Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 1 - 10 of 3536 in total

Mac OS X Root Privilege Escalation Exploit

Disclosed: November 29, 2017

This module exploits a serious flaw in MacOSX High Sierra. Any user can login with user "root", leaving an empty password.

Clickjacking Vulnerability In CSRF Error Page pfSense Exploit

Disclosed: November 21, 2017

This module exploits a Clickjacking vulnerability in pfSense <= 2.4.1. pfSense is a free and open source firewall and router. It was found that the pfSense WebGUI is vulnerable to Clickjacking. By tricking an authenticated admin into interacting with a specially crafted webpage it is possible for an attacker ...

Microsoft Office CVE-2017-11882 Exploit

Disclosed: November 15, 2017

Module exploits a flaw in how the Equation Editor that allows an attacker to execute arbitrary code in RTF files without interaction. The vulnerability is caused by the Equation Editor, to which fails to properly handle OLE objects in memory.

Dup Scout Enterprise Login Buffer Overflow Exploit

Disclosed: November 14, 2017

This module exploits a stack buffer overflow in Dup Scout Enterprise 10.0.18. The buffer overflow exists via the web interface during login. This gives NT AUTHORITY\SYSTEM access.

Polycom Shell HDX Series Traceroute Command Execution Exploit

Disclosed: November 12, 2017

Within Polycom command shell, a command execution flaw exists in lan traceroute, one of the dev commands, which allows for an attacker to execute arbitrary payloads with telnet or openssl.

pfSense authenticated group member RCE Exploit

Disclosed: November 06, 2017

pfSense, a free BSD based open source firewall distribution, version <= 2.3.1_1 contains a remote command execution vulnerability post authentication in the system_groupmanager.php page. Verified against 2.2.6 and 2.3.

Advantech WebAccess Webvrpcs Service Opcode 80061 Stack Buffer Overflow Exploit

Disclosed: November 02, 2017

This module exploits a stack buffer overflow in Advantech WebAccess 8.2. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code.

Microsoft Office DDE Payload Delivery Exploit

Disclosed: October 09, 2017

This module generates an DDE command to place within a word document, that when executed, will retrieve a HTA payload via HTTP from an web server.

Easy Chat Server User Registeration Buffer Overflow (SEH) Exploit

Disclosed: October 09, 2017

This module exploits a buffer overflow during user registration in Easy Chat Server software.

Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution Exploit

Disclosed: October 07, 2017

This module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 443 by default. Trend Micro IMSVA product have wid...