The Exploit Database
The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.
Remote Exploits
| Date | D | A | V | Description | Plat. | Author | |
|---|---|---|---|---|---|---|---|
| 2010-10-21 |
|
- |
|
Sawmill Enterprise < v8.1.7.3 Multiple Vulnerabilities | 300 | multiple | SEC Consult |
| 2010-10-21 |
|
- |
|
Adobe Shockwave player rcsL chunk memory corruption 0day | 1930 | windows | Abysssec |
| 2010-10-20 |
|
- |
|
MS10-070 ASP.NET Auto-Decryptor File Download Exploit | 1694 | windows | Agustin Azubel |
| 2010-10-20 |
|
- |
|
Oracle JRE - java.net.URLConnection class – Same-of-Origin (SOP) Policy Bypass | 714 | windows | Roberto Suggi Liv. |
| 2010-10-17 |
|
- |
|
Windows NTLM Weak Nonce Vulnerability | 3432 | windows | Hernan Ochoa |
| 2010-10-17 |
|
- |
|
MS10-070 ASP.NET Padding Oracle File Download | 1641 | asp | Agustin Azubel |
| 2010-10-13 |
|
- |
|
Oracle Virtual Server Agent Command Injection | 1295 | unix | Nahuel Grisolia |
Local Exploits
| Date | D | A | V | Description | Plat. | Author | |
|---|---|---|---|---|---|---|---|
| 2010-10-19 |
|
|
|
Winamp 5.5.8 (in_mod plugin) Stack Overflow Exploit | 541 | windows | Mighty-D |
| 2010-10-19 |
|
- |
|
Linux RDS Protocol Local Privilege Escalation | 1990 | linux | Dan Rosenberg |
| 2010-10-18 |
|
|
|
FatPlayer 0.6b Malicious WAV Buffer Overflow Vulnerability (SEH) | 342 | windows | James Fitts |
| 2010-10-18 |
|
- |
|
GNU C library dynamic linker $ORIGIN expansion Vulnerability | 2109 | linux | Tavis Ormandy |
| 2010-10-13 |
|
- |
|
Oracle Solaris CVE-2010-3503 'su' Local Solaris Vulnerability | 992 | solaris | prdelka |
| 2010-10-04 |
|
|
|
SnackAmp 3.1.3B Malicious SMP Buffer Overflow Vulnerability (SEH - DEP BYPASS) | 818 | windows | Muhamad Fadzil Ra. |
| 2010-10-04 |
|
- |
|
FreeBSD 'pseudofs' NULL Pointer Dereference Local Privilege Escalation Vulnerability | 1459 | bsd | Babcia Padlina |
Web Applications
| Date | D | A | V | Description | Plat. | Author | |
|---|---|---|---|---|---|---|---|
| 2010-10-21 |
|
- |
|
Squirrelcart PRO 3.0.0 Blind SQL Injection Vulnerability | 262 | php | Salvatore Fresta |
| 2010-10-21 |
|
|
|
sNews CMS Multiple XSS Vulnerabilities | 427 | php | High-Tech Bridge . |
| 2010-10-20 |
|
- |
|
Oracle Sun Java System Web Server - HTTP Response Splitting | 608 | jsp | Roberto Suggi Liv. |
| 2010-10-19 |
|
|
|
phpCheckZ 1.1.0 Blind SQL Injection Vulnerability | 808 | php | Salvatore Fresta |
| 2010-10-19 |
|
- |
|
Event Ticket Portal Script Admin Password Change CSRF Vulnerability | 585 | php | KnocKout |
| 2010-10-19 |
|
- |
|
Travel Portal Script Admin Password Change CSRF Vulnerability | 480 | php | KnocKout |
| 2010-10-18 |
|
- |
|
CubeCart 2.0.1 SQL Injection Vulnerability | 1088 | php | X_AviaTique_X |
DoS/PoC
| Date | D | A | V | Description | Plat. | Author | |
|---|---|---|---|---|---|---|---|
| 2010-10-21 |
|
|
|
Altova DatabaseSpy 2011 Project File Handling Buffer Overflow Vulnerability | 111 | windows | LiquidWorm |
| 2010-10-21 |
|
|
|
Windows Mobile 6.1 and 6.5 Double Free Denial of Service | 267 | windows | musashi karak0rsa. |
| 2010-10-20 |
|
- |
|
LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form | 185 | linux | Core Security |
| 2010-10-19 |
|
|
|
Hanso Converter 1.1.0 .ogg Denial of Service Vulnerability | 282 | windows | anT!-Tr0J4n |
| 2010-10-17 |
|
|
|
Opera v10.63 SVG animation Element Denial of Service | 451 | multiple | fla |
| 2010-10-17 |
|
- |
|
Novel eDirectory DHost Console 8.8 SP3 Local SEH Overwrite | 297 | windows | d0lc3 |
| 2010-10-16 |
|
|
|
PHP Hosting Directory 2.0 Database Disclosure Exploit (.py) | 552 | aix | ZoRLu |
Shellcode
| Date | D | Description | Plat. | Author | |
|---|---|---|---|---|---|
| 2010-10-04 |
|
win32/xp pro sp3 (EN) 32-bit - add new local administrator 113 bytes | 3105 | windows | Anastasios Monach. |
| 2010-10-04 |
|
generic win32 - add new local administrator 326 bytes | 1389 | windows | Anastasios Monach. |
| 2010-09-27 |
|
Windows Mobile 6.5 TR Phone Call Shellcode | 1108 | windows | Celil Ünüver |
| 2010-09-26 |
|
Windows Mobile 6.5 TR (WinCE 5.2) MessageBox Shellcode (ARM) | 672 | windows | Celil Ünüver |
| 2010-09-20 |
|
win32/xp sp3 (Tr) Add Admin Account Shellcode 127 bytes | 2948 | windows | ZoRLu |
| 2010-09-05 |
|
Linux/ARM - execve("/bin/sh", [0], [0 vars]) - 27 bytes | 1708 | arm | Jonathan Salwan |
| 2010-09-02 |
|
Shellcode Checksum Routine | 1806 | win32 | dijital1 |