The Exploit Database – ultimate archive of Exploits, Shellcode, and Security Papers. New to the site? Learn about the Exploit Database.
The Exploit Database (EDB) is a CVE compliant archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our goal is to collect exploits from various sources and concentrate them in one, easy to navigate database
Download the Exploit Database Archive
The Google Hacking Database (GHDB) is a collection of interesting Google searches which find, identify or expose information which could be useful for penetration testers or security auditors such as advertised vulnerabilities, exposed credentials and more.
Visit the Google Hacking Database
This exploit category includes exploits for remote services or applications, including client side exploits.
| Date | D | A | V | Title | Platform | Author |
|---|---|---|---|---|---|---|
| 2016-04-01 |
|
- |
|
PHP <= 7.0.4/5.5.33 - SNMP Format String Exploit | multiple | Andrew Kramer |
| 2016-03-31 |
|
- |
|
Apache Jetspeed Arbitrary File Upload | java | metasploit |
| 2012-12-30 |
|
- |
|
LShell <= 0.9.15 - Remote Code Execution | linux | drone |
| 2016-03-30 |
|
|
|
ATutor 2.2.1 Directory Traversal / Remote Code Execution | php | metasploit |
| 2016-03-30 |
|
- |
|
Metaphor - Stagefright Exploit with ASLR Bypass | android | NorthBit |
| 2016-03-29 |
|
- |
|
Adobe Flash - Object.unwatch Use-After-Free Exploit | multiple | Google Securit. |
| 2016-03-23 |
|
- |
|
Multiple CCTV-DVR Vendors - Remote Code Execution | hardware | K1P0D |
This exploit category includes exploits for web applications.
| Date | D | A | V | Title | Platform | Author |
|---|---|---|---|---|---|---|
| 2016-04-04 |
|
- |
|
PQI Air Pen Express 6W51-0000R2 and 6W51-0000R2XXX - Multiple Vulnerabilities | hardware | Orwelllabs |
| 2016-04-01 |
|
|
|
WordPress Advanced Video Plugin 1.0 - Local File Inclusion (LFI) | php | evait security. |
| 2016-03-31 |
|
- |
|
MOBOTIX Video Security Cameras - CSRF Add Admin Exploit | hardware | LiquidWorm |
| 2016-03-31 |
|
- |
|
Apache OpenMeetings 1.9.x - 3.1.0 - ZIP File path Traversal | linux | Andreas Lindh |
| 2016-03-27 |
|
|
|
Wordpress Plugin IMDb Profile Widget 1.0.8 - Local File Inclusion | php | CrashBandicot |
| 2016-03-27 |
|
|
|
WordPress Photocart Link Plugin 1.6 - Local File Inclusion | php | CrashBandicot |
| 2016-03-30 |
|
|
|
CubeCart 6.0.10 - Multiple Vulnerabilities | php | High-Tech Brid. |
This exploit category includes local exploits or privilege escalation exploits.
This exploit category includes proof of concept code or code that results in a denial of service or application crash.
| Date | D | A | V | Title | Platform | Author |
|---|---|---|---|---|---|---|
| 2016-04-04 |
|
|
|
Xion Audio Player <= 1.5 (build 160) - .mp3 Crash PoC | windows | Charley Celice |
| 2016-04-04 |
|
|
|
Hexchat IRC Client 2.11.0 - CAP LS Handling Buffer Overflow | multiple | PizzaHatHacker |
| 2016-04-01 |
|
- |
|
Windows Kernel - Bitmap Use-After-Free | windows | Nils Sommer |
| 2016-04-01 |
|
- |
|
Windows Kernel - NtGdiGetTextExtentExW Out-of-Bounds Memory Read | windows | Nils Sommer |
| 2016-04-01 |
|
- |
|
Adobe Flash - URLStream.readObject Use-After-Free | multiple | Google Securit. |
| 2016-04-01 |
|
- |
|
Adobe Flash - TextField.maxChars Use-After-Free | multiple | Google Securit. |
| 2016-04-01 |
|
- |
|
Android - ih264d_process_intra_mb Memory Corruption | android | Google Securit. |
This category includes archived shellcode.
| Date | D | Title | Platform | Author |
|---|---|---|---|---|
| 2016-03-28 |
|
Linux/x86_x64 - execve(/bin/sh) - 25 bytes | lin_x86-64 | Ajith Kp |
| 2016-03-28 |
|
Linux/x86_x64 - execve(/bin/bash) - 33 bytes | lin_x86-64 | Ajith Kp |
| 2016-03-24 |
|
Linux/x86_x64 - execve(/bin/sh) - 26 bytes | lin_x86-64 | Ajith Kp |
| 2016-03-02 |
|
x86 Windows Null-Free Download & Run via WebDAV Shellcode (96 bytes) | win32 | Sean Dillon |
| 2016-02-26 |
|
Linux/ARM - Connect back to {ip:port} with /bin/sh - 95 bytes | arm | Xeon |
| 2016-02-01 |
|
x86_64 Linux shell_reverse_tcp with Password - Polymorphic Version v2 | lin_x86-64 | Sathish kumar |
| 2016-02-01 |
|
Linux x86 Download & Execute Shellcode | lin_x86 | B3mB4m |
Archived security papers in all languages.