A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
e515bac4fe
2 new exploits Microsoft Windows XP/2000 - TCP Connection Reset Remote Exploit Microsoft Windows XP/2000 - TCP Connection Reset WinEggDropShell 1.7 - Multiple Unauthenticated Remote Stack Overflows (PoC) WinEggDropShell 1.7 - Unauthenticated Multiple Remote Stack Overflows (PoC) FileCOPA FTP Server 1.01 - 'USER' Remote Unauthenticated Denial of Service FileCOPA FTP Server 1.01 - 'USER' Unauthenticated Remote Denial of Service Mercury/32 Mail SMTPD - Remote Unauthenticated Stack Based Overrun (PoC) Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Based Overrun (PoC) Airsensor M520 - HTTPD Remote Unauthenticated Denial of Service / Buffer Overflow (PoC) Airsensor M520 - HTTPD Unauthenticated Remote Denial of Service / Buffer Overflow (PoC) Simple HTTPD 1.41 - '/aux' Remote Denial of Service Simple HTTPd 1.41 - '/aux' Remote Denial of Service MailEnable 3.13 SMTP Service - 'VRFY/EXPN' Command Denial of Service MailEnable 3.13 SMTP Service - 'VRFY/EXPN' Denial of Service Oracle Internet Directory 10.1.4 - Remote Unauthenticated Denial of Service Oracle Internet Directory 10.1.4 - Unauthenticated Remote Denial of Service Linksys WAG54G v2 Wireless ADSL Router - httpd Denial of Service Linksys WAG54G v2 Wireless ADSL Router - HTTPd Denial of Service Nofeel FTP Server 3.6 - 'CWD' Command Remote Memory Consumption Nofeel FTP Server 3.6 - 'CWD' Remote Memory Consumption Home FTP Server 1.10.1.139 - 'SITE INDEX' Command Remote Denial of Service Home FTP Server 1.10.1.139 - 'SITE INDEX' Remote Denial of Service XM Easy Personal FTP Server - 'APPE' / 'DELE' Commands Denial of Service XM Easy Personal FTP Server - 'APPE' / 'DELE' Denial of Service httpdx 1.5.2 - Remote Unauthenticated Denial of Service (PoC) httpdx 1.5.2 - Unauthenticated Remote Denial of Service (PoC) httpdx 1.5.3b - Multiple Remote Unauthenticated Denial of Service Vulnerabilities (PoC) httpdx 1.5.3b - Unauthenticated Remote Denial of Service Multiple Vulnerabilities (PoC) eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Crashs (SEH) (PoC) eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Crashs (SEH) (PoC) TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service (1) TYPSoft FTP Server 1.10 - 'RETR' Denial of Service (1) (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - 'PORT' Command Remote Denial of Service (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - 'PORT' Remote Denial of Service Motorola SB5101 Hax0rware Rajko HTTPD - Remote Exploit (PoC) Motorola SB5101 Hax0rware Rajko HTTPd - Remote Exploit (PoC) Unreal Tournament 3 2.1 - 'STEAMBLOB' Command Remote Denial of Service Unreal Tournament 3 2.1 - 'STEAMBLOB' Remote Denial of Service TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service (2) TYPSoft FTP Server 1.10 - 'RETR' Denial of Service (2) Objectivity/DB - Lack of Authentication Remote Exploit Objectivity/DB - Lack of Authentication IPComp - encapsulation Unauthenticated kernel memory Corruption IPComp - encapsulation Unauthenticated Kernel Memory Corruption Crush FTP 5 - 'APPE' command Remote JVM Blue Screen of Death (PoC) Crush FTP 5 - 'APPE' Remote JVM Blue Screen of Death (PoC) torrent-stats - httpd.c Denial of Service torrent-stats - 'httpd.c' Denial of Service Ipswitch IMail 5.0.8/6.0/6.1 - IMonitor status.cgi Denial of Service Ipswitch IMail 5.0.8/6.0/6.1 - IMonitor 'status.cgi' Denial of Service WhitSoft SlimServe - HTTPD 1.1 Get Denial of Service WhitSoft SlimServe HTTPd 1.1 - Get Denial of Service Linksys BEFSR41 1.4x - Gozila.cgi Denial of Service Linksys BEFSR41 1.4x - 'Gozila.cgi' Denial of Service BRS Webweaver 1.06 httpd - 'User-Agent' Remote Denial of Service BRS Webweaver 1.06 - HTTPd 'User-Agent' Remote Denial of Service Surfboard httpd 1.1.9 - Remote Buffer Overflow Surfboard HTTPd 1.1.9 - Remote Buffer Overflow RobotFTP Server 1.0/2.0 - Remote Unauthenticated Command Denial of Service RobotFTP Server 1.0/2.0 - Unauthenticated Remote Command Denial of Service Titan FTP Server 3.0 - 'LIST' Command Denial of Service Titan FTP Server 3.0 - 'LIST' Denial of Service Monkey HTTPD 1.1.1 - Crash (PoC) Monkey HTTPd 1.1.1 - Crash (PoC) Alt-N MDaemon 2-8 - Remote Unauthenticated IMAP Buffer Overflow Alt-N MDaemon 2-8 - IMAP Unauthenticated Remote Buffer Overflow Titan FTP Server 6.05 build 550 - 'DELE' Command Remote Buffer Overflow Titan FTP Server 6.05 build 550 - 'DELE' Remote Buffer Overflow Surgemail and WebMail 3.0 - 'Page' Command Remote Format String Surgemail and WebMail 3.0 - 'Page' Remote Format String Call of Duty 4 1.5 - Malformed 'stats' Command Denial of Service Call of Duty 4 1.5 - 'stats' Denial of Service Softalk Mail Server 8.5.1 - 'APPEND' Command Remote Denial of Service Softalk Mail Server 8.5.1 - 'APPEND' Remote Denial of Service FileCOPA FTP Server 5.01 - 'NOOP' Command Denial of Service FileCOPA FTP Server 5.01 - 'NOOP' Denial of Service Hybserv2 - ':help' Command Denial of Service Hybserv2 - ':help' Denial of Service Titan FTP Server 8.40 - 'APPE' Command Remote Denial of Service Titan FTP Server 8.40 - 'APPE' Remote Denial of Service TYPSoft FTP Server 1.1 - 'APPE' Command Remote Buffer Overflow TYPSoft FTP Server 1.1 - 'APPE' Remote Buffer Overflow Sony Bravia KDL-32CX525 - 'hping' Command Remote Denial of Service Sony Bravia KDL-32CX525 - 'hping' Remote Denial of Service SmallFTPd 1.0.3 - 'mkd' Command Denial of Service freeFTPd 1.0.8 - 'mkd' Command Denial of Service SmallFTPd 1.0.3 - 'mkd' Denial of Service freeFTPd 1.0.8 - 'mkd' Denial of Service Wireshark 2.2.0 to 2.2.12 - ROS Dissector Denial of Service Wireshark 2.2.0 < 2.2.12 - ROS Dissector Denial of Service AIX 4.3/5.1 < 5.3 - 'lsmcode' Command Execution Privilege Escalation AIX 4.3/5.1 < 5.3 - 'lsmcode' Execution Privilege Escalation xp-AntiSpy 3.9.7-4 - '.xpas' file Buffer Overflow xp-AntiSpy 3.9.7-4 - '.xpas' File Buffer Overflow GTA SA-MP server.cfg - Buffer Overflow (Metasploit) GTA SA-MP - 'server.cfg' Buffer Overflow (Metasploit) SCO Unixware 7.1 - 'pkg' command Exploit SCO Unixware 7.1 - 'pkg' Exploit Caldera UnixWare 7.1.1 - WebTop SCOAdminReg.cgi Arbitrary Command Execution Caldera UnixWare 7.1.1 - WebTop 'SCOAdminReg.cgi' Arbitrary Command Execution OSSEC 2.7 < 2.8.1 - 'diff' Command Privilege Escalation OSSEC 2.7 < 2.8.1 - 'diff' Privilege Escalation Microsoft Windows 10 - pcap Driver Privilege Escalation Microsoft Windows 10 - 'pcap' Driver Privilege Escalation PHPMailer < 5.2.21 - Local File Disclosure HitmanPro 3.7.15 Build 281 - Kernel Pool Overflow Apache 2.0.45 - APR Remote Exploit Apache 2.0.45 - 'APR' Remote Exploit RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Command Remote Exploit RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Remote Exploit Pavuk Digest - Authentication Buffer Overflow Remote Exploit Pavuk Digest - Authentication Remote Buffer Overflow 3CServer 1.1 - FTP Server Remote Exploit 3CServer 1.1 (FTP Server) - Remote Exploit LimeWire 4.1.2 < 4.5.6 - Inappropriate GET Remote Exploit LimeWire 4.1.2 < 4.5.6 - 'GET' Remote Exploit MailEnable Enterprise 1.x - Imapd Remote Exploit MailEnable Enterprise 1.x - IMAPd Remote Exploit Sumus 0.2.2 - httpd Remote Buffer Overflow Sumus 0.2.2 - HTTPd Remote Buffer Overflow Symantec Scan Engine 5.0.x - Change Admin Password Remote Exploit Symantec Scan Engine 5.0.x - Change Admin Password Mercur Messaging 2005 (Windows 2000 SP4) - IMAP (Subscribe) Remote Exploit Mercur Messaging 2005 (Windows 2000 SP4) - IMAP 'Subscribe' Remote Exploit CoreHTTP 0.5.3alpha (httpd) - Remote Buffer Overflow CoreHTTP 0.5.3alpha - HTTPd Remote Buffer Overflow Postcast Server Pro 3.0.61 - / Quiksoft EasyMail 'emsmtp.dll 6.0.1' Buffer Overflow Postcast Server Pro 3.0.61 / Quiksoft EasyMail - 'emsmtp.dll 6.0.1' Buffer Overflow Mercury/32 4.52 IMAPD - SEARCH Command Authenticated Overflow Mercury/32 4.52 IMAPD - 'SEARCH' Authenticated Overflow SonicWALL SSL-VPN - NeLaunchCtrl ActiveX Control Remote Exploit SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote Exploit simple httpd 1.38 - Multiple Vulnerabilities Simple HTTPd 1.38 - Multiple Vulnerabilities Cisco IOS 12.3(18) - FTP Server Remote Exploit (Attached to GDB) Cisco IOS 12.3(18) (FTP Server) - Remote Exploit (Attached to GDB) freeSSHd 1.2.1 - 'rename' Command Remote Buffer Overflow (SEH) freeSSHd 1.2.1 - 'rename' Remote Buffer Overflow (SEH) Linksys WRT54G < 4.20.7 / WRT54GS < 1.05.2 - apply.cgi Buffer Overflow (Metasploit) Linksys WRT54G < 4.20.7 / WRT54GS < 1.05.2 - 'apply.cgi' Buffer Overflow (Metasploit) Home FTP Server - 'MKD' Command Directory Traversal Home FTP Server - 'MKD' Directory Traversal Apple iTunes 8.1.x - 'daap' Buffer Overflow Remote Exploit Apple iTunes 8.1.x - 'daap' Remote Buffer Overflow eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Stack Buffer Overflows (1) eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Stack Buffer Overflows (1) eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Stack Buffer Overflows (2) eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Stack Buffer Overflows (2) EasyFTP Server 1.7.0.2 - MKD Remote Authenticated Buffer Overflow EasyFTP Server 1.7.0.2 - 'MKD' Authenticated Remote Buffer Overflow Xftp client 3.0 - PWD Remote Exploit Xftp client 3.0 - 'PWD' Remote Exploit ProSSHD 1.2 - Remote Authenticated Exploit (ASLR + DEP Bypass) ProSSHD 1.2 - Authenticated Remote Exploit (ASLR + DEP Bypass) EasyFTP Server 1.7.0.11 - Authenticated 'MKD' Command Remote Buffer Overflow EasyFTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow EasyFTP Server 1.7.0.11 - Authenticated 'CWD' Command Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'MKD' Authenticated Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'LIST' Authenticated Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'CWD' Authenticated Remote Buffer Overflow EasyFTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow (Metasploit) EasyFTP Server 1.7.0.11 - 'LIST' Authenticated Remote Buffer Overflow (Metasploit) CesarFTP 0.99g - 'MKD' Command Buffer Overflow (Metasploit) CesarFTP 0.99g - 'MKD' Buffer Overflow (Metasploit) Alt-N MDaemon 6.8.5 - WorldClient form2raw.cgi Stack Buffer Overflow (Metasploit) Alt-N MDaemon 6.8.5 - WorldClient 'form2raw.cgi' Stack Buffer Overflow (Metasploit) Linksys WRT54 Access Point - apply.cgi Buffer Overflow (Metasploit) Linksys WRT54 Access Point - 'apply.cgi' Buffer Overflow (Metasploit) Progea Movicon 11 - TCPUploadServer Remote Exploit Progea Movicon 11 - 'TCPUploadServer' Remote Exploit PCMan FTP Server Buffer Overflow - 'PUT' Command (Metasploit) PCMan FTP Server - 'PUT_ Buffer Overflow (Metasploit) Freefloat FTP Server - 'LIST' Command Buffer Overflow Freefloat FTP Server - 'LIST' Buffer Overflow KnFTP 1.0.0 Server - 'USER' command Remote Buffer Overflow KnFTP 1.0.0 Server - 'USER' Remote Buffer Overflow SGI IRIX 6.3 - cgi-bin webdist.cgi Exploit SGI IRIX 6.3 - cgi-bin 'webdist.cgi' Exploit Matt Wright - FormHandler.cgi 2.0 Reply Attachment Matt Wright - 'FormHandler.cgi' 2.0 Reply Attachment Solution Scripts Home Free 1.0 - search.cgi Directory Traversal Solution Scripts Home Free 1.0 - 'search.cgi' Directory Traversal CNC Technology BizDB 1.0 - bizdb-search.cgi Remote Command Execution CNC Technology BizDB 1.0 - 'bizdb-search.cgi' Remote Command Execution 3R Soft MailStudio 2000 2.0 - userreg.cgi Arbitrary Command Execution 3R Soft MailStudio 2000 2.0 - 'userreg.cgi' Arbitrary Command Execution Cisco Virtual Central Office 4000 (VCO/4K) 5.1.3 - Remote 'Username' and Password Retrieval Cisco Virtual Central Office 4000 (VCO/4K) 5.1.3 - Remote Username / Password Retrieval Greg Matthews - Classifieds.cgi 1.0 MetaCharacter Greg Matthews - 'Classifieds.cgi' 1.0 MetaCharacter Squid Web Proxy 2.2 - cachemgr.cgi Unauthorized Connection Squid Web Proxy 2.2 - 'cachemgr.cgi' Unauthorized Connection Leif M. Wright - ad.cgi 1.0 Unchecked Input Leif M. Wright - 'ad.cgi' 1.0 Unchecked Input NCSA 1.3/1.4.x/1.5 / Apache httpd 0.8.11/0.8.14 - ScriptAlias Source Retrieval NCSA 1.3/1.4.x/1.5 / Apache HTTPd 0.8.11/0.8.14 - ScriptAlias Source Retrieval SWSoft ASPSeek 1.0 - s.cgi Buffer Overflow SWSoft ASPSeek 1.0 - 's.cgi' Buffer Overflow Drummond Miles A1Stats 1.0 - a1disp2.cgi Traversal Arbitrary File Read Drummond Miles A1Stats 1.0 - a1disp3.cgi Traversal Arbitrary File Read Drummond Miles A1Stats 1.0 - a1disp4.cgi Traversal Arbitrary File Read Drummond Miles A1Stats 1.0 - 'a1disp2.cgi' Traversal Arbitrary File Read Drummond Miles A1Stats 1.0 - 'a1disp3.cgi' Traversal Arbitrary File Read Drummond Miles A1Stats 1.0 - 'a1disp4.cgi' Traversal Arbitrary File Read Tarantella Enterprise 3 3.x - TTAWebTop.cgi Arbitrary File Viewing Tarantella Enterprise 3 3.x - 'TTAWebTop.cgi' Arbitrary File Viewing NCSA httpd 1.x - Buffer Overflow (1) NCSA httpd 1.x - Buffer Overflow (2) NCSA HTTPd 1.x - Buffer Overflow (1) NCSA HTTPd 1.x - Buffer Overflow (2) BPM Studio Pro 4.2 - HTTPD Directory Traversal BPM Studio Pro 4.2 - HTTPd Directory Traversal Light HTTPD 0.1 - GET Buffer Overflow (1) Light HTTPD 0.1 - GET Buffer Overflow (2) Light HTTPd 0.1 - GET Buffer Overflow (1) Light HTTPd 0.1 - GET Buffer Overflow (2) Null HTTPD 0.5 - Remote Heap Corruption Null HTTPd 0.5 - Remote Heap Corruption Boozt Standard 0.9.8 - index.cgi Buffer Overrun Boozt Standard 0.9.8 - 'index.cgi' Buffer Overrun Webmin 0.9x / Usermin 0.9x/1.0 - Session ID Spoofing Unauthenticated Access Webmin 0.9x / Usermin 0.9x/1.0 - Unauthenticated Access Session ID Spoofing Axis Communications Video Server 2.x - Command.cgi File Creation Axis Communications Video Server 2.x - 'Command.cgi' File Creation Freefloat FTP Server - 'PUT' Command Buffer Overflow Freefloat FTP Server - 'PUT' Buffer Overflow MNOGoSearch 3.1.20 - search.cgi UL Buffer Overflow (1) MNOGoSearch 3.1.20 - search.cgi UL Buffer Overflow (2) MNOGoSearch 3.1.20 - 'search.cgi?UL' Buffer Overflow (1) MNOGoSearch 3.1.20 - 'search.cgi?UL' Buffer Overflow (2) MySQL - Remote Unauthenticated User Enumeration (SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Authentication Bypass Remote Exploit MySQL - Unauthenticated Remote User Enumeration (SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Remote Authentication Bypass Freefloat FTP Server - 'USER' Command Buffer Overflow Freefloat FTP Server - 'USER' Buffer Overflow Mephistoles HTTPD 0.6 - Cross-Site Scripting Mephistoles HTTPd 0.6 - Cross-Site Scripting SurgeLDAP 1.0 - User.cgi Directory Traversal SurgeLDAP 1.0 - 'User.cgi' Directory Traversal Nagios3 - history.cgi Remote Command Execution Nagios3 - 'history.cgi' Remote Command Execution Nagios3 - history.cgi Host Command Execution (Metasploit) Nagios3 - 'history.cgi' Host Command Execution (Metasploit) Firebird 1.0 - Remote Unauthenticated Database Name Buffer Overrun Firebird 1.0 - Unauthenticated Remote Database Name Buffer Overrun acme thttpd 2.0.7 - Directory Traversal Acme thttpd 2.0.7 - Directory Traversal Freefloat FTP Server 1.0 - 'Raw' Commands Buffer Overflow Freefloat FTP Server 1.0 - 'Raw' Buffer Overflow NETGEAR DGN1000B - setup.cgi Remote Command Execution (Metasploit) NETGEAR DGN1000B - 'setup.cgi' Remote Command Execution (Metasploit) Linksys E1500/E2500 - apply.cgi Remote Command Injection (Metasploit) Linksys E1500/E2500 - 'apply.cgi' Remote Command Injection (Metasploit) Linksys WRT54GL - apply.cgi Command Execution (Metasploit) Linksys WRT54GL - 'apply.cgi' Command Execution (Metasploit) NETGEAR DGN2200B - pppoe.cgi Remote Command Execution (Metasploit) NETGEAR DGN2200B - 'pppoe.cgi' Remote Command Execution (Metasploit) SAP ConfigServlet - Remote Unauthenticated Payload Execution (Metasploit) SAP ConfigServlet - Unauthenticated Remote Payload Execution (Metasploit) GroundWork - monarch_scan.cgi OS Command Injection (Metasploit) GroundWork - 'monarch_scan.cgi' OS Command Injection (Metasploit) Linksys WRT160N v2 - apply.cgi Remote Command Injection (Metasploit) Linksys WRT160N v2 - 'apply.cgi' Remote Command Injection (Metasploit) WhitSoft SlimServe httpd 1.0/1.1 - Directory Traversal WhitSoft SlimServe HTTPd 1.0/1.1 - Directory Traversal Nginx 1.3.9/1.4.0 (x86) - Brute Force Remote Exploit Nginx 1.3.9/1.4.0 (x86) - Brute Force PCMan FTP Server 2.07 - 'PASS' Command Buffer Overflow PCMan FTP Server 2.07 - 'PASS' Buffer Overflow Mikrotik RouterOS sshd (ROSSSH) - Remote Unauthenticated Heap Corruption PCMan FTP Server 2.07 - 'STOR' Command Buffer Overflow Mikrotik RouterOS sshd (ROSSSH) - Unauthenticated Remote Heap Corruption PCMan FTP Server 2.07 - 'STOR' Buffer Overflow Cisco Secure ACS 2.3 - LoginProxy.cgi Cross-Site Scripting Cisco Secure ACS 2.3 - 'LoginProxy.cgi' Cross-Site Scripting PCMan FTP Server 2.07 - 'STOR' Command Stack Overflow (Metasploit) PCMan FTP Server 2.07 - 'STOR' Stack Overflow (Metasploit) Supermicro Onboard IPMI - close_window.cgi Buffer Overflow (Metasploit) Supermicro Onboard IPMI - 'close_window.cgi' Buffer Overflow (Metasploit) Linksys WAG54GS 1.0.6 (Wireless-G ADSL Gateway) - setup.cgi Cross-Site Scripting Vulnerabilities Linksys WAG54GS 1.0.6 (Wireless-G ADSL Gateway) - 'setup.cgi' Cross-Site Scripting TinTin++ / WinTin++ 1.97.9 - '#chat' Command Multiple Vulnerabilities TinTin++ / WinTin++ 1.97.9 - '#chat' Multiple Vulnerabilities PCMan FTP Server 2.07 - 'ABOR' Command Buffer Overflow PCMan FTP Server 2.07 - 'CWD' Command Buffer Overflow PCMan FTP Server 2.07 - 'ABOR' Buffer Overflow PCMan FTP Server 2.07 - 'CWD' Buffer Overflow Ultra Mini HTTPD 1.21 - POST Stack Buffer Overflow Ultra Mini HTTPD 1.21 - 'POST' Stack Buffer Overflow Ultra Mini HTTPD 1.21 - Stack Buffer Overflow POST Exploit Ultra Mini HTTPD 1.21 - 'POST' Stack Buffer Overflow ALFTP FTP Client 4.1/5.0 - 'LIST' Command Directory Traversal ALFTP FTP Client 4.1/5.0 - 'LIST' Directory Traversal Glub Tech Secure FTP 2.5.15 - 'LIST' Command Directory Traversal Glub Tech Secure FTP 2.5.15 - 'LIST' Directory Traversal UltraEdit 14.00b - FTP/SFTP 'LIST' Command Directory Traversal WISE-FTP 4.1/5.5.8 - FTP Client 'LIST' Command Directory Traversal Classic FTP 1.02 - 'LIST' Command Directory Traversal UltraEdit 14.00b - FTP/SFTP 'LIST' Directory Traversal WISE-FTP 4.1/5.5.8 - FTP Client 'LIST' Directory Traversal Classic FTP 1.02 - 'LIST' Directory Traversal AceFTP 3.80.3 - 'LIST' Command Directory Traversal AceFTP 3.80.3 - 'LIST' Directory Traversal RhinoSoft Serv-U FTP Server 7.2.0.1 - 'rnto' Command Directory Traversal RhinoSoft Serv-U FTP Server 7.2.0.1 - 'rnto' Directory Traversal Vtiger - Install Unauthenticated Remote Command Execution (Metasploit) Vtiger - 'Install' Unauthenticated Remote Command Execution (Metasploit) httpdx 1.5 - 'MKD' Command Directory Traversal httpdx 1.5 - 'MKD' Directory Traversal D-Link Devices - Authentication.cgi Buffer Overflow (Metasploit) D-Link Devices - 'Authentication.cgi' Buffer Overflow (Metasploit) rbot 0.9.14 - '!react' Command Unauthorized Access rbot 0.9.14 - '!react' Unauthorized Access VMTurbo Operations Manager 4.6 - vmtadmin.cgi Remote Command Execution (Metasploit) VMTurbo Operations Manager 4.6 - 'vmtadmin.cgi' Remote Command Execution (Metasploit) Solar FTP Server 2.1.1 - 'PASV' Command Remote Buffer Overflow Solar FTP Server 2.1.1 - 'PASV' Remote Buffer Overflow Freefloat FTP Server - 'ALLO' Command Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'MKD' Command Buffer Overflow Freefloat FTP Server - 'ALLO' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'MKD' Buffer Overflow Endian Firewall 2.4 - openvpn_users.cgi PATH_INFO Cross-Site Scripting Endian Firewall 2.4 - 'openvpn_users.cgi?PATH_INFO' Cross-Site Scripting PCMan FTP Server 2.0.7 - 'PUT' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'PUT' Buffer Overflow PCMan FTP Server 2.0.7 - 'GET' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'GET' Buffer Overflow PCMan FTP Server 2.0.7 - 'RENAME' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'RENAME' Buffer Overflow Zpanel - Remote Unauthenticated Remote Code Execution (Metasploit) Zpanel - Unauthenticated Remote Code Execution (Metasploit) PCMan FTP Server 2.0.7 - 'RENAME' Command Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'RENAME' Buffer Overflow (Metasploit) IPFire - proxy.cgi Remote Code Execution (Metasploit) IPFire - 'proxy.cgi' Remote Code Execution (Metasploit) PCMan FTP Server 2.0.7 - 'ls' Command Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'ls' Buffer Overflow (Metasploit) EasyFTP Server 1.7.0.11 - 'APPE' Command Buffer Overflow Remote Exploit EasyFTP Server 1.7.0.11 - 'APPE' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'DELETE' Command Buffer Overflow Freefloat FTP Server 1.0 - 'ABOR' Command Buffer Overflow Freefloat FTP Server 1.0 - 'RMD' Command Buffer Overflow Freefloat FTP Server 1.0 - 'HOST' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'DELETE' Buffer Overflow Freefloat FTP Server 1.0 - 'ABOR' Buffer Overflow Freefloat FTP Server 1.0 - 'RMD' Buffer Overflow Freefloat FTP Server 1.0 - 'HOST' Buffer Overflow Freefloat FTP Server 1.0 - 'RENAME' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'UMASK' Command Buffer Overflow Freefloat FTP Server 1.0 - 'DIR' Command Buffer Overflow Freefloat FTP Server 1.0 - 'RENAME' Buffer Overflow PCMan FTP Server 2.0.7 - 'UMASK' Buffer Overflow Freefloat FTP Server 1.0 - 'DIR' Buffer Overflow PCMan FTP Server 2.0.7 - 'ACCT' Command Buffer Overflow Freefloat FTP Server 1.0 - 'SITE ZONE' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'NLST' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'SITE CHMOD' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'PORT' Command Buffer Overflow BolinTech DreamFTP Server 1.02 - 'RETR' Command Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'ACCT' Buffer Overflow Freefloat FTP Server 1.0 - 'SITE ZONE' Buffer Overflow PCMan FTP Server 2.0.7 - 'NLST' Buffer Overflow PCMan FTP Server 2.0.7 - 'SITE CHMOD' Buffer Overflow PCMan FTP Server 2.0.7 - 'PORT' Buffer Overflow BolinTech DreamFTP Server 1.02 - 'RETR' Remote Buffer Overflow NETGEAR DGN2200 - dnslookup.cgi Command Injection (Metasploit) NETGEAR DGN2200 - 'dnslookup.cgi' Command Injection (Metasploit) VICIdial 2.9 RC 1 to 2.13 RC1 - user_authorization Unauthenticated Command Execution (Metasploit) VICIdial 2.9 RC 1 < 2.13 RC1 - 'user_authorization' Unauthenticated Command Execution (Metasploit) CCBILL CGI - 'ccbillx.c' whereami.cgi Remote Exploit CCBILL CGI - 'ccbillx.c' 'whereami.cgi' Remote Exploit phpBB 2.0.6 - search_id SQL Injection MD5 Hash Remote Exploit phpBB 2.0.6 - 'search_id' SQL Injection MD5 Hash Remote Exploit eXtropia Shopping Cart - web_store.cgi Remote Exploit eXtropia Shopping Cart - 'web_store.cgi' Remote Exploit Limbo 1.0.4.2 - _SERVER[REMOTE_ADDR] Overwrite Remote Exploit Limbo 1.0.4.2 - '_SERVER[REMOTE_ADDR]' Overwrite Remote Exploit TFT Gallery 0.10 - Password Disclosure Remote Exploit TFT Gallery 0.10 - Password Disclosure XOOPS 2.0.13.2 - xoopsOption[nocommon] Remote Exploit XOOPS 2.0.13.2 - 'xoopsOption[nocommon]' Remote Exploit Drupal 4.7 - attachment mod_mime Remote Exploit Drupal 4.7 - 'Attachment mod_mime' Remote Exploit Cahier de texte 2.0 - Database Backup/Source Disclosure Remote Exploit Cahier de texte 2.0 - Database Backup / Source Disclosure CSPartner 1.0 - Delete All Users / SQL Injection Remote Exploit CSPartner 1.0 - Delete All Users / SQL Injection Podcast Generator 1.2 - Unauthorized Re-Installation Remote Exploit Podcast Generator 1.2 - Unauthorized Re-Installation SPIP < 2.0.9 - Arbitrary Copy All Passwords to .XML File Remote Exploit SPIP < 2.0.9 - Arbitrary Copy All Passwords to '.XML' File Nagios3 - statuswml.cgi Command Injection (Metasploit) Nagios3 - 'statuswml.cgi' Command Injection (Metasploit) QuickTime Streaming Server - parse_xml.cgi Remote Execution (Metasploit) QuickTime Streaming Server - 'parse_xml.cgi' Remote Execution (Metasploit) Nagios3 - statuswml.cgi Ping Command Execution (Metasploit) Nagios3 - 'statuswml.cgi' 'Ping' Command Execution (Metasploit) E-Mail Security Virtual Appliance - learn-msg.cgi Command Injection (Metasploit) E-Mail Security Virtual Appliance - 'learn-msg.cgi' Command Injection (Metasploit) AHG Search Engine 1.0 - search.cgi Arbitrary Command Execution AHG Search Engine 1.0 - 'search.cgi' Arbitrary Command Execution CGIScript.net - csPassword.cgi 1.0 Information Disclosure CGIScript.net - csPassword.cgi 1.0 HTAccess File Modification CGIScript.net - 'csPassword.cgi' 1.0 Information Disclosure CGIScript.net - 'csPassword.cgi' 1.0 HTAccess File Modification MailReader.com 2.3.x - NPH-MR.cgi File Disclosure MailReader.com 2.3.x - 'NPH-MR.cgi' File Disclosure BizDesign ImageFolio 2.x/3.0.1 - nph-build.cgi Cross-Site Scripting BizDesign ImageFolio 2.x/3.0.1 - 'nph-build.cgi' Cross-Site Scripting cPanel 5.0 - Guestbook.cgi Remote Command Execution (1) cPanel 5.0 - Guestbook.cgi Remote Command Execution (2) cPanel 5.0 - Guestbook.cgi Remote Command Execution (3) cPanel 5.0 - Guestbook.cgi Remote Command Execution (4) cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (1) cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (2) cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (3) cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (4) HappyMall E-Commerce Software 4.3/4.4 - Normal_HTML.cgi Command Execution HappyMall E-Commerce Software 4.3/4.4 - 'Normal_HTML.cgi' Command Execution HappyMall E-Commerce Software 4.3/4.4 - Member_HTML.cgi Command Execution HappyMall E-Commerce Software 4.3/4.4 - 'Member_HTML.cgi' Command Execution Happymall E-Commerce Software 4.3/4.4 - Normal_HTML.cgi Cross-Site Scripting Happymall E-Commerce Software 4.3/4.4 - 'Normal_HTML.cgi' Cross-Site Scripting Happymall E-Commerce Software 4.3/4.4 - Normal_HTML.cgi File Disclosure Happymall E-Commerce Software 4.3/4.4 - 'Normal_HTML.cgi' File Disclosure Zeus Web Server 4.x - Admin Interface VS_Diag.cgi Cross-Site Scripting Zeus Web Server 4.x - Admin Interface 'VS_Diag.cgi' Cross-Site Scripting ImageFolio 2.2x/3.0/3.1 - Admin.cgi Directory Traversal ImageFolio 2.2x/3.0/3.1 - 'Admin.cgi' Directory Traversal SurgeLDAP 1.0 d - User.cgi Cross-Site Scripting SurgeLDAP 1.0 d - 'User.cgi' Cross-Site Scripting Sun Cobalt RaQ 1.1/2.0/3.0/4.0 - Message.cgi Cross-Site Scripting Sun Cobalt RaQ 1.1/2.0/3.0/4.0 - 'Message.cgi' Cross-Site Scripting CommerceSQL Shopping Cart 2.2 - index.cgi Directory Traversal CommerceSQL Shopping Cart 2.2 - 'index.cgi' Directory Traversal DansGuardian Webmin Module 0.x - edit.cgi Directory Traversal DansGuardian Webmin Module 0.x - 'edit.cgi' Directory Traversal ShopCartCGI 2.3 - gotopage.cgi Traversal Arbitrary File Access ShopCartCGI 2.3 - 'gotopage.cgi' Traversal Arbitrary File Access BoardPower Forum - ICQ.cgi Cross-Site Scripting BoardPower Forum - 'ICQ.cgi' Cross-Site Scripting Axis Network Camera 2.x And Video Server 1-3 - virtualinput.cgi Arbitrary Command Execution Axis Network Camera 2.x And Video Server 1-3 - 'virtualinput.cgi' Arbitrary Command Execution Gossamer Threads Links 2.x - User.cgi Cross-Site Scripting Gossamer Threads Links 2.x - 'User.cgi' Cross-Site Scripting MegaBook 2.0/2.1 - Admin.cgi EntryID Cross-Site Scripting MegaBook 2.0/2.1 - 'Admin.cgi?EntryID' Cross-Site Scripting PerlDiver 2.31 - Perldiver.cgi Cross-Site Scripting PerlDiver 2.31 - 'Perldiver.cgi' Cross-Site Scripting GlobalNoteScript 4.20 - Read.cgi Remote Command Execution GlobalNoteScript 4.20 - 'Read.cgi' Remote Command Execution Pngren 2.0.1 - Kaiseki.cgi Remote Command Execution Pngren 2.0.1 - 'Kaiseki.cgi' Remote Command Execution Walla TeleSite 3.0 - ts.cgi File Existence Enumeration Walla TeleSite 3.0 - 'ts.cgi' File Existence Enumeration Easy Search System 1.1 - search.cgi Cross-Site Scripting Easy Search System 1.1 - 'search.cgi' Cross-Site Scripting Kryptronic ClickCartPro 5.1/5.2 - CP-APP.cgi Cross-Site Scripting Kryptronic ClickCartPro 5.1/5.2 - 'CP-APP.cgi' Cross-Site Scripting Cholod MySQL Based Message Board - Mb.cgi SQL Injection Cholod MySQL Based Message Board - 'Mb.cgi' SQL Injection BlankOL 1.0 - Bol.cgi Multiple Cross-Site Scripting Vulnerabilities BlankOL 1.0 - 'Bol.cgi' Multiple Cross-Site Scripting Vulnerabilities Web-APP.net WebAPP 0.9.x - /mods/calendar/index.cgi?vsSD' Cross-Site Scripting Web-APP.net WebAPP 0.9.x - '/mods/calendar/index.cgi?vsSD' Cross-Site Scripting Net Clubs Pro 4.0 - imessage.cgi 'Username' Cross-Site Scripting Net Clubs Pro 4.0 - 'imessage.cgi?Username' Cross-Site Scripting Cosmoshop 8.10.78/8.11.106 - Lshop.cgi SQL Injection Cosmoshop 8.10.78/8.11.106 - 'Lshop.cgi' SQL Injection Netwin SurgeFTP 2.3a1 - SurgeFTPMGR.cgi Multiple Input Validation Vulnerabilities Netwin SurgeFTP 2.3a1 - 'SurgeFTPMGR.cgi' Multiple Input Validation Vulnerabilities WebEvent 4.03 - Webevent.cgi Cross-Site Scripting WebEvent 4.03 - 'Webevent.cgi' Cross-Site Scripting Urchin 5.7.x - session.cgi Cross-Site Scripting Urchin 5.7.x - 'session.cgi' Cross-Site Scripting Google Urchin 5.7.3 - Report.cgi Authentication Bypass Google Urchin 5.7.3 - \Report.cgi' Authentication Bypass Web Terra 1.1 - books.cgi Remote Command Execution Web Terra 1.1 - 'books.cgi' Remote Command Execution D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Exploit Lancfg2get.cgi D-Link DSL-2730B Modem - 'Lancfg2get.cgi Persistent Cross-Site Scripting Zenoss 3.2.1 - Remote Authenticated Command Execution Zenoss 3.2.1 - Authenticated Remote Command Execution Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated Remote Command Execution (Metasploit) Gemtek CPE7000 - WLTCS-106 'sysconf.cgi' Unauthenticated Remote Command Execution (Metasploit) |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"
For more examples, see the manual: https://www.exploit-db.com/searchsploit/
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
--exclude="term" Remove values from results. By using "|" to separated you can chain multiple values.
e.g. --exclude="term1|term2|term3".
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
---------------------------------------------------------------------------------------- -----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms/)
---------------------------------------------------------------------------------------- -----------------------------------
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | win_x86/local/40564.c
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | windows/local/21844.rb
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046) | windows/dos/18755.c
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86-64/local/39525.py
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86/local/39446.py
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | windows/local/18176.py
---------------------------------------------------------------------------------------- -----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).