The ultimate archive of exploits and vulnerable software - A great resource for vulnerability researchers and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.
We are running a general cleanup on the DB and have changed our submission policy - please check it out before submitting exploits to us.
Due to recent DOS attacks, our application downloads are now captcha protected.
We are running a general cleanup on the DB and have changed our submission policy - please check it out before submitting exploits to us.
Due to recent DOS attacks, our application downloads are now captcha protected.
Remote Exploits
| 2010-03-11 | D | - | ![]() |
Skype - URI Handler Input Validation | windows | Paul Craig |
| 2010-03-10 | D | - | ![]() |
Microsoft Internet Explorer iepeers.dll Use-After-Free Exploit (meta) | windows | Trancer |
| 2010-03-09 | D | A | ![]() |
Easy FTP Server v1.7.0.2 CWD Remote BoF - MSF Module | windows | Blake |
| 2010-03-09 | D | - | ![]() |
Apache Spamassassin Milter Plugin Remote Root Command Execution | multiple | Kingcope |
| 2010-03-09 | D | - | ![]() |
SAP GUI version 7.10 WebViewer3D Active-X JIT-Spray Exploit | windows | Alexey Sintsov |
| 2010-03-07 | D | - | ![]() |
Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit | windows | Brett Gervasoni |
| 2010-03-02 | D | A | ![]() |
ProSSHD v1.2 20090726 Buffer Overflow Exploit | windows | S2 Crew |
Local Exploits
| 2010-03-13 | D | A | ![]() |
Yahoo Player v1.0 (.m3u) Buffer Overflow Exploit (direct EIP overwrite) | windows | Bombard |
| 2010-03-10 | D | - | ![]() |
Mini-stream Ripper 3.0.1.1 (.m3u) HREF Buffer Overflow | windows | l3D |
| 2010-03-09 | D | - | ![]() |
Lenovo Hotkey Driver <= v5.33 Privilege Escalation | windows | Chilik Tamir |
| 2010-03-08 | D | A | ![]() |
QuickZip 4.x (.zip) 0day Local Universal Buffer Overflow PoC Exploit | windows | corelanc0d3r and mr_me |
| 2010-03-07 | D | - | ![]() |
Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4 | multiple | kingcope |
| 2010-03-07 | D | A | ![]() |
Yahoo Player v1.0 (.m3u/.pls/.ypl) Buffer Overflow Exploit (SEH) | windows | Mr.tro0oqy |
| 2010-02-26 | D | A | ![]() |
Orbital Viewer v1.04 (.orb) 0day Local Universal SEH Overflow Exploit | windows | mr_me |
Web Applications
| 2010-03-13 | D | - | ![]() |
systemsoftware Community Black index.php SQL Injection | php | Easy Laster |
| 2010-03-13 | D | - | ![]() |
Azeno CMS SQL Injection Vulnerability | php | DevilZ TM |
| 2010-03-13 | D | - | ![]() |
Joomla Component com_races Blind SQL Injection Vulnerability | php | DevilZ TM |
| 2010-03-13 | D | - | ![]() |
Joomla Component com_comp SQL Injection Vulnerability | php | DevilZ TM |
| 2010-03-13 | D | - | ![]() |
Joomla Component com_sbsfile Local File Inclusion | php | DevilZ TM |
| 2010-03-12 | D | - | ![]() |
Joomla Component com_juliaportfolio Local File Inclusion | php | DevilZ TM |
| 2010-03-12 | D | - | ![]() |
dreamlive Auktionshaus script news.php (id) SQL Injection Vulnerability | php | Easy Laster |
DoS/PoC
| 2010-03-13 | D | - | ![]() |
Multiple PHP Functions - Local Denial of Service Vulnerabilities | multiple | Pr0T3cT10n |
| 2010-03-13 | D | - | ![]() |
Mackeitone Media Player (.m3u file) stack buffer Overflow | windows | ItSecTeam |
| 2010-03-12 | D | - | ![]() |
Media Player classic StatsReader (.stats file) stack buffer Overflow poc | windows | ItSecTeam |
| 2010-03-12 | D | - | ![]() |
FreeBSD and OpenBSD 'ftpd' NULL Pointer Dereference Denial Of Service Vulnerability | multiple | kingcope |
| 2010-03-09 | D | A | ![]() |
JAD java decompiler 1.5.8g (.class) Stack Overflow DoS | windows | l3D |
| 2010-03-09 | D | A | ![]() |
JAD java decompiler 1.5.8g (argument) Local Crash | windows | l3D |
| 2010-03-07 | D | A | ![]() |
TopDownloads MP3 Player 1.0 m3u crash | windows | l3D |
Shellcode
| 2010-03-11 | D | Windows XP Professional SP2 ita calc.exe shellcode 36 bytes | win32 | Stoke |
| 2010-03-08 | D | JITed exec notepad Shellcode | win32 | Alexey Sintsov |
| 2010-03-07 | D | JITed stage-0 shellcode | win32 | Alexey Sintsov |
| 2010-03-04 | D | Linux x86 - disabled modsecurity - 64 bytes | linux/x86 | sekfault |
| 2010-03-01 | D | Windows XP Home Edition SP3 English ( calc.exe ) 37 bytes | win32 | Hazem mofeed |
| 2010-02-28 | D | Windows Xp Home Edition SP2 English ( calc.exe ) 37 bytes | win32 | Hazem mofeed |
| 2010-02-27 | D | Linux x86 - execve /bin/sh - 21 bytes | linux/x86 | ipv |
Papers
| 2010-03-13 | D | MySQL Injection Using darkMySQLi.py | Mohd Izhar Ali | |
| 2010-03-12 | D | [Portuguese] Retornando para LibC / Ret2libc | m0nad | |
| 2010-03-09 | D | Exploit Writing Tutorial Part 9 - Introduction to Win32 shellcoding | corelanc0d3r | |
| 2010-03-09 | D | Exploit Writing Tutorial Part 8 - Win32 Egg Hunting | corelanc0d3r | |
| 2010-03-06 | D | [Portuguese] Sockets em linguagem C | Cooler_ | |
| 2010-03-04 | D | Joomla's RFI Summary | Mr.aFiR | |
| 2010-02-27 | D | [Spanish] Wide WiFi Security | Roberto Amado Gimenez |

