Offensive Security Training presents

The ultimate archive of exploits and vulnerable software - A great resource for vulnerability researchers and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.

We are running a general cleanup on the DB and have changed our submission policy - please check it out before submitting exploits to us.

Due to recent DOS attacks, our application downloads are now captcha protected.

Remote Exploits

Date	D	A	Description	Plat.	Author
2010-03-11	D	-	Skype - URI Handler Input Validation	windows	Paul Craig
2010-03-10	D	-	Microsoft Internet Explorer iepeers.dll Use-After-Free Exploit (meta)	windows	Trancer
2010-03-09	D	A	Easy FTP Server v1.7.0.2 CWD Remote BoF - MSF Module	windows	Blake
2010-03-09	D	-	Apache Spamassassin Milter Plugin Remote Root Command Execution	multiple	Kingcope
2010-03-09	D	-	SAP GUI version 7.10 WebViewer3D Active-X JIT-Spray Exploit	windows	Alexey Sintsov
2010-03-07	D	-	Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit	windows	Brett Gervasoni
2010-03-02	D	A	ProSSHD v1.2 20090726 Buffer Overflow Exploit	windows	S2 Crew

Local Exploits

Date	D	A	Description	Plat.	Author
2010-03-13	D	A	Yahoo Player v1.0 (.m3u) Buffer Overflow Exploit (direct EIP overwrite)	windows	Bombard
2010-03-10	D	-	Mini-stream Ripper 3.0.1.1 (.m3u) HREF Buffer Overflow	windows	l3D
2010-03-09	D	-	Lenovo Hotkey Driver <= v5.33 Privilege Escalation	windows	Chilik Tamir
2010-03-08	D	A	QuickZip 4.x (.zip) 0day Local Universal Buffer Overflow PoC Exploit	windows	corelanc0d3r and mr_me
2010-03-07	D	-	Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4	multiple	kingcope
2010-03-07	D	A	Yahoo Player v1.0 (.m3u/.pls/.ypl) Buffer Overflow Exploit (SEH)	windows	Mr.tro0oqy
2010-02-26	D	A	Orbital Viewer v1.04 (.orb) 0day Local Universal SEH Overflow Exploit	windows	mr_me

Web Applications

Date	D	A	Description	Plat.	Author
2010-03-13	D	-	systemsoftware Community Black index.php SQL Injection	php	Easy Laster
2010-03-13	D	-	Azeno CMS SQL Injection Vulnerability	php	DevilZ TM
2010-03-13	D	-	Joomla Component com_races Blind SQL Injection Vulnerability	php	DevilZ TM
2010-03-13	D	-	Joomla Component com_comp SQL Injection Vulnerability	php	DevilZ TM
2010-03-13	D	-	Joomla Component com_sbsfile Local File Inclusion	php	DevilZ TM
2010-03-12	D	-	Joomla Component com_juliaportfolio Local File Inclusion	php	DevilZ TM
2010-03-12	D	-	dreamlive Auktionshaus script news.php (id) SQL Injection Vulnerability	php	Easy Laster

DoS/PoC

Date	D	A	Description	Plat.	Author
2010-03-13	D	-	Multiple PHP Functions - Local Denial of Service Vulnerabilities	multiple	Pr0T3cT10n
2010-03-13	D	-	Mackeitone Media Player (.m3u file) stack buffer Overflow	windows	ItSecTeam
2010-03-12	D	-	Media Player classic StatsReader (.stats file) stack buffer Overflow poc	windows	ItSecTeam
2010-03-12	D	-	FreeBSD and OpenBSD 'ftpd' NULL Pointer Dereference Denial Of Service Vulnerability	multiple	kingcope
2010-03-09	D	A	JAD java decompiler 1.5.8g (.class) Stack Overflow DoS	windows	l3D
2010-03-09	D	A	JAD java decompiler 1.5.8g (argument) Local Crash	windows	l3D
2010-03-07	D	A	TopDownloads MP3 Player 1.0 m3u crash	windows	l3D

Shellcode

Date	D	Description	Plat	Author
2010-03-11	D	Windows XP Professional SP2 ita calc.exe shellcode 36 bytes	win32	Stoke
2010-03-08	D	JITed exec notepad Shellcode	win32	Alexey Sintsov
2010-03-07	D	JITed stage-0 shellcode	win32	Alexey Sintsov
2010-03-04	D	Linux x86 - disabled modsecurity - 64 bytes	linux/x86	sekfault
2010-03-01	D	Windows XP Home Edition SP3 English ( calc.exe ) 37 bytes	win32	Hazem mofeed
2010-02-28	D	Windows Xp Home Edition SP2 English ( calc.exe ) 37 bytes	win32	Hazem mofeed
2010-02-27	D	Linux x86 - execve /bin/sh - 21 bytes	linux/x86	ipv

Papers