB 2.0.10 - (Register Multiple Users) Denial Of Service PunBB 2.0.10 - (Register Multiple Users) Denial of Service Apple Mac OSX 10.4.x - Kernel shared_region_map_file_np() Memory Corruption Apple Mac OSX 10.4.x Kernel - shared_region_map_file_np() Memory Corruption MailEnable Professional/Enterprise 2.35 - Out of Bounds Denial Of Service MailEnable Professional/Enterprise 2.35 - Out of Bounds Denial of Service MailEnable Professional/Enterprise 2.37 - Denial Of Service MailEnable Professional/Enterprise 2.37 - Denial of Service Apple Mac OSX 10.4.x - Kernel i386_set_ldt() Integer Overflow (PoC) Apple Mac OSX 10.4.x Kernel - i386_set_ldt() Integer Overflow (PoC) Galaxy FTP Server 1.0 - (Neostrada Livebox DSL Router) Denial Of Service Galaxy FTP Server 1.0 - (Neostrada Livebox DSL Router) Denial of Service MailEnable 3.13 SMTP Service - 'VRFY/EXPN' Command Denial Of Service MailEnable 3.13 SMTP Service - 'VRFY/EXPN' Command Denial of Service snircd 1.3.4 - (send_user_mode) Denial of Service MPlayer - sdpplin_parse() Array Indexing Buffer Overflow (PoC) Snircd 1.3.4 - 'send_user_mode' Denial of Service MPlayer 1.0 rc2 - 'sdpplin_parse()' Array Indexing Buffer Overflow (PoC) LogMeIn Remote Access Utility - ActiveX Memory Corruption (Denial Of Service) LogMeIn Remote Access Utility - ActiveX Memory Corruption (Denial of Service) ZoIPer 2.22 - Call-Info Remote Denial Of Service ZoIPer 2.22 - Call-Info Remote Denial of Service Dualis 20.4 - '.bin' Local Denial Of Service Dualis 20.4 - '.bin' Local Denial of Service Dolphin 2.0 - '.elf' Local Denial Of Service Dolphin 2.0 - '.elf' Local Denial of Service Home FTP Server r1.10.3 (build 144) - Denial of Service Home FTP Server 1.10.3 (build 144) - Denial of Service Red Hat Linux - stickiness of /tmp Exploit RedHat Linux - Stickiness of /tmp Exploit Apple Mac OSX < 10.6.7 - Kernel Panic Exploit Apple Mac OSX < 10.6.7 - Kernel Panic Red Hat TUX 2.1.0-2 - HTTP Server Oversized Host Denial of Service RedHat TUX 2.1.0-2 - HTTP Server Oversized Host Denial of Service Titan FTP Server 3.0 - 'LIST' Command Denial Of Service Titan FTP Server 3.0 - 'LIST' Command Denial of Service Mozilla0.x / Netscape 3/4 / Firefox 1.0 - JavaScript IFRAME Rendering Denial Of Service Mozilla0.x / Netscape 3/4 / Firefox 1.0 - JavaScript IFRAME Rendering Denial of Service I Hear U 0.5.6 - Multiple Remote Denial Of Service Vulnerabilities I Hear U 0.5.6 - Multiple Remote Denial of Service Vulnerabilities Microsoft Windows Explorer - '.png' Image Local Denial Of Service Microsoft Windows Explorer - '.png' Image Local Denial of Service Mozilla FireFox 2.0.8 - Sidebar Bookmark Persistent Denial Of Service Mozilla FireFox 2.0.8 - Sidebar Bookmark Persistent Denial of Service MySQL 5.1.23 - Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of Service MySQL 5.1.23 - Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial of Service PHP 5.2.5 - Multiple GetText functions Denial Of Service Vulnerabilities PHP 5.2.5 - Multiple GetText functions Denial of Service Vulnerabilities LIVE555 Media Server 2007.11.1 - ParseRTSPRequestString Remote Denial Of Service LIVE555 Media Server 2007.11.1 - ParseRTSPRequestString Remote Denial of Service Pragma Systems FortressSSH 5.0 - 'msvcrt.dll' Exception Handling Remote Denial Of Service Pragma Systems FortressSSH 5.0 - 'msvcrt.dll' Exception Handling Remote Denial of Service Sami FTP Server 2.0.x - Multiple Commands Remote Denial Of Service Vulnerabilities Sami FTP Server 2.0.x - Multiple Commands Remote Denial of Service Vulnerabilities SurgeFTP 2.3a2 - 'Content-Length' Parameter Null Pointer Denial Of Service SurgeFTP 2.3a2 - 'Content-Length' Parameter Null Pointer Denial of Service RemotelyAnywhere 8.0.668 - 'Accept-Charset' Parameter Null Pointer Denial Of Service RemotelyAnywhere 8.0.668 - 'Accept-Charset' Parameter Null Pointer Denial of Service MySQL 5.1.13 - INFORMATION_SCHEMA Remote Denial Of Service snircd 1.3.4 And ircu 2.10.12.12 - 'set_user_mode' Remote Denial of Service MySQL 5.1.13 - INFORMATION_SCHEMA Remote Denial of Service SLMail Pro 6.3.1.0 - Multiple Remote Denial Of Service / Memory Corruption Vulnerabilities Microsoft Windows XP/Vista/2000/2003/2008 - Kernel Usermode Callback Privilege Escalation (1) SLMail Pro 6.3.1.0 - Multiple Remote Denial of Service / Memory Corruption Vulnerabilities Microsoft Windows XP/Vista/2000/2003/2008 Kernel - Usermode Callback Privilege Escalation (1) SmarterTools SmarterMail 5.0 - HTTP Request Handling Denial Of Service SmarterTools SmarterMail 5.0 - HTTP Request Handling Denial of Service Apple iCal 3.0.1 - 'ATTACH' Parameter Denial Of Service Apple iCal 3.0.1 - 'ATTACH' Parameter Denial of Service WinWebMail 3.7.3 - IMAP Login Data Handling Denial Of Service WinWebMail 3.7.3 - IMAP Login Data Handling Denial of Service Computer Associates ARCserve Backup Discovery Service Remote - Denial Of Service Computer Associates ARCserve Backup Discovery Service Remote - Denial of Service Microsoft Excel 2007 - JavaScript Code Remote Denial Of Service Microsoft Excel 2007 - JavaScript Code Remote Denial of Service GNOME Rhythmbox 0.11.5 - Malformed Playlist File Denial Of Service GNOME Rhythmbox 0.11.5 - Malformed Playlist File Denial of Service GNOME Evolution 2.22.2 - 'html_engine_get_view_width()' Denial Of Service GNOME Evolution 2.22.2 - 'html_engine_get_view_width()' Denial of Service SWAT 4 - Multiple Denial Of Service Vulnerabilities SWAT 4 - Multiple Denial of Service Vulnerabilities Unreal Tournament 3 - Denial Of Service / Memory Corruption Unreal Tournament 3 - Denial of Service / Memory Corruption Combat Evolved 1.0.7.0615 - Multiple Denial Of Service Vulnerabilities Combat Evolved 1.0.7.0615 - Multiple Denial of Service Vulnerabilities Noticeware Email Server 4.6 - NG LOGIN Messages Denial Of Service Noticeware Email Server 4.6 - NG LOGIN Messages Denial of Service Ruby 1.9 - REXML Remote Denial Of Service Ruby 1.9 - REXML Remote Denial of Service Red Hat 8/9 - Directory Server Crafted Search Pattern Denial of Service RedHat 8/9 - Directory Server Crafted Search Pattern Denial of Service MySQL 6.0.4 - Empty Binary String Literal Remote Denial Of Service MySQL 6.0.4 - Empty Binary String Literal Remote Denial of Service Mass Downloader - Malformed Executable Denial Of Service Mass Downloader - Malformed Executable Denial of Service Microsoft Windows 2003/Vista - 'UnhookWindowsHookEx' Local Denial Of Service Zope 2.11.2 - PythonScript Multiple Remote Denial Of Service Vulnerabilities Microsoft Windows 2003/Vista - 'UnhookWindowsHookEx' Local Denial of Service Zope 2.11.2 - PythonScript Multiple Remote Denial of Service Vulnerabilities GeSHi 1.0.x - XML Parsing Remote Denial Of Service GeSHi 1.0.x - XML Parsing Remote Denial of Service Symbian S60 - Malformed SMS/Mms Remote Denial Of Service Symbian S60 - Malformed SMS/Mms Remote Denial of Service InfraRecorder 0.53 - Memory Corruption (Denial Of Service) IBM Websphere DataPower XML Security Gateway 3.6.1 XS40 - Remote Denial Of Service InfraRecorder 0.53 - Memory Corruption (Denial of Service) IBM Websphere DataPower XML Security Gateway 3.6.1 XS40 - Remote Denial of Service QNX RTOS 6.4 - Malformed ELF Binary File Local Denial Of Service QNX RTOS 6.4 - Malformed ELF Binary File Local Denial of Service Apple Safari For Windows 3.2.1 - Malformed URI Remote Denial Of Service PHP 5.2.5 - 'mbstring.func_overload' WebServer Denial Of Service Apple Safari For Windows 3.2.1 - Malformed URI Remote Denial of Service PHP 5.2.5 - 'mbstring.func_overload' WebServer Denial of Service Apple Safari 4 - Malformed 'feeds:' URI Null Pointer Dereference Remote Denial Of Service Apple Safari 4 - Malformed 'feeds:' URI Null Pointer Dereference Remote Denial of Service MySQL 6.0.9 - XPath Expression Remote Denial Of Service MySQL 6.0.9 - XPath Expression Remote Denial of Service MPlayer - Malformed AAC File Handling Denial of Service MPlayer - Malformed OGM File Handling Denial of Service MPlayer - '.AAC' File Handling Denial of Service MPlayer - '.OGM' File Handling Denial of Service Mani's Admin Plugin - Remote Denial Of Service Mani's Admin Plugin - Remote Denial of Service cFos Personal Net 3.09 - Remote Heap Memory Corruption (Denial Of Service) CUPS 1.3.9 - 'cups/ipp.c' Null Pointer Dereference Denial Of Service cFos Personal Net 3.09 - Remote Heap Memory Corruption (Denial of Service) CUPS 1.3.9 - 'cups/ipp.c' Null Pointer Dereference Denial of Service Git 1.6.3 - Parameter Processing Remote Denial Of Service Git 1.6.3 - Parameter Processing Remote Denial of Service GUPnP 0.12.7 - Message Handling Denial Of Service GUPnP 0.12.7 - Message Handling Denial of Service ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial Of Service ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial of Service FileCOPA FTP Server 5.01 - 'NOOP' Command Denial Of Service FileCOPA FTP Server 5.01 - 'NOOP' Command Denial of Service Snort 2.8.5 - Multiple Denial Of Service Vulnerabilities Snort 2.8.5 - Multiple Denial of Service Vulnerabilities lighttpd 1.4/1.5 - Slow Request Handling Remote Denial Of Service lighttpd 1.4/1.5 - Slow Request Handling Remote Denial of Service Skybox Security 6.3.x < 6.4.x - Multiple Denial Of Service Issue Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Issue Hybserv2 - ':help' Command Denial Of Service Hybserv2 - ':help' Command Denial of Service Mozilla Firefox 3.5.x and SeaMonkey 2.0.1 - Remote Denial Of Service Apple Safari 4.0.4 - Remote Denial Of Service Mozilla Firefox 3.5.x and SeaMonkey 2.0.1 - Remote Denial of Service Apple Safari 4.0.4 - Remote Denial of Service FreeBSD 8.0 / OpenBSD 4.x - 'ftpd' Null Pointer Dereference Denial Of Service FreeBSD 8.0 / OpenBSD 4.x - 'ftpd' Null Pointer Dereference Denial of Service PostgreSQL 8.4.1 - JOIN Hashtable Size Integer Overflow Denial Of Service PostgreSQL 8.4.1 - JOIN Hashtable Size Integer Overflow Denial of Service Remote Help HTTP 0.0.7 - GET Request Format String Denial Of Service Remote Help HTTP 0.0.7 - GET Request Format String Denial of Service netKar PRO 1.1 - '.nkuser' File Creation Null Pointer Denial Of Service netKar PRO 1.1 - '.nkuser' File Creation Null Pointer Denial of Service Geo++ GNCASTER 1.4.0.7 - HTTP GET Request Denial Of Service Geo++ GNCASTER 1.4.0.7 NMEA-data - Denial Of Service Xitami 5.0 - '/AUX' Request Remote Denial Of Service Geo++ GNCASTER 1.4.0.7 - HTTP GET Request Denial of Service Geo++ GNCASTER 1.4.0.7 NMEA-data - Denial of Service Xitami 5.0 - '/AUX' Request Remote Denial of Service Torque Game Engine - Multiple Denial Of Service Vulnerabilities Torque Game Engine - Multiple Denial of Service Vulnerabilities EA Battlefield 2 1.41 / Battlefield 2142 1.50 - Multiple Denial Of Service Vulnerabilities EA Battlefield 2 1.41 / Battlefield 2142 1.50 - Multiple Denial of Service Vulnerabilities Unreal Engine - 'ReceivedRawBunch()' Denial Of Service Unreal Engine - 'ReceivedRawBunch()' Denial of Service Chrome Engine 4 - Denial Of Service Chrome Engine 4 - Denial of Service Sagem Fast 3304-V1 - Denial Of Service Sagem Fast 3304-V1 - Denial of Service Sumatra PDF 1.1 - Denial Of Service Sumatra PDF 1.1 - Denial of Service Freeciv 2.2.1 - Multiple Remote Denial Of Service Vulnerabilities Multiple Tripwire Interactive Games - 'STEAMCLIENTBLOB' Multiple Denial Of Service Vulnerabilities Freeciv 2.2.1 - Multiple Remote Denial of Service Vulnerabilities Multiple Tripwire Interactive Games - 'STEAMCLIENTBLOB' Multiple Denial of Service Vulnerabilities Microsoft DirectX 8/9 DirectPlay - Multiple Denial Of Service Vulnerabilities Microsoft DirectX 8/9 DirectPlay - Multiple Denial of Service Vulnerabilities PMSoftware Simple Web Server 2.1 - 'From:' Header Processing Remote Denial Of Service PMSoftware Simple Web Server 2.1 - 'From:' Header Processing Remote Denial of Service Sniper Elite 1.0 - Null Pointer Dereference Denial Of Service Sniper Elite 1.0 - Null Pointer Dereference Denial of Service MySQL 5.1.48 - 'Temporary InnoDB' Tables Denial Of Service MySQL 5.1.48 - 'EXPLAIN' Denial Of Service OraclMySQL 5.1.48 - 'LOAD DATA INFILE' Denial Of Service MySQL 5.1.48 - 'Temporary InnoDB' Tables Denial of Service MySQL 5.1.48 - 'EXPLAIN' Denial of Service OraclMySQL 5.1.48 - 'LOAD DATA INFILE' Denial of Service Oracle MySQL 5.1.48 - 'HANDLER' Interface Denial Of Service Oracle MySQL < 5.1.49 - Malformed 'BINLOG' Arguments Denial Of Service Oracle MySQL < 5.1.49 - 'DDL' Statements Denial Of Service Oracle MySQL 5.1.48 - 'HANDLER' Interface Denial of Service Oracle MySQL < 5.1.49 - Malformed 'BINLOG' Arguments Denial of Service Oracle MySQL < 5.1.49 - 'DDL' Statements Denial of Service GNU glibc - 'regcomp()' Stack Exhaustion Denial Of Service GNU glibc - 'regcomp()' Stack Exhaustion Denial of Service Mongoose 2.11 - 'Content-Length' HTTP Header Remote Denial Of Service Mongoose 2.11 - 'Content-Length' HTTP Header Remote Denial of Service Microsoft Internet Explorer 11 - Denial Of Service Microsoft Internet Explorer 11 - Denial of Service Golden FTP Server 4.70 - Malformed Message Denial Of Service Golden FTP Server 4.70 - Malformed Message Denial of Service TP-Link TL-WR740N - Denial Of Service PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference Denial Of Service TP-Link TL-WR740N - Denial of Service PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference Denial of Service Battlefield 2/2142 - Malformed Packet Null Pointer Dereference Remote Denial Of Service Battlefield 2/2142 - Malformed Packet Null Pointer Dereference Remote Denial of Service Wireshark 1.4.3 - NTLMSSP Null Pointer Dereference Denial Of Service Air Contacts Lite - HTTP Packet Denial Of Service Wireshark 1.4.3 - NTLMSSP Null Pointer Dereference Denial of Service Air Contacts Lite - HTTP Packet Denial of Service TOTVS ERP Microsiga Protheus 8/10 - Memory Corruption (Denial Of Service) TOTVS ERP Microsiga Protheus 8/10 - Memory Corruption (Denial of Service) Perl 5.10 - Multiple Null Pointer Dereference Denial Of Service Vulnerabilities Perl 5.10 - Multiple Null Pointer Dereference Denial of Service Vulnerabilities Novell eDirectory 8.8 and Netware LDAP-SSL Daemon - Denial Of Service Novell eDirectory 8.8 and Netware LDAP-SSL Daemon - Denial of Service Wireshark 1.4.5 - 'bytes_repr_len()' Null Pointer Dereference Denial Of Service Wireshark 1.4.5 - 'bytes_repr_len()' Null Pointer Dereference Denial of Service RealityServer Web Services RTMP Server 3.1.1 build 144525.5 - Null Pointer Dereference Denial Of Service RealityServer Web Services RTMP Server 3.1.1 build 144525.5 - Null Pointer Dereference Denial of Service PHP < 5.3.7 - Multiple Null Pointer Dereference Denial Of Service Vulnerabilities PHP < 5.3.7 - Multiple Null Pointer Dereference Denial of Service Vulnerabilities Polipo 1.0.4.1 - POST/PUT Requests HTTP Header Processing Denial Of Service Microsoft Host Integration Server 2004-2010 - Remote Denial Of Service Polipo 1.0.4.1 - POST/PUT Requests HTTP Header Processing Denial of Service Microsoft Host Integration Server 2004-2010 - Remote Denial of Service Multiple Vendors - libc 'regcomp()' Stack Exhaustion Denial Of Service Multiple Vendors - libc 'regcomp()' Stack Exhaustion Denial of Service Titan FTP Server 8.40 - 'APPE' Command Remote Denial Of Service Titan FTP Server 8.40 - 'APPE' Command Remote Denial of Service Apache APR - Hash Collision Denial Of Service PHP PDORow Object - Remote Denial Of Service Apache APR - Hash Collision Denial of Service PHP PDORow Object - Remote Denial of Service PHP 5.3.8 - Remote Denial Of Service PHP 5.3.8 - Remote Denial of Service Mercury MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerabilities Mercury MR804 Router - Multiple HTTP Header Fields Denial of Service Vulnerabilities Sony Bravia KDL-32CX525 - 'hping' Command Remote Denial Of Service Sony Bravia KDL-32CX525 - 'hping' Command Remote Denial of Service Universal Reader 1.16.740.0 - 'uread.exe' Denial Of Service Universal Reader 1.16.740.0 - 'uread.exe' Denial of Service Apache Sling - Denial Of Service Apache Sling - Denial of Service VideoLAN VLC Media Player 2.0.2 - '.3gp' File Divide-by-Zero Denial Of Service VideoLAN VLC Media Player 2.0.2 - '.3gp' File Divide-by-Zero Denial of Service Microsoft Windows - Kernel Bitmap Handling Use-After-Free (MS15-061) (2) Microsoft Windows - Kernel DeferWindowPos Use-After-Free (MS15-073) Microsoft Windows - Kernel UserCommitDesktopMemory Use-After-Free (MS15-073) Microsoft Windows - Kernel Pool Buffer Overflow Drawing Caption Bar (MS15-061) Microsoft Windows - Kernel HmgAllocateObjectAttr Use-After-Free (MS15-061) Microsoft Windows - Kernel win32k!vSolidFillRect Buffer Overflow (MS15-061) Microsoft Windows - Kernel SURFOBJ Null Pointer Dereference (MS15-061) Microsoft Windows - Kernel Brush Object Use-After-Free (MS15-061) Microsoft Windows - Kernel WindowStation Use-After-Free (MS15-061) Microsoft Windows - Kernel Null Pointer Dereference with Window Station and Clipboard (MS15-061) Microsoft Windows - Kernel Bitmap Handling Use-After-Free (MS15-061) (1) Microsoft Windows - Kernel FlashWindowEx Memory Corruption (MS15-097) Microsoft Windows - Kernel bGetRealizedBrush Use-After-Free (MS15-097) Microsoft Windows - Kernel Use-After-Free with Cursor Object (MS15-097) Microsoft Windows - Kernel Use-After-Free with Printer Device Contexts (MS15-097) Microsoft Windows - Kernel NtGdiStretchBlt Pool Buffer Overflows (MS15-097) Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2) Microsoft Windows Kernel - DeferWindowPos Use-After-Free (MS15-073) Microsoft Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073) Microsoft Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061) Microsoft Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061) Microsoft Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061) Microsoft Windows Kernel - SURFOBJ Null Pointer Dereference (MS15-061) Microsoft Windows Kernel - Brush Object Use-After-Free (MS15-061) Microsoft Windows Kernel - WindowStation Use-After-Free (MS15-061) Microsoft Windows Kernel - Null Pointer Dereference with Window Station and Clipboard (MS15-061) Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1) Microsoft Windows Kernel - FlashWindowEx Memory Corruption (MS15-097) Microsoft Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097) Microsoft Windows Kernel - Use-After-Free with Cursor Object (MS15-097) Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097) Microsoft Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097) Microsoft Windows - Kernel NtGdiBitBlt Buffer Overflow (MS15-097) Microsoft Windows Kernel - NtGdiBitBlt Buffer Overflow (MS15-097) MySQL / MariaDB - Geometry Query Denial Of Service MySQL / MariaDB - Geometry Query Denial of Service Apple Mac OSX - Kernel IOAccelMemoryInfoUserClient Use-After-Free Apple Mac OSX Kernel - IOAccelMemoryInfoUserClient Use-After-Free Microsoft Windows - Kernel 'win32k.sys' Malformed TrueType Program TTF Font Processing Pool-Based Buffer Overflow (MS15-115) Microsoft Windows - Kernel 'win32k.sys' Malformed OS/2 Table TTF Font Processing Pool-Based Buffer Overflow (MS15-115) Microsoft Windows Kernel - 'win32k.sys' Malformed TrueType Program TTF Font Processing Pool-Based Buffer Overflow (MS15-115) Microsoft Windows Kernel - 'win32k.sys' Malformed OS/2 Table TTF Font Processing Pool-Based Buffer Overflow (MS15-115) Blue Coat ProxySG 5.x - and Security Gateway OS Denial Of Service Blue Coat ProxySG 5.x - and Security Gateway OS Denial of Service Microsoft Windows - Kernel Device Contexts and NtGdiSelectBitmap Use-After-Free (MS15-115) Microsoft Windows Kernel - Device Contexts and NtGdiSelectBitmap Use-After-Free (MS15-115) Apple Mac OSX - Kernel no-more-senders Use-After-Free Apple Mac OSX Kernel - no-more-senders Use-After-Free Apple Mac OSX - Kernel IOAccelDisplayPipeUserClient2 Use-After-Free Apple Mac OSX Kernel - IOAccelDisplayPipeUserClient2 Use-After-Free TFTPD32 / Tftpd64 - Denial Of Service TFTPD32 / Tftpd64 - Denial of Service Apple Mac OSX / iOS - Kernel IOHDIXControllUserClient::clientClose Use-After-Free/Double-Free Apple Mac OSX / iOS - Kernel iokit Registry Iterator Manipulation Double-Free Apple Mac OSX / iOS Kernel - IOHDIXControllUserClient::clientClose Use-After-Free/Double-Free Apple Mac OSX / iOS Kernel - iokit Registry Iterator Manipulation Double-Free Apple Mac OSX - Kernel Hypervisor Driver Use-After-Free Apple Mac OSX Kernel - Hypervisor Driver Use-After-Free Microsoft Windows - Kernel 'ATMFD.dll' OTF Font Processing Pool-Based Buffer Overflow (MS16-026) Microsoft Windows - Kernel 'ATMFD.dll' OTF Font Processing Stack Corruption (MS16-026) Microsoft Windows Kernel - 'ATMFD.dll' OTF Font Processing Pool-Based Buffer Overflow (MS16-026) Microsoft Windows Kernel - 'ATMFD.dll' OTF Font Processing Stack Corruption (MS16-026) Apple Mac OSX - Kernel Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort Apple Mac OSX Kernel - Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort Apple Mac OSX - Kernel AppleKeyStore Use-After-Free Apple Mac OSX - Kernel Unchecked Array Index Used to Read Object Pointer Then Call Virtual Method in Nvidia Geforce Driver Apple Mac OSX - Kernel Use-After-Free and Double Delete Due to Incorrect Locking in Intel GPU Driver Apple Mac OSX Kernel - AppleKeyStore Use-After-Free Apple Mac OSX Kernel - Unchecked Array Index Used to Read Object Pointer Then Call Virtual Method in Nvidia Geforce Driver Apple Mac OSX Kernel - Use-After-Free and Double Delete Due to Incorrect Locking in Intel GPU Driver Microsoft Windows - Kernel Bitmap Use-After-Free Microsoft Windows - Kernel NtGdiGetTextExtentExW Out-of-Bounds Memory Read Microsoft Windows Kernel - Bitmap Use-After-Free Microsoft Windows Kernel - NtGdiGetTextExtentExW Out-of-Bounds Memory Read Microsoft Windows - Kernel DrawMenuBarTemp Wild-Write (MS16-039) Microsoft Windows Kernel - DrawMenuBarTemp Wild-Write (MS16-039) Microsoft Windows - Kernel 'win32k.sys' TTF Processing EBLC / EBSC Tables Pool Corruption (MS16-039) Microsoft Windows Kernel - 'win32k.sys' TTF Processing EBLC / EBSC Tables Pool Corruption (MS16-039) Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in AppleMuxControl.kext Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in AppleGraphicsDeviceControl Apple Mac OSX - Kernel Exploitable NULL Dereference in IOAccelSharedUserClient2::page_off_resource Apple Mac OSX - Kernel Exploitable NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in IOAudioEngine Apple Mac OSX - Kernel OOB Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type Apple Mac OSX - Kernel Use-After-Free Due to Bad Locking in IOAcceleratorFamily2 Apple Mac OSX / iOS - Kernel UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient Apple Mac OSX - Kernel Stack Buffer Overflow in GeForce GPU Driver Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in AppleMuxControl.kext Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in AppleGraphicsDeviceControl Apple Mac OSX Kernel - Exploitable NULL Dereference in IOAccelSharedUserClient2::page_off_resource Apple Mac OSX Kernel - Exploitable NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in IOAudioEngine Apple Mac OSX Kernel - OOB Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type Apple Mac OSX Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2 Apple Mac OSX / iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient Apple Mac OSX Kernel - GeForce GPU Driver Stack Buffer Overflow Microsoft Windows - Kernel 'ATMFD.dll' NamedEscape 0x250C Pool Corruption (MS16-074) Microsoft Windows Kernel - 'ATMFD.dll' NamedEscape 0x250C Pool Corruption (MS16-074) Apple OS X - Kernel IOBluetoothFamily.kext Use-After-Free Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free Linux Kernel 2.2.x / 2.4.x (Redhat) - 'ptrace/kmod' Privilege Escalation Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation XGalaga 2.0.34 - Local game Exploit (Red Hat 9.0) xtokkaetama 1.0b - Local Game Exploit (Red Hat 9.0) XGalaga 2.0.34 (RedHat 9.0) - Local Game Exploit xtokkaetama 1.0b (RedHat 9.0) - Local Game Exploit hztty 2.0 - Privilege Escalation (Red Hat 9.0) hztty 2.0 (RedHat 9.0) - Privilege Escalation Redhat 6.2 /sbin/restore - Exploit RedHat 6.2 /sbin/restore - Exploit Redhat 6.2 Restore and Dump - Local Exploit (Perl) RedHat 6.2 Restore and Dump - Local Exploit (Perl) Redhat 6.2 /usr/bin/rcp - SUID Privilege Escalation Exploit dump 0.4b15 (Redhat 6.2) - Exploit RedHat 6.2 /usr/bin/rcp - SUID Privilege Escalation Exploit dump 0.4b15 (RedHat 6.2) - Exploit Red Hat 6.2 xsoldier 0.96 - Exploit xsoldier 0.96 (RedHat 6.2) - Exploit Redhat 6.1 man - Local Exploit (egid 15) RedHat 6.1 man - Local Exploit (egid 15) Microsoft Windows 2000 - Kernel APC Data-Free Local Escalation Exploit (MS05-055) Microsoft Windows 2000 Kernel - APC Data-Free Local Escalation Exploit (MS05-055) Microsoft Windows - Kernel Privilege Escalation (MS06-049) Microsoft Windows Kernel - Privilege Escalation (MS06-049) Linux Kernel 2.6.30 <= 2.6.30.1 / SELinux (RHEL5) - Kernel Privilege Escalation Linux Kernel 2.6.30 <= 2.6.30.1 / SELinux (RHEL5) - Privilege Escalation Linux Kernel 2.x (Redhat) - 'sock_sendpage()' Ring0 Privilege Escalation (1) Linux Kernel 2.x (RedHat) - 'sock_sendpage()' Ring0 Privilege Escalation (1) (Linux Kernel 2.6.34-rc3) ReiserFS (Redhat / Ubuntu 9.10) - xattr Privilege Escalation (Linux Kernel 2.6.34-rc3) ReiserFS (RedHat / Ubuntu 9.10) - xattr Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (Redhat x86_64) - 'compat' Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (RedHat x86_64) - 'compat' Privilege Escalation Linux Kernel < 2.6.36-rc6 (Redhat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure (PoC) Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure (PoC) Linux Kernel 2.6.37 (Redhat / Ubuntu 10.04) - 'Full-Nelson.c' Privilege Escalation (1) Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Privilege Escalation (1) Immunix OS 6.2/7.0 / Redhat 5.2/6.2/7.0 / S.u.S.E 6.x/7.0/7.1 Man -S - Heap Overflow Immunix OS 6.2/7.0 / RedHat 5.2/6.2/7.0 / S.u.S.E 6.x/7.0/7.1 Man -S - Heap Overflow Microsoft Windows - Kernel Intel x64 SYSRET (PoC) Microsoft Windows Kernel - Intel x64 SYSRET (PoC) Linux Kernel 3.7.6 (Redhat x86/x64) - 'MSR' Driver Privilege Escalation Linux Kernel 3.7.6 (RedHat x86/x64) - 'MSR' Driver Privilege Escalation Nginx (Debian-Based Distributions) - 'logrotate' Local Privilege Escalation Microsoft Windows XP/7 - Kernel 'win32k.sys' Keyboard Layout Privilege Escalation Microsoft Windows XP/7 Kernel - 'win32k.sys' Keyboard Layout Privilege Escalation Microsoft Windows - Kernel 'win32k.sys' Privilege Escalation (MS14-058) Microsoft Windows Kernel - 'win32k.sys' Privilege Escalation (MS14-058) Apple OS X/iOS - Kernel IOSurface Use-After-Free Apple OS X/iOS Kernel - IOSurface Use-After-Free Linux Kernel (Ubuntu / Fedora / Redhat) - 'Overlayfs' Privilege Escalation (Metasploit) Linux Kernel (Ubuntu / Fedora / RedHat) - 'Overlayfs' Privilege Escalation (Metasploit) Ruby 1.8.6 - (Webrick Httpd 1.3.1) Directory Traversal Ruby 1.8.6/1.9 (WEBick Httpd 1.3.1) - Directory Traversal mg-soft net Inspector 6.5.0.828 - Multiple Vulnerabilities MG-SOFT Net Inspector 6.5.0.828 - Multiple Vulnerabilities ZYXEL ZyWALL Quagga/Zebra - (Default Password) Remote Root Exploit ZYXEL ZyWALL Quagga/Zebra - 'Default Password' Remote Root Exploit Red Hat Linux 7.0 Apache - Remote 'Username' Enumeration RedHat Linux 7.0 Apache - Remote 'Username' Enumeration Red Hat Interchange 4.8.x - Arbitrary File Read RedHat Interchange 4.8.x - Arbitrary File Read Red Hat Apache 2.0.40 - Directory Index Default Configuration Error RedHat Apache 2.0.40 - Directory Index Default Configuration Error Foreman (Red Hat OpenStack/Satellite) - bookmarks/create Code Injection (Metasploit) Foreman (RedHat OpenStack/Satellite) - bookmarks/create Code Injection (Metasploit) Red Hat Directory Server 7.1 - Multiple Cross-Site Scripting Vulnerabilities RedHat Directory Server 7.1 - Multiple Cross-Site Scripting Vulnerabilities Red Hat CloudForms Management Engine 5.1 - agent/linuxpkgs Directory Traversal (Metasploit) RedHat CloudForms Management Engine 5.1 - agent/linuxpkgs Directory Traversal (Metasploit) Katello (Red Hat Satellite) - users/update_roles Missing Authorisation (Metasploit) Katello (RedHat Satellite) - users/update_roles Missing Authorisation (Metasploit) Red Hat Stronghold Web Server 2.3 - Cross-Site Scripting RedHat Stronghold Web Server 2.3 - Cross-Site Scripting Red Hat Piranha - Remote Security Bypass RedHat Piranha - Remote Security Bypass KISGB 5.1.1 - (Authenticate.php) Remote File Inclusion KISGB 5.1.1 - 'Authenticate.php' Remote File Inclusion Jshop Server 1.3 - (fieldValidation.php) Remote File Inclusion Jshop Server 1.3 - 'fieldValidation.php' Remote File Inclusion phpBP RC3 - (2.204) (SQL Injection / cmd) Remote Code Execution phpBP RC3 (2.204) - SQL Injection / Remote Code Execution eXV2 Module MyAnnonces - (lid) SQL Injection eXV2 Module eblog 1.2 - (blog_id) SQL Injection eXV2 Module Viso 2.0.4.3 - (kid) SQL Injection eXV2 Module WebChat 1.60 - (roomid) SQL Injection eXV2 Module MyAnnonces - 'lid' Parameter SQL Injection eXV2 Module eblog 1.2 - 'blog_id' Parameter SQL Injection eXV2 Module Viso 2.0.4.3 - 'kid' Parameter SQL Injection eXV2 Module WebChat 1.60 - 'roomid' Parameter SQL Injection Fuzzylime CMS 3.01 - (admindir) Remote File Inclusion Fuzzylime CMS 3.01 - 'admindir' Parameter Remote File Inclusion Exero CMS 1.0.1 - (theme) Multiple Local File Inclusion Exero CMS 1.0.1 - 'theme' Parameter Multiple Local File Inclusion Joomla! Component Acajoom (com_acajoom) - SQL Injection Joomla! Component Acajoom 1.1.5 - SQL Injection ASPapp Knowledge Base - 'links.asp CatId' SQL Injection Joomla! Component joovideo 1.2.2 - 'id' SQL Injection Joomla! Component Alberghi 2.1.3 - 'id' SQL Injection Mambo Component 'com_accombo' 1.x - 'id' SQL Injection Joomla! Component Restaurante 1.0 - 'id' SQL Injection PEEL CMS - Admin Hash Extraction / Arbitrary File Upload RunCMS Module section - (artid) SQL Injection ASPapp Knowledge Base - SQL Injection ASPapp Knowledge Base - 'CatId' Parameter SQL Injection Joomla! Component joovideo 1.2.2 - 'id' Parameter SQL Injection Joomla! Component Alberghi 2.1.3 - 'id' Parameter SQL Injection Mambo Component Accombo 1.x - 'id' Parameter SQL Injection Joomla! Component Restaurante 1.0 - 'id' Parameter SQL Injection PEEL CMS 3.x - Admin Hash Extraction / Arbitrary File Upload RunCMS Module section - 'artid' Parameter SQL Injection ASPapp Knowledge Base - SQL Injection RunCMS Module Photo 3.02 - 'cid' SQL Injection D.E. Classifieds - 'cat_id' SQL Injection RunCMS Module Photo 3.02 - 'cid' Parameter SQL Injection D.E. Classifieds - 'cat_id' Parameter SQL Injection PHP-Nuke Platinum 7.6.b.5 - (dynamic_titles.php) SQL Injection PHP-Nuke Platinum 7.6.b.5 - 'dynamic_titles.php' SQL Injection Joomla! Component rekry 1.0.0 - (op_id) SQL Injection destar 0.2.2-5 - Arbitrary Add New User Exploit Joomla! Component rekry 1.0.0 - 'op_id' Parameter SQL Injection Destar 0.2.2-5 - Arbitrary Add New User Exploit destar 0.2.2-5 - Arbitrary Add Admin Destar 0.2.2-5 - Arbitrary Add Admin BolinOS 4.6.1 - (Local File Inclusion / Cross-Site Scripting) Multiple Security Vulnerabilities Joomla! Component Alphacontent 2.5.8 - 'id' SQL Injection BolinOS 4.6.1 - Local File Inclusion / Cross-Site Scripting Joomla! Component Alphacontent 2.5.8 - 'id' Parameter SQL Injection TopperMod 1.0 - (mod.php) Local File Inclusion TopperMod 1.0 - 'mod.php' Local File Inclusion Joomla! Component MyAlbum 1.0 - (album) SQL Injection Joomla! Component MyAlbum 1.0 - 'album' Parameter SQL Injection Smoothflash - 'admin_view_image.php cid' SQL Injection Smoothflash - 'cid' Parameter SQL Injection JShop 1.x < 2.x - (page.php xPage) Local File Inclusion WordPress Plugin Download - (dl_id) SQL Injection PHPSpamManager 0.53b - (body.php) Remote File Disclosure Woltlab Burning Board Addon JGS-Treffen - SQL Injection Neat weblog 0.2 - 'articleId' SQL Injection EasyNews 40tr - (SQL Injection / Cross-Site Scripting / Local File Inclusion) SQL Injection FaScript FaPhoto 1.0 - (show.php id) SQL Injection Mambo Component 'com_ahsshop' 1.51 - 'vara' Parameter SQL Injection eggBlog 4.0 - Password Retrieve SQL Injection Joomla! Component actualite 1.0 - 'id' SQL Injection JShop 1.x < 2.x - 'xPage' Parameter Local File Inclusion WordPress Plugin Download - 'dl_id' Parameter SQL Injection PHPSpamManager 0.53b - 'body.php' Remote File Disclosure Woltlab Burning Board Addon JGS-Treffen 2.0.2 - SQL Injection Neat weblog 0.2 - 'articleId' Parameter SQL Injection EasyNews 40tr - SQL Injection / Cross-Site Scripting / Local File Inclusion FaScript FaPhoto 1.0 - 'show.php' SQL Injection Mambo Component Ahsshop 1.51 - 'vara' Parameter SQL Injection eggBlog 4.0 - SQL Injection Joomla! Component actualite 1.0 - 'id' Parameter SQL Injection PHPAddressBook 2.11 - (view.php id) SQL Injection PHPAddressBook 2.11 - 'view.php' SQL Injection Joomla! Component com_alphacontent - Blind SQL Injection Joomla! Component Alphacontent 2.5.8 - Blind SQL Injection Joomla! Component 'com_eventbooking' 2.10.1 - SQL Injection Joomla! Component Event Booking 2.10.1 - SQL Injection Nuked-klaN 1.3 - Multiple Cross-Site Scripting Vulnerabilities JShop E-Commerce Suite - xSearch Cross-Site Scripting JShop E-Commerce Suite 3.0 - 'page.php' Cross-Site Scripting JShop E-Commerce Suite 1.2 - product.php Cross-Site Scripting Nuked-klaN 1.7 Sections Module - artid Parameter SQL Injection Nuked-klaN 1.7 Sections Module - 'artid' Parameter SQL Injection Nuked-klaN 1.7 Download Module - dl_id Parameter SQL Injection Nuked-klaN 1.7 Links Module - link_id Parameter SQL Injection Nuked-klaN 1.7 Download Module - 'dl_id' Parameter SQL Injection Nuked-klaN 1.7 Links Module - 'link_id' Parameter SQL Injection Nuked-klaN 1.7 - 'index.php' Cross-Site Scripting Foreman (Red Hat OpenStack/Satellite) - users/create Mass Assignment (Metasploit) Foreman (RedHat OpenStack/Satellite) - users/create Mass Assignment (Metasploit) Eggblog 3.1 - admin/articles.php edit Parameter Cross-Site Scripting Eggblog 3.1 - admin/comments.php edit Parameter Cross-Site Scripting Eggblog 3.1 - admin/users.php add Parameter Cross-Site Scripting Eggblog 3.1 - rss.php Cross-Site Scripting Nuked-klaN 1.7.5 - File Parameter News Module Cross-Site Scripting Cuteflow Bin 1.5 - pages/showtemplates.php language Parameter Cross-Site Scripting Cuteflow Bin 1.5 - pages/editmailinglist_step1.php language Parameter Cross-Site Scripting Cuteflow Bin 1.5 - pages/showcirculation.php language Parameter Cross-Site Scripting Cuteflow Bin 1.5 - pages/edittemplate_step2.php language Parameter Cross-Site Scripting Cuteflow Bin 1.5 - pages/showfields.php language Parameter Cross-Site Scripting Cuteflow Bin 1.5 - pages/showuser.php language Parameter Cross-Site Scripting CS-Cart 4.3.10 - XML External Entity Injection CoronaMatrix phpAddressBook 2.0 - 'Username' Cross-Site Scripting Cisco BBSM Captive Portal 5.3 - 'AccesCodeStart.asp' Cross-Site Scripting Cacti 0.8.7 (Red Hat High Performance Computing - HPC) - utilities.php filter Parameter Cross-Site Scripting Cacti 0.8.7 (RedHat High Performance Computing - HPC) - utilities.php filter Parameter Cross-Site Scripting Getsimple CMS 2.03 - 'upload-ajax.php' Arbitrary File Upload Mambo Component 'com_ahsshop' - SQL Injection Mambo Component Ahsshop - SQL Injection Wordpress Plugin Download Monitor 3.3.5.4 - 'uploader.php' Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin Download Manager 2.2.2 - 'cid' Parameter Cross-Site Scripting Joomla 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation WordPress Plugin XCloner 3.1.5 - Multiple Vulnerabilities |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) | ./windows/local/6757.txt
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).