CVE Certified

The Exploit Database

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D A V   Description Plat. Author
2014-09-13 Download Vulnerable Application Waiting verification   Ammyy Admin 3.5 - RCE windows scriptjunkie
2014-10-27 - Verified   Centreon SQL and Command Injection unix metasploit
2014-10-25 - Waiting verification   Windows OLE - Remote Code Execution "Sandworm" Exploit (MS14-060) windows Mike Czumak
2014-10-21 - Verified   Numara / BMC Track-It! FileStorageService Arbitrary File Upload windows metasploit
2014-10-21 - Verified   Joomla Akeeba Kickstart Unserialize Remote Code Execution php metasploit

Local Exploits

Date D A V   Description Plat. Author
2014-10-27 - Waiting verification   Filemaker Pro 13.03 & Advanced 12.04 - Login Bypass and Privilege Escalation windows Giuseppe D'Amore
2014-10-28 - Verified   Windows TrackPopupMenu Win32k NULL Pointer Dereference windows metasploit
2014-10-27 Download Vulnerable Application Verified   Free WMA MP3 Converter 1.8 (.wav) - Buffer Overflow windows metacom
2014-10-22 - Waiting verification   iBackup 10.0.0.32 - Local Privilege Escalation windows Glafkos Charalamb.
2014-10-20 - Waiting verification   Windows OLE Package Manager SandWorm Exploit windows Vlad Ovtchinikov
2014-10-20 - Verified   MS14-060 Microsoft Windows OLE Package Manager Code Execution win32 metasploit

Web Applications

Date D A V   Description Plat. Author
2014-10-28 - Waiting verification   Enalean Tuleap 7.4.99.5 - Blind SQL Injection php Portcullis
2014-10-28 - Waiting verification   Enalean Tuleap 7.2 - XXE File Disclosure php Portcullis
2014-10-28 - Waiting verification   Enalean Tuleap 7.4.99.5 - Remote Command Execution php Portcullis
2014-10-28 - Waiting verification   vBulletin Tapatalk - Blind SQL Injection php tintinweb
2014-09-09 - Waiting verification   Parallels Plesk Sitebuilder 9.5 - Multiple Vulnerabilities php alieye

DoS/PoC

Date D A V   Description Plat. Author
2014-10-27 - Verified   Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash linux Michal Zalewski
2014-10-25 - Waiting verification   OpenBSD <= 5.5 - Local Kernel Panic bsd nitr0us
2014-10-17 - Verified   SAP Netweaver Enqueue Server - Denial of Service windows Core Security
2014-10-02 - Waiting verification   TeamSpeak Client 3.0.14 - Buffer Overflow Vulnerability windows SpyEye and Christ.
2014-09-24 - Waiting verification   WS10 Data Server SCADA Exploit Overflow PoC windows Pedro Sánchez
2014-09-20 - Waiting verification   Fast Image Resizer 098 - Local Crash Poc windows niko sec
2014-09-20 - Waiting verification   Seafile-server <= 3.1.5 - Remote DoS windows nop nop

Shellcode

Date D   Description Plat. Author
2014-09-15   Connect Back Shellcode - 139 bytes linux MadMouse
2014-09-09   Obfuscated Shellcode Linux x86 - chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash linux Ali Razmjoo
2014-08-04   Shellcode Linux x86 - chmod (777 /etc/passwd & /etc/shadow), Add New Root User (ALI/ALI) & Execute /bin/sh linux Ali Razmjoo
2014-06-22   Windows All Versions - Add Admin User Shellcode (194 bytes) windows Giuseppe D'Amore
2014-07-14   Socket Re-use Shellcode for Linux x86 (50 bytes) lin_x86 ZadYree
2013-11-04   MIPS Little Endian Reverse Shell Shellcode (Linux) hardware Jacob Holcomb
2013-10-16   Messagebox Shellcode (113 bytes) - Any Windows Version windows Giuseppe D'Amore

Papers

Date D   Description Author
2014-09-20   Exploração de código remoto: uma técnica bastante eficaz F0rb1dd3n .
2014-10-02 Technical Information on Vulnerabilities of Hypercall Handlers Aleksandar Milenk.
2014-09-09 Breaking the Sandbox Sudeep Singh
2014-09-01 [Spanish] Design and Implementation of a Voice Encryption System for Telephone Networks Fabian Valero Duq.
2014-09-01 Outsmarted - Why Malware Works in the Face of Antivirus Software SySS GmbH
2014-08-09 [Romanian] Stack Based Buffer Overflow Poyo VL
2014-07-29 [Turkish] SQLMap CSRF Bypass ibrahim balic