CVE Certified

The Exploit Database

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D A V   Description Plat. Author
2014-08-24 - Waiting verification   Air Transfer Iphone 1.3.9 - Multiple Vulnerabilities ios Samandeep Singh
2014-08-21 Download Vulnerable Application Verified   HybridAuth install.php PHP Code Execution php metasploit
2014-08-19 - Verified   Firefox toString console.time Privileged Javascript Injection multiple metasploit
2014-08-19 - Verified   Gitlab-shell Code Execution linux metasploit
2014-08-14 - Waiting verification   VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution linux metasploit
2014-08-14 Download Vulnerable Application Verified   VirtualBox 3D Acceleration Virtual Machine Escape win64 metasploit
2014-07-28 Download Vulnerable Application Waiting verification   Oxwall 1.7.0 - Remote Code Execution Exploit php LiquidWorm

Local Exploits

Date D A V   Description Plat. Author
2014-08-20 Download Vulnerable Application Waiting verification   BlazeDVD Pro 7.0 (.plf) - Buffer Overflow (SEH) windows metacom
2014-08-13 - Verified   VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation windows metasploit
2014-08-12 Download Vulnerable Application Verified   BlazeDVD Pro 7.0 - (.plf) Stack Based Buffer Overflow (Direct RET) windows Giovanni Bartolom.
2014-08-05 - Verified   Symantec Endpoint Protection 11.x, 12.x - Kernel Pool Overflow windows ryujin & sickness
2014-07-25 - Verified   MQAC.sys Arbitrary Write Privilege Escalation win32 metasploit
2014-07-19 - Waiting verification   Microsoft XP SP3 MQAC.sys - Arbitrary Write Privilege Escalation windows KoreLogic

Web Applications

Date D A V   Description Plat. Author
2014-08-25 - Waiting verification   Innovaphone PBX Admin-GUI - CSRF Vulnerability multiple Rainer Giedat
2014-08-25 - Verified   ManageEngine Password Manager MetadataServlet.dat SQL Injection multiple Pedro Ribeiro
2014-08-21 Download Vulnerable Application Verified   MyBB 1.8 Beta 3 - Multiple Vulnerabilities php DemoLisH B3yaZ
2014-08-06 - Waiting verification   Feng Office - Stored XSS php Juan Sacco
2014-08-18 - Waiting verification   Tenda A5s Router 3.02.05_CN - Authentication Bypass Vulnerability hardware zixian

DoS/PoC

Date D A V   Description Plat. Author
2014-08-09 - Waiting verification   SHARP MX Series - Denial of Service hardware pws
2014-08-09 - Waiting verification   Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm hardware Matt O'Connor
2014-07-24 Download Vulnerable Application Verified   BulletProof FTP Client 2010 - Buffer Overflow (SEH) windows Gabor Seljan
2014-07-24 - Verified   Make 3.81 - Heap Overflow PoC linux HyP
2014-07-22 Download Vulnerable Application Waiting verification   DjVuLibre <= 3.5.25.3 - Out of Bounds Access Violation windows drone
2014-07-21 - Waiting verification   World Of Warcraft 3.3.5a (macros-cache.txt) - Stack Overflow windows Alireza Chegini
2014-07-21 - Waiting verification   Apache 2.4.7 mod_status Scoreboard Handling Race Condition linux Marek Kroemeke

Shellcode

Date D   Description Plat. Author
2014-08-04   Shellcode Linux x86 - chmod (777 /etc/passwd & /etc/shadow), Add New Root User (ALI/ALI) & Execute /bin/sh linux Ali Razmjoo
2014-06-22   Windows All Versions - Add Admin User Shellcode (194 bytes) windows Giuseppe D'Amore
2014-07-14   Socket Re-use Shellcode for Linux x86 (50 bytes) lin_x86 ZadYree
2013-11-04   MIPS Little Endian Reverse Shell Shellcode (Linux) hardware Jacob Holcomb
2013-10-16   Messagebox Shellcode (113 bytes) - Any Windows Version windows Giuseppe D'Amore
2013-09-23   Linux/x86 Multi-Egghunter lin_x86 Ryan Fenno
2013-07-28   Windows RT ARM Bind Shell (Port 4444) arm Matthew Graeber

Papers

Date D   Description Author
2014-08-09 [Romanian] Stack Based Buffer Overflow Poyo VL
2014-07-29 [Turkish] SQLMap CSRF Bypass ibrahim balic
2014-07-02 [Hebrew] Digital Whisper Security Magazine #52 cp77fk4r & UnderW.
2014-06-30   Back To The Future: Unix Wildcards Gone Wild Leon Juranic
2014-06-29   Asterisk Phreaking How-To Akra Macha
2014-06-30 The Ultimate XSS Protection Cheat Sheet for Developers Ajin Abraham
2014-06-28 PoC || GTFO 0x04 Rt. Revd. Dr.