CVE Certified

The Exploit Database

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D A V   Description Plat. Author
2015-01-20 Download Vulnerable Application Waiting verification   Bsplayer 2.68 - HTTP Response Buffer Overflow windows Fady Mohammed Osm.
2015-01-20 - Verified   ManageEngine Multiple Products Authenticated File Upload java metasploit
2015-01-19 - Waiting verification   Samsung SmartViewer BackupToAvi 3.0 - Remote Code Execution windows Praveen Darshanam
2015-01-13 - Verified   Lexmark MarkVision Enterprise Arbitrary File Upload java metasploit
2015-01-13 - Verified   Oracle MySQL for Microsoft Windows FILE Privilege Abuse windows metasploit
2015-01-13 - Verified   WordPress WP Symposium 14.11 Shell Upload php metasploit
2015-01-08 - Verified   Pandora v3.1 - Auth Bypass and Arbitrary File Upload Vulnerability php metasploit

Local Exploits

Date D A V   Description Plat. Author
2015-01-18 - Verified   Windows < 8.1 (32/64 bit) - Privilege Escalation (User Profile Service) (MS15-003) windows Google Security R.
2015-01-16 - Waiting verification   Sim Editor 6.6 - Stack Based Buffer Overflow windows Osanda Malith
2015-01-20 - Verified   OS X networkd "effective_audit_token" XPC Type Confusion Sandbox Escape osx Google Security R.
2015-01-20 - Verified   OS X 10.9.5 IOKit IntelAccelerator NULL Pointer Dereference osx Google Security R.
2015-01-10 Download Vulnerable Application Waiting verification   Palringo 2.8.1 - Stack Buffer Overflow (PoC) windows Mr.ALmfL9
2015-01-11 - Waiting verification   RedStar 3.0 Desktop - Privilege Escalation (Enable sudo) linux prdelka & ‏sfan.
2015-01-11 - Waiting verification   RedStar 2.0 Desktop - Privilege Escalation (World-writeable rc.sysinit) linux prdelka

Web Applications

Date D A V   Description Plat. Author
2015-01-20 Download Vulnerable Application Waiting verification   RedaxScript 2.1.0 - Privilege Escalation php shyamkumar somana
2015-01-20 - Waiting verification   WordPress Pixarbay Images Plugin 2.3 - Multiple Vulnerabilities php Hans-Martin Muenc.
2015-01-09 - Waiting verification   vBulletin MicroCART 1.1.4 - Arbitrary File(s) Deletion, SQL Injection & XSS php Technidev
2015-01-11 - Waiting verification   D-Link DSL-2730B Modem - XSS Injection Stored Exploit DnsProxy.cmd hardware Mauricio Correa
2015-01-11 - Waiting verification   D-Link DSL-2730B Modem - XSS Injection Stored Exploit Lancfg2get.cgi hardware Mauricio Correa
2015-01-14 - Waiting verification   Ansible Tower 2.0.2 - Multiple Vulnerabilities multiple SEC Consult
2015-01-13 - Waiting verification   Gecko CMS 2.3 - Multiple Vulnerabilities php LiquidWorm

DoS/PoC

Date D A V   Description Plat. Author
2015-01-21 - Verified   Crystal Player 1.99 - Memory Corruption Vulnerability windows Kapil Soni
2015-01-22 Download Vulnerable Application Waiting verification   Exif Pilot 4.7.2 - SEH Based Buffer Overflow windows Osanda M. Jayathi.
2015-01-20 Download Vulnerable Application Waiting verification   MalwareBytes Anti-Exploit 1.03.1.1220, 1.04.1.1012 Out-of-bounds Read DoS windows Parvez Anwar
2015-01-20 - Verified   OS X 10.10 IOKit IntelAccelerator NULL Pointer Dereference osx Google Security R.
2014-12-12 - Verified   JetAudio 8.1.3 - (Corrupted mp4) Crash POC windows Drozdova Liudmila
2014-12-12 - Verified   Winamp 5.666 build 3516 - (Corrupted flv) Crash POC windows Drozdova Liudmila
2015-01-13 - Verified   OS X 10.10 Bluetooth DispatchHCICreateConnection - Crash PoC osx rpaleari and joys.

Shellcode

Date D   Description Plat. Author
2015-01-13   Obfuscated Shellcode Windows x86 - [1218 Bytes] Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service win32 Ali Razmjoo
2015-01-13   Obfuscated Shellcode Windows x64 - [1218 Bytes] Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service win64 Ali Razmjoo
2014-12-11   Linux x86 rmdir - 37 bytes Stack shellcode linux kw4
2014-12-22   x64 Linux bind TCP port shellcode (81 bytes, 96 with password) lin_x86-64 Sean Dillon
2014-12-22   x64 Linux reverse TCP connect shellcode (77 to 85 bytes, 90 to 98 with password) lin_x86-64 Sean Dillon
2014-11-10   Position independent & Alphanumeric 64-bit execve("/bin/sh\0",NULL,NULL); (87 bytes) linux Breaking.Technolo.
2014-09-25   Linux/x86 Add map in /etc/hosts file lin_x86 Javier Tejedor

Papers

Date D   Description Author
2015-01-01 [Hebrew] Digital Whisper Security Magazine #57 cp77fk4r & UnderW.
2014-12-29   Anatomy of Exploit - World of Shellcode Flor Ian
2014-12-15   Backdooring with netcat shellcode Flor Ian
2014-12-15 Socket Learning Flor Ian
2014-12-15 [Turkish] Codesys SEH Exploit Tutorial Paper Bekir Karul
2014-12-05 [Hebrew] Digital Whisper Security Magazine #56 cp77fk4r & UnderW.
2014-12-02   NMAP - Port-Scanning: A Practical Approach Modified for better Flor Ian