CVE Certified

The Exploit Database

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D A V   Description Plat. Author
2014-12-19 - Waiting verification   Varnish Cache CLI Interface Remote Code Execution linux Patrick Webster
2014-12-16 Download Vulnerable Application Verified   ActualAnalyzer 'ant' Cookie Command Execution unix metasploit
2014-12-02 - Waiting verification   tnftp - clientside BSD exploit bsd dash
2014-12-15 - Verified   Tuleap PHP Unserialize Code Execution php metasploit
2014-11-24 - Waiting verification   JourneyMap 5.0.0RC2 Ultimate Edition - DoS (Resource Consumption) multiple CovertCodes
2014-12-02 - Waiting verification   Tiny Server 1.1.9 - Arbitrary File Disclosure Exploit windows ZoRLu Bugrahan

Local Exploits

Date D A V   Description Plat. Author
2014-12-15 - Waiting verification   Mediacoder 0.8.33 build 5680 - SEH Buffer Overflow Exploit Dos (.m3u) windows s-dz
2014-12-15 - Waiting verification   Mediacoder 0.8.33 build 5680 - SEH Buffer Overflow Exploit Dos (.lst) windows s-dz
2014-12-15 - Waiting verification   jaangle 0.98i.977 - Denial of Service Vulnerability windows s-dz
2014-12-03 - Waiting verification   BulletProof FTP Client 2010 - Buffer Overflow (SEH) Exploit windows Muhamad Fadzil Ra.
2014-12-03 - Waiting verification   VFU 4.10-1.1 - Buffer Overflow linux Juan Sacco
2014-12-09 - Waiting verification   Advantech AdamView 4.30.003 - (.gni) SEH Buffer Overflow windows Muhamad Fadzil Ra.
2014-12-05 - Waiting verification   Offset2lib: Bypassing Full ASLR On 64bit Linux lin_amd64 Packet Storm

Web Applications

Date D A V   Description Plat. Author
2014-12-19 Download Vulnerable Application Waiting verification   Cacti Superlinks Plugin 1.4-2 RCE(LFI) via SQL Injection Exploit php Wireghoul
2014-12-19 Download Vulnerable Application Waiting verification   miniBB 3.1 - Blind SQL Injection php Kacper Szurek
2014-12-17 - Waiting verification   CIK Telecom VoIP router SVG6000RW - Privilege Escalation and Command Execution hardware Chako
2014-12-02 Download Vulnerable Application Waiting verification   ProjectSend r-561 - Arbitrary File Upload php Fady Mohammed Osm.
2014-12-02 Download Vulnerable Application Waiting verification   SQL Buddy 1.3.3 - Remote Code Execution php Fady Mohammed Osm.
2014-12-16 - Waiting verification   CMS Papoo 6.0.0 Rev. 4701 - Stored XSS php Steffen Rösemann
2014-12-09 - Waiting verification   Wordpress Plugin Symposium 14.10 - SQL Injection php Kacper Szurek

DoS/PoC

Date D A V   Description Plat. Author
2014-12-19 - Waiting verification   Ettercap 0.8.0-0.8.1 - Multiple Denial of Service Vulnerabilities linux Nick Sampanis
2014-12-15 - Waiting verification   phpMyAdmin 4.0.x, 4.1.x, 4.2.x - DoS php Javer Nieto and A.
2014-11-22 - Waiting verification   Microsoft Windows Win32k.sys - Denial of Service windows Kedamsky
2014-11-24 - Waiting verification   RobotStats 1.0 - HTML Injection Vulnerability aix ZoRLu Bugrahan
2014-11-26 - Waiting verification   Elipse E3 HTTP Denial of Service windows firebitsbr
2014-11-26 - Waiting verification   Android WAPPushManager - SQL Injection android Baidu X-Team
2014-11-25 - Waiting verification   TRENDnet SecurView Wireless Network Camera TV-IP422WN (UltraCamX.ocx) Stack BoF windows LiquidWorm

Shellcode

Date D   Description Plat. Author
2014-11-10   Position independent & Alphanumeric 64-bit execve("/bin/sh\0",NULL,NULL); (87 bytes) linux Breaking.Technolo.
2014-09-25   Linux/x86 Add map in /etc/hosts file lin_x86 Javier Tejedor
2014-09-15   Connect Back Shellcode - 139 bytes linux MadMouse
2014-09-09   Obfuscated Shellcode Linux x86 - chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash linux Ali Razmjoo
2014-08-04   Shellcode Linux x86 - chmod (777 /etc/passwd & /etc/shadow), Add New Root User (ALI/ALI) & Execute /bin/sh linux Ali Razmjoo
2014-06-22   Windows All Versions - Add Admin User Shellcode (194 bytes) windows Giuseppe D'Amore
2014-07-14   Socket Re-use Shellcode for Linux x86 (50 bytes) lin_x86 ZadYree

Papers

Date D   Description Author
2014-12-15   Backdooring with netcat shellcode Flor Ian
2014-12-15 Socket Learning Flor Ian
2014-12-15 [Turkish] Codesys SEH Exploit Tutorial Paper Bekir Karul
2014-12-05 [Hebrew] Digital Whisper Security Magazine #56 cp77fk4r & UnderW.
2014-12-02   NMAP - Port-Scanning: A Practical Approach Modified for better Flor Ian
2014-12-03 [Turkish] How to Bypass SafeSEH and Stack Cookie Protection Bekir Karul
2014-11-27 PoC || GTFO 0x06 Rt. Revd. Dr.