Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.

Displaying module details 1 - 10 of 3414 in total

WePresent WiPG-1000 Command Injection Exploit

Disclosed: April 20, 2017

This module exploits a command injection vulnerability in an undocumented CGI file in several versions of the WePresent WiPG-1000 devices. Version was confirmed vulnerable, patched this vulnerability.

Mercurial Custom hg-ssh Wrapper Remote Code Exec Exploit

Disclosed: April 18, 2017

This module takes advantage of custom hg-ssh wrapper implementations that don't adequately validate parameters passed to the hg binary, allowing users to trigger a Python Debugger session, which allows arbitrary Python code execution.

Huawei HG532n Command Injection Exploit

Disclosed: April 15, 2017

This module exploits a command injection vulnerability in the Huawei HG532n routers provided by TE-Data Egypt, leading to a root shell. The router's web interface has two kinds of logins, a "limited" user:user login given to all customers and an admin mode. The limited mode is used here to expose the router's tel...

Microsoft Office Word Malicious Hta Execution Exploit

Disclosed: April 14, 2017

This module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how a olelink object can make a http(s) request, and execute hta code in response. This bug was originally seen being exploited in the wild starting in Oct 201...

Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution Exploit

Disclosed: April 10, 2017

This module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot (CVE-2016-7552). The second is a cmdi flaw using the timezone parameter in the admin_s...

SolarWind LEM Default SSH Password Remote Code Execution Exploit

Disclosed: March 17, 2017

This module exploits the default credentials of SolarWind LEM. A menu system is encountered when the SSH service is accessed with the default username and password which is "cmc" and "password". By exploiting a vulnerability that exist on the menuing script, an attacker can escape from restricted shell. This module was t...

Disk Sorter Enterprise GET Buffer Overflow Exploit

Disclosed: March 15, 2017

This module exploits a stack-based buffer overflow vulnerability in the web interface of Disk Sorter Enterprise v9.5.12, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This module has been tested successfully on Windows 7 SP1 x86.

Github Enterprise Default Session Secret And Deserialization Vulnerability Exploit

Disclosed: March 15, 2017

This module exploits two security issues in Github Enterprise, version 2.8.0 - 2.8.6. The first is that the session management uses a hard-coded secret value, which can be abused to sign a serialized malicious Ruby object. The second problem is due to the use of unsafe deserialization, which allows the malicious Ruby obje...

DnaLIMS Directory Traversal Exploit

Disclosed: March 08, 2017

This module exploits a directory traversal vulnerability found in dnaLIMS. Due to the way the viewAppletFsa.cgi script handles the 'secID' parameter, it is possible to read a file outside the www directory.

dnaLIMS Admin Module Command Execution Exploit

Disclosed: March 08, 2017

This module utilizes an administrative module which allows for command execution. This page is completely unprotected from any authentication when given a POST request.