Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 111 - 120 of 3764 in total

Gh0st Client buffer Overflow Exploit

Disclosed: July 27, 2017

This module exploits a Memory buffer overflow in the Gh0st client (C2 server)

Docker Daemon - Unprotected TCP Socket Exploit Exploit

Disclosed: July 25, 2017

Utilizing Docker via unprotected tcp socket (2375/tcp, maybe 2376/tcp with tls but without tls-auth), an attacker can create a Docker container with the '/' path mounted with read/write permissions on the host server that is running the Docker container. As the Docker container executes command as uid 0 it is hono...

Nitro Pro PDF Reader 11.0.3.173 Javascript API Remote Code Execution Exploit

Disclosed: July 24, 2017

This module exploits an unsafe Javascript API implemented in Nitro and Nitro Pro PDF Reader version 11. The saveAs() Javascript API function allows for writing arbitrary files to the file system. Additionally, the launchURL() function allows an attacker to execute local files on the file system and bypass the securi...

Supervisor XML-RPC Authenticated Remote Code Execution Exploit

Disclosed: July 19, 2017

This module exploits a vulnerability in the Supervisor process control software, where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this ...

OrientDB 2.2.x Remote Code Execution Exploit

Disclosed: July 13, 2017

This module leverages a privilege escalation on OrientDB to execute unsandboxed OS commands. All versions from 2.2.2 up to 2.2.22 should be vulnerable.

Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution Exploit

Disclosed: July 07, 2017

This module exploits a remote code execution vulnerability in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series. Remote Code Execution can be performed via a malicious field value.

Solaris RSH Stack Clash Privilege Escalation Exploit

Disclosed: June 19, 2017

This module exploits a vulnerability in RSH on unpatched Solaris systems which allows users to gain root privileges. The stack guard page on unpatched Solaris systems is of insufficient size to prevent collisions between the stack and heap memory, aka Stack Clash. This module uploads and executes Qualys'...

SurgeNews User Credentials Exploit

Disclosed: June 16, 2017

This module exploits a vulnerability in the WebNews web interface of SurgeNews on TCP ports 9080 and 8119 which allows unauthenticated users to download arbitrary files from the software root directory; including the user database, configuration files and log files. This module extracts the administrator username...

LNK Code Execution Vulnerability Exploit

Disclosed: June 13, 2017

This module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is similar except an additional SpecialFolderDataBlock is included. The folder ID set ...

LNK Code Execution Vulnerability Exploit

Disclosed: June 13, 2017

This module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is similar except an additional SpecialFolderDataBlock is included. The folder ID set ...