Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.

Displaying module details 1 - 10 of 3701 in total

QNAP Q'Center change_passwd Command Execution Exploit

Disclosed: July 11, 2018

This module exploits a command injection vulnerability in the `change_passwd` API method within the web interface of QNAP Q'Center virtual appliance versions prior to 1.7.1083. The vulnerability allows the 'admin' privileged user account to execute arbitrary commands as the 'admin' operating system user. ...

CMS Made Simple Authenticated RCE via File Upload/Copy Exploit

Disclosed: July 03, 2018

CMS Made Simple allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory. This module has been successfully tested on CMS Made Simple versions 2.2.5 and 2.2.7.

Manage Engine Exchange Reporter Plus Unauthenticated RCE Exploit

Disclosed: June 28, 2018

This module exploits a remote code execution vulnerability that exists in Exchange Reporter Plus <= 5310, caused by execution of bcp.exe file inside ADSHACluster servlet

HP VAN SDN Controller Root Command Injection Exploit

Disclosed: June 25, 2018

This module exploits a hardcoded service token or default credentials in HPE VAN SDN Controller <= to execute a payload as root. A root command injection was discovered in the uninstall action's name parameter, obviating the need to use sudo for privilege escalation. If the service token option TOKEN...

phpMyAdmin Authenticated Remote Code Execution Exploit

Disclosed: June 19, 2018

phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1.

WebKitGTK+ WebKitFaviconDatabase DoS Exploit

Disclosed: June 03, 2018

This module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If successful, it could lead to application crash, resulting in denial of service.

Quest KACE Systems Management Command Injection Exploit

Disclosed: May 31, 2018

This module exploits a command injection vulnerability in Quest KACE Systems Management Appliance version 8.0.318 (and possibly prior). The `download_agent_installer.php` file allows unauthenticated users to execute arbitrary commands as the web server user `www`. A valid Organization ID is required. The default...

IBM QRadar SIEM Unauthenticated Remote Code Execution Exploit

Disclosed: May 28, 2018

IBM QRadar SIEM has three vulnerabilities in the Forensics web application that when chained together allow an attacker to achieve unauthenticated remote code execution. The first stage bypasses authentication by fixating session cookies. The second stage uses those authenticated sessions cookies to write a file to disk ...

DHCP Client Command Injection (DynoRoot) Exploit

Disclosed: May 15, 2018

This module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could u...

Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability Exploit

Disclosed: May 08, 2018

This module exploits a vulnerability in a statement in the system programming guide of the Intel 64 and IA-32 architectures software developer's manual being mishandled in various operating system kerneles, resulting in unexpected behavior for #DB excpetions that are deferred by MOV SS or POP SS. This module will...