CVE Certified

The Exploit Database

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D A V   Description Plat. Author
2013-05-17 - Verified   Mutiny 5 Arbitrary File Upload 1617 linux metasploit
2013-05-14 - Verified   SAP SOAP RFC SXPG_CALL_SYSTEM Remote Command Execution 1805 multiple metasploit
2013-05-14 - Verified   SAP SOAP RFC SXPG_COMMAND_EXECUTE Remote Command Execution 869 multiple metasploit
2013-05-07 - Verified   Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability 6590 windows metasploit
2013-05-07 - Waiting verification   Dovecot with Exim sender_address Parameter - Remote Command Execution 1955 linux RedTeam Pentestin.

Local Exploits

Date D A V   Description Plat. Author
2013-05-14 - Waiting verification   Linux PERF_EVENTS - Local Root Exploit 4943 linux sd
2013-05-14 - Verified   ERS Viewer 2011 ERS File Handling Buffer Overflow 535 windows metasploit
2013-05-14 - Waiting verification   Linux Kernel open-time Capability file_ns_capable() Privilege Escalation 1702 linux Andrew Lutomirski
2013-05-13 Download Vulnerable Application Verified   Kloxo 6.1.6 - Local Privilege Escalation 971 linux HTP
2013-05-13 Download Vulnerable Application Waiting verification   No-IP Dynamic Update Client (DUC) 2.1.9 - Local IP Address Stack Overflow 854 linux Alberto Ortega
2013-05-13 Download Vulnerable Application Verified   Adrenalin Player 2.2.5.3 - Buffer Overflow Exploit (SEH) 119 windows seaofglass

Web Applications

Date D A V   Description Plat. Author
2013-05-17 Download Vulnerable Application Waiting verification   Persistent XSS in CKEditor <4.1 via WYSIWYG module Drupal 6.x & 7.x 1801 php r0ng
2013-05-17 Download Vulnerable Application Verified   php-Charts 1.0 - Code Execution Vulnerability 706 php fizzle stick
2013-05-17 - Waiting verification   Exponent CMS 2.2.0 beta 3 - Multiple Vulnerabilities 821 php High-Tech Bridge .
2013-04-16 - Waiting verification   ZPanel templateparser.class.php Crafted Template Remote Command Execution 653 php Sven Slootweg
2013-05-14 Download Vulnerable Application Verified   Wordpress wp-FileManager - Arbitrary File Download Vulnerability 2971 php ByEge
2013-05-14 - Verified   IPB (Invision Power Board) all versions (1.x? / 2.x / 3.x) - Admin Account Takeover 2821 php John JEAN

DoS/PoC

Date D A V   Description Plat. Author
2013-05-17 Download Vulnerable Application Waiting verification   nginx 1.3.9-1.4.0 DoS PoC 1868 linux Mert SARICA
2013-05-15 Download Vulnerable Application Verified   Serva 32 TFTP 2.1.0 - Buffer Overflow Denial of service 606 windows Sapling
2013-05-14 Download Vulnerable Application Verified   Quick Search Version 1.1.0.189 Buffer Overflow Vulnerability (SEH) 314 windows ariarat
2013-05-13 Download Vulnerable Application Verified   MiniWeb MiniWeb HTTP Server (build 300) - Crash PoC 150 windows dmnt
2013-05-11 Download Vulnerable Application Verified   Lan Messenger sending PM Buffer Overflow(UNICODE) - Overwrite SEH 697 windows ariarat
2013-04-22 - Verified   Flightgear 2.0, 2.4 - Remote Format String Exploit 444 windows Kurono

Shellcode

Date D   Description Plat. Author
2013-01-24   Allwin URLDownloadToFile + WinExec + ExitProcess Shellcode 9644 windows RubberDuck
2012-12-24   Linux/x86 Remote Port Forwarding Shellcode 87 bytes 7860 lin/x86 Hamza Megahed
2012-11-05   Windows XP PRO SP3 - Full ROP calc shellcode 21229 windows b33f
2012-09-11   [Raspberry Pi] Linux/ARM - reverse_shell(tcp,10.1.1.2,0x1337) 9640 arm midnitesnake
2012-09-11   [Raspberry Pi] Linux/ARM - execve("/bin/sh", [0], [0 vars]) - 30 bytes 4146 arm midnitesnake
2012-09-11   [Raspberry Pi] Linux/ARM - chmod("/etc/shadow", 0777) - 41 bytes 4920 arm midnitesnake
2012-08-02   Linux x86 ASLR deactivation - 83 bytes 6831 lin/x86 Jean Pascal Perei.

Papers

Date D   Description Author
2013-05-08   HTP Zine 5 HTP
2013-05-06 [Hebrew] Digital Whisper Security Magazine #41 cp77fk4r and Unde.
2013-04-08 Novell GroupWise Untrusted Pointer Dereference Exploitation High-Tech Bridge .
2013-04-02 CUDA Cracking Rohit Shaw and Ut.
2013-03-28 [Spanish] Wireless Network Security Pandemic
2013-03-25 Hacking Trust Relationships Between SIP Gateways Fatih Ozavci