Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.

Displaying module details 1 - 10 of 3761 in total

WebExec Authenticated User Code Execution Exploit

Disclosed: October 24, 2018

This module uses a valid username and password of any level (or password hash) to execute an arbitrary payload. This module is similar to the "psexec" module, except allows any non-guest account by default.

libssh Authentication Bypass Scanner Exploit

Disclosed: October 16, 2018

This module exploits an authentication bypass in libssh server code where a USERAUTH_SUCCESS message is sent in place of the expected USERAUTH_REQUEST message. libssh versions 0.6.0 through 0.7.5 and 0.8.0 through 0.8.3 are vulnerable. Note that this module's success depends on whether the server code can...

blueimp's jQuery (Arbitrary) File Upload Exploit

Disclosed: October 09, 2018

This module exploits an arbitrary file upload in the sample PHP upload handler for blueimp's jQuery File Upload widget in versions <= 9.22.0. Due to a default configuration in Apache 2.3.9+, the widget's .htaccess file may be disabled, enabling exploitation of this vulnerability. This vulnerability has been expl...

WebEx Local Service Permissions Exploit Exploit

Disclosed: October 09, 2018

This module exploits a flaw in the 'webexservice' Windows service, which runs as SYSTEM, can be used to run arbitrary commands locally, and can be started by limited users in default installations.

Cisco Prime Infrastructure Unauthenticated Remote Code Execution Exploit

Disclosed: October 04, 2018

Cisco Prime Infrastructure (CPI) contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege escalation to root by byp...

Zahir Enterprise Plus 6 Stack Buffer Overflow Exploit

Disclosed: September 28, 2018

This module exploits a stack buffer overflow in Zahir Enterprise Plus version 6 build 10b and below. The vulnerability is triggered when opening a CSV file containing CR/LF and overly long string characters via Import from other File. This results in overwriting a structured exception handler record.

Navigate CMS Unauthenticated Remote Code Execution Exploit

Disclosed: September 26, 2018

This module exploits insufficient sanitization in the database::protect method, of Navigate CMS versions 2.8 and prior, to bypass authentication. The module then uses a path traversal vulnerability in navigate_upload.php that allows authenticated users to upload PHP files to arbitrary locations. Together these vu...

iOS Safari Denial of Service with CSS Exploit

Disclosed: September 15, 2018

This module exploits a vulnerability in WebKit on Apple iOS. If successful, the device will restart after viewing the webpage.

Microsoft Windows ALPC Task Scheduler Local Privilege Elevation Exploit

Disclosed: August 27, 2018

On vulnerable versions of Windows the alpc endpoint method SchRpcSetSecurity implemented by the task scheduler service can be used to write arbitrary DACLs to `.job` files located in `c:\windows\tasks` because the scheduler does not use impersonation when checking this location. Since users can create files in the `c:\win...

Apache Struts 2 Namespace Redirect OGNL Injection Exploit

Disclosed: August 22, 2018

This module exploits a remote code execution vulnerability in Apache Struts version 2.3 - 2.3.4, and 2.5 - 2.5.16. Remote Code Execution can be performed via an endpoint that makes use of a redirect action. Note that this exploit is dependant on the version of Tomcat running on the target. Versions of Tomcat sta...