CVE Certified

The Exploit Database

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D A V   Description Plat. Author
2014-11-24 - Verified   Hikvision DVR RTSP Request Remote Code Execution linux metasploit
2014-11-20 - Verified   Internet Explorer OLE Pre-IE11 - Automation Array Remote Code Execution / Powershell VirtualAlloc (MS14-064) windows GradiusX & b33f
2014-11-18 - Verified   Samsung Galaxy KNOX Android Browser RCE android metasploit
2014-11-18 - Verified   MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability php metasploit
2014-11-17 - Verified   Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 5.1 Bypass (MS12-037) windows ryujin & sickness
2014-11-17 - Waiting verification   .NET Remoting Services Remote Command Execution windows James Forshaw
2014-11-13 - Verified   Internet Explorer <= 11 - OLE Automation Array Remote Code Execution (#1) windows yuange

Local Exploits

Date D A V   Description Plat. Author
2014-11-22 - Waiting verification   Privacyware Privatefirewall 7.0 - Unquoted Service Path Privilege Escalation windows LiquidWorm
2014-11-14 Download Vulnerable Application Verified   OSSEC 2.8 - Insecure Temporary File Creation Vulnerability Privilege Escalation linux skynet-13
2014-11-14 - Verified   MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python windows metasploit
2014-11-14 - Verified   MS14-064 Microsoft Windows OLE Package Manager Code Execution windows metasploit
2014-11-12 - Waiting verification   MS Office 2007 and 2010 - OLE Arbitrary Command Execution windows Abhishek Lyall
2014-11-06 Download Vulnerable Application Verified   i-FTP 2.20 - Buffer Overflow SEH Exploit windows metacom

Web Applications

Date D A V   Description Plat. Author
2014-11-24 - Waiting verification   Wordpress wpDataTables Plugin 1.5.3 - SQL Injection Vulnerability php Claudio Viviani
2014-11-24 - Waiting verification   Wordpress wpDataTables Plugin 1.5.3 - Unauthenticated Shell Upload Vulnerability php Claudio Viviani
2014-11-24 Download Vulnerable Application Waiting verification   DukaPress 2.5.2 - Path Traversal php Kacper Szurek

DoS/PoC

Date D A V   Description Plat. Author
2014-11-24 - Waiting verification   PHP 5.5.12 Locale::parseLocale Memory Corruption php John Leitch
2014-11-24 - Waiting verification   tcpdump 4.6.2 Geonet Decoder Denial of Service multiple Steffen Bauch
2014-11-19 - Waiting verification   MINIX 3.3.0 Remote TCP/IP Stack DoS linux nitr0us
2014-11-10 - Verified   Internet Explorer 11 - Denial Of Service windows Behrooz Abbassi
2014-11-17 - Verified   Safari 8.0 / OS X 10.10 - Crash PoC osx w3bd3vil
2014-11-12 - Waiting verification   CorelDRAW X7 CDR File (CdrTxt.dll) Off-By-One Stack Corruption Vulnerability windows LiquidWorm

Shellcode

Date D   Description Plat. Author
2014-11-10   Position independent & Alphanumeric 64-bit execve("/bin/sh\0",NULL,NULL); (87 bytes) linux Breaking.Technolo.
2014-09-25   Linux/x86 Add map in /etc/hosts file lin_x86 Javier Tejedor
2014-09-15   Connect Back Shellcode - 139 bytes linux MadMouse
2014-09-09   Obfuscated Shellcode Linux x86 - chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash linux Ali Razmjoo
2014-08-04   Shellcode Linux x86 - chmod (777 /etc/passwd & /etc/shadow), Add New Root User (ALI/ALI) & Execute /bin/sh linux Ali Razmjoo
2014-06-22   Windows All Versions - Add Admin User Shellcode (194 bytes) windows Giuseppe D'Amore
2014-07-14   Socket Re-use Shellcode for Linux x86 (50 bytes) lin_x86 ZadYree

Papers

Date D   Description Author
2014-11-24 Deep Dive into ROP Payload Analysis Sudeep Singh
2014-11-06 [Hebrew] Digital Whisper Security Magazine #53 cp77fk4r & UnderW.
2014-11-06 [Hebrew] Digital Whisper Security Magazine #54 cp77fk4r & UnderW.
2014-11-06 [Hebrew] Digital Whisper Security Magazine #55 cp77fk4r & UnderW.
2014-11-03 Exploiting CVE-2014-4113 on Windows 8.1 Moritz Jodeit
2014-09-20   Exploração de código remoto: uma técnica bastante eficaz F0rb1dd3n .