The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.
Disclosed: June 12, 2017
This module exploits a POST buffer overflow in the Easy File Sharing FTP Server 7.2 software.
IPFire proxy.cgi RCE Exploit
Disclosed: June 09, 2017
IPFire, a free linux based open source firewall distribution, version < 2.19 Update Core 110 contains a remote command execution vulnerability in the ids.cgi page in the OINKCODE field.
Disclosed: June 06, 2017
This module will create a permanent WMI event subscription to achieve file-less persistence using one of five methods. The EVENT method will create an event filter that will query the event log for an EVENT_ID_TRIGGER (default: failed logon request id 4625) that also contains a specified USERNAME_TRIGGER (note: failed logon a...
Riverbed SteelHead VCX File Read Exploit
Disclosed: June 01, 2017
This module exploits an authenticated arbitrary file read in the log module's filter engine. SteelHead VCX (VCX255U) version 9.6.0a was confirmed as vulnerable.
Disclosed: May 30, 2017
This module exploits an unauthenticated remote PHP code execution vulnerability in IBM OpenAdmin Tool included with IBM Informix versions 11.5, 11.7, and 12.1. The 'welcomeServer' SOAP service does not properly validate user input in the 'new_home_page' parameter of the 'saveHomePage' method allowing arbi...
ScadaBR Credentials Dumper Exploit
Disclosed: May 28, 2017
This module retrieves credentials from ScadaBR, including service credentials and unsalted SHA1 password hashes for all users, by invoking the 'EmportDwr.createExportData' DWR method of Mango M2M which is exposed to all authenticated users regardless of privilege level. This module has been tested success...
Disclosed: May 26, 2017
This module exploits a vulnerability in VICIdial versions 2.9 RC 1 to 2.13 RC1 which allows unauthenticated users to execute arbitrary operating system commands as the web server user if password encryption is enabled (disabled by default). When password encryption is enabled the user's password s...
Disclosed: May 22, 2017
This module exploits a vulnerability in VMware Workstation Pro and Player on Linux which allows users to escalate their privileges by using an ALSA configuration file to load and execute a shared object as root when launching a virtual machine with an attached sound card. This module has been tested successfully ...
Disclosed: May 21, 2017
This module exploits a code injection vulnerability within an authenticated file upload feature in PlaySMS v1.4. This issue is caused by improper file name handling in sendfromfile.php file. Authenticated Users can upload a file and rename the file with a malicious payload. This module was tested against P...
Disclosed: May 21, 2017
This module exploits an authenticated file upload remote code excution vulnerability in PlaySMS Version 1.4. This issue is caused by improper file contents handling in import.php (aka the Phonebook import feature). Authenticated Users can upload a CSV file containing a malicious payload via vectors involving the Use...