CVE Certified

The Exploit Database

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D A V   Description Plat. Author
2015-02-27 - Waiting verification   Persistent Systems Client Automation Command Injection RCE windows Ben Turner
2015-02-14 - Waiting verification   PCMan FTP Server 2.0.7 - Buffer Overflow - MKD Command windows R-73eN
2015-02-24 - Verified   HP Client Automation Command Injection multiple metasploit
2015-02-19 Download Vulnerable Application Waiting verification   jQuery jui_filter_rules PHP Code Execution php Timo Schmid
2015-02-17 Download Vulnerable Application Verified   X360 VideoPlayer ActiveX Control Buffer Overflow windows metasploit
2015-02-17 - Verified   Java JMX Server Insecure Configuration Java Code Execution java metasploit
2015-02-11 - Verified   Achat v0.150 beta7 Buffer Overflow windows metasploit

Local Exploits

Date D A V   Description Plat. Author
2015-02-26 - Waiting verification   Electronic Arts Origin Client 9.5.5 - Multiple Privilege Escalation Vulnerabilities windows LiquidWorm
2015-02-26 - Waiting verification   Ubisoft Uplay 5.0 - Insecure File Permissions Local Privilege Escalation windows LiquidWorm
2015-02-13 - Waiting verification   Realtek 11n Wireless LAN utility - Privilege Escalation windows Humberto Cabrera
2015-02-11 - Waiting verification   SoftSphere DefenseWall FW/IPS 3.24 - Privilege Escalation windows Parvez Anwar
2015-02-11 Download Vulnerable Application Waiting verification   MooPlayer 1.3.0 'm3u' SEH Buffer Overflow windows dogo h@ck
2015-02-04 - Waiting verification   AVG Internet Security 2015 Arbitrary Write Privilege Escalation windows Parvez Anwar
2015-02-04 - Waiting verification   BullGuard Multiple Products Arbitrary Write Privilege Escalation windows Parvez Anwar

Web Applications

Date D A V   Description Plat. Author
2015-03-01 - Verified   Seagate Business NAS <= 2014.00319 - Pre-Authentication Remote Code Execution (0day) hardware OJ Reeves
2015-02-13 Download Vulnerable Application Verified   WordPress Webdorado Spider Event Calendar 1.4.9 - SQL Injection php Mateusz Lach
2015-02-16 - Waiting verification   WonderPlugin Audio Player 2.0 - Blind SQL Injection and XSS php Kacper Szurek
2015-02-23 - Waiting verification   Beehive Forum 1.4.4 - Stored XSS Vulnerability php Halil Dalabasmaz
2015-02-23 Download Vulnerable Application Waiting verification   WeBid 1.1.1 Unrestricted File Upload Exploit php CWH Underground

DoS/PoC

Date D A V   Description Plat. Author
2015-02-26 - Waiting verification   SQLite3 3.8.6 - Controlled Memory Corruption PoC linux Andras Kabai
2015-02-22 Download Vulnerable Application Waiting verification   Samsung iPOLiS 1.12.2 - iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue PoC windows Praveen Darshanam
2015-02-23 - Waiting verification   PHP DateTime Use After Free Vulnerability php Taoguang Chen
2015-02-09 Download Vulnerable Application Waiting verification   MooPlayer 1.3.0 - 'm3u' SEH Buffer Overflow PoC windows Samandeep Singh
2015-02-08 - Waiting verification   Chemtool 1.6.14 - Memory Corruption Vulnerability linux Pablo González
2015-01-23 - Waiting verification   IceCream Ebook Reader 1.41 - Crash PoC windows Kapil Soni
2015-01-29 - Waiting verification   Exim ESMTP 4.80 glibc gethostbyname - Denial of Service linux 1n3

Shellcode

Date D   Description Plat. Author
2015-01-22   Linux MIPS execve (36 bytes) linux Sanguine
2015-01-13   Obfuscated Shellcode Windows x86 - [1218 Bytes] Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service win32 Ali Razmjoo
2015-01-13   Obfuscated Shellcode Windows x64 - [1218 Bytes] Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service win64 Ali Razmjoo
2014-12-11   Linux x86 rmdir - 37 bytes Stack shellcode linux kw4
2014-12-22   x64 Linux bind TCP port shellcode (81 bytes, 96 with password) lin_x86-64 Sean Dillon
2014-12-22   x64 Linux reverse TCP connect shellcode (77 to 85 bytes, 90 to 98 with password) lin_x86-64 Sean Dillon
2014-11-10   Position independent & Alphanumeric 64-bit execve("/bin/sh\0",NULL,NULL); (87 bytes) linux Breaking.Technolo.

Papers

Date D   Description Author
2015-02-13 [Hebrew] Digital Whisper Security Magazine #58 cp77fk4r & UnderW.
2015-02-09   Exploit-Sources (Part One) Flor Ian
2015-01-30 Ghost Vulnerability CVE-2015-0235 White Paper Rajivarnan
2015-01-29 Analysis of CVE-2014-4113 (Windows Privilege Escalation Vulnerability) Ronnie Johndas
2015-01-01 [Hebrew] Digital Whisper Security Magazine #57 cp77fk4r & UnderW.
2014-12-29   Anatomy of Exploit - World of Shellcode Flor Ian
2014-12-15   Backdooring with netcat shellcode Flor Ian