The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.
Disclosed: October 07, 2017
This module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 443 by default. Trend Micro IMSVA product have wid...
Tomcat RCE via JSP Upload Bypass Exploit
Disclosed: October 03, 2017
This module uploads a jsp payload and executes it.
Disclosed: October 03, 2017
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebDMDebugServlet, which listens on TCP ports 8080 and 8443 by ...
Disclosed: September 29, 2017
This module exploits a file upload vulnerability in phpCollab 2.5.1 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user. The exploit has been tested on Ubuntu 16.04.3 64-bit
Disclosed: September 23, 2017
This module exploits a stack buffer overflow in CyberLink LabelPrint 2.5 and below. The vulnerability is triggered when opening a .lpp project file containing overly long string characters via open file menu. This results in overwriting a structured exception handler record and take over the application. This module has b...
Disclosed: September 19, 2017
This module exploits the command injection vulnerability of DenyAll Web Application Firewall. Unauthenticated users can execute a terminal command under the context of the web server user.
Apache Optionsbleed Scanner Exploit
Disclosed: September 18, 2017
This module scans for the Apache optionsbleed vulnerability where the Allow response header returned from an OPTIONS request may bleed memory if the server has a .htaccess file with an invalid Limit method defined.
Disclosed: September 17, 2017
Module exploits a vulnerability in the eval command present in Xdebug versions 2.5.5 and below. This allows the attacker to execute arbitrary php code as the context of the web user.
Disclosed: September 12, 2017
This module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hardcoded cookie secret which allows to sign arbitrary cookie data. After passing this signature ch...
Disclosed: September 05, 2017
Apache Struts versions 2.1.2 - 2.3.33 and Struts 2.5 - Struts 2.5.12, using the REST plugin, are vulnerable to a Java deserialization attack in the XStream library.