CVE Certified

The Exploit Database

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D A V   Description Plat. Author
2014-10-21 - Verified   Numara / BMC Track-It! FileStorageService Arbitrary File Upload windows metasploit
2014-10-21 - Verified   Joomla Akeeba Kickstart Unserialize Remote Code Execution php metasploit
2014-10-21 - Verified   HP Data Protector EXEC_INTEGUTIL Remote Code Execution multiple metasploit
2014-10-09 - Verified   Wordpress InfusionSoft Plugin Upload Vulnerability php metasploit
2014-10-09 - Verified   Rejetto HttpFileServer Remote Command Execution windows metasploit
2014-10-09 - Verified   F5 iControl Remote Root Command Execution unix metasploit
2014-10-04 - Waiting verification   OpenVPN 2.2.29 - ShellShock Exploit linux hobbily plunt

Local Exploits

Date D A V   Description Plat. Author
2014-10-20 - Waiting verification   Windows OLE Package Manager SandWorm Exploit windows Vlad Ovtchinikov
2014-10-20 - Verified   MS14-060 Microsoft Windows OLE Package Manager Code Execution win32 metasploit
2014-10-20 - Verified   Linux PolicyKit Race Condition Privilege Escalation linux metasploit
2014-10-15 - Verified   Microsoft Bluetooth Personal Area Networking (BthPan.sys) Privilege Escalation win32 metasploit
2014-09-13 - Waiting verification   Comodo Internet Security - HIPS/Sandbox Escape PoC windows Joxean Koret
2014-10-14 - Waiting verification   Telefonica O2 Connection Manager 3.4 - Local Privilege Escalation Vulnerability windows LiquidWorm

Web Applications

Date D A V   Description Plat. Author
2014-09-16 - Waiting verification   ZTE ZXDSL-931VII - Unauthenticated Configuration Dump hardware L0ukanik0-s S0kni.
2014-09-27 Download Vulnerable Application Waiting verification   Typo3 JobControl 2.14.0 - Cross Site Scripting / SQL Injection php Adler Freiheit
2014-10-16 - Waiting verification   Drupal Core <= 7.32 - SQL Injection (#1) php fyukyuk
2014-10-17 - Waiting verification   Drupal Core <= 7.32 - SQL Injection (#2) php Claudio Viviani

DoS/PoC

Date D A V   Description Plat. Author
2014-10-17 - Verified   SAP Netweaver Enqueue Server - Denial of Service windows Core Security
2014-10-02 - Waiting verification   TeamSpeak Client 3.0.14 - Buffer Overflow Vulnerability windows SpyEye and Christ.
2014-09-24 - Waiting verification   WS10 Data Server SCADA Exploit Overflow PoC windows Pedro Sánchez
2014-09-20 - Waiting verification   Fast Image Resizer 098 - Local Crash Poc windows niko sec
2014-09-20 - Waiting verification   Seafile-server <= 3.1.5 - Remote DoS windows nop nop
2014-09-09 Download Vulnerable Application Waiting verification   PHP Stock Management System 1.02 - Multiple Vulnerabilty aix jsass
2014-09-05 Download Vulnerable Application Verified   BulletProof FTP Client 2010 - Buffer Overflow (SEH) Exploit windows Robert Kugler

Shellcode

Date D   Description Plat. Author
2014-09-15   Connect Back Shellcode - 139 bytes linux MadMouse
2014-09-09   Obfuscated Shellcode Linux x86 - chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash linux Ali Razmjoo
2014-08-04   Shellcode Linux x86 - chmod (777 /etc/passwd & /etc/shadow), Add New Root User (ALI/ALI) & Execute /bin/sh linux Ali Razmjoo
2014-06-22   Windows All Versions - Add Admin User Shellcode (194 bytes) windows Giuseppe D'Amore
2014-07-14   Socket Re-use Shellcode for Linux x86 (50 bytes) lin_x86 ZadYree
2013-11-04   MIPS Little Endian Reverse Shell Shellcode (Linux) hardware Jacob Holcomb
2013-10-16   Messagebox Shellcode (113 bytes) - Any Windows Version windows Giuseppe D'Amore

Papers

Date D   Description Author
2014-09-20   Exploração de código remoto: uma técnica bastante eficaz F0rb1dd3n .
2014-10-02 Technical Information on Vulnerabilities of Hypercall Handlers Aleksandar Milenk.
2014-09-09 Breaking the Sandbox Sudeep Singh
2014-09-01 [Spanish] Design and Implementation of a Voice Encryption System for Telephone Networks Fabian Valero Duq.
2014-09-01 Outsmarted - Why Malware Works in the Face of Antivirus Software SySS GmbH
2014-08-09 [Romanian] Stack Based Buffer Overflow Poyo VL
2014-07-29 [Turkish] SQLMap CSRF Bypass ibrahim balic