Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 121 - 130 of 3666 in total

MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution Exploit

Disclosed: March 14, 2017

This module will exploit SMB with vulnerabilities in MS17-010 to achieve a write-what-where primitive. This will then be used to overwrite the connection session information with as an Administrator session. From there, the normal psexec payload code execution is done. Exploits a type confusion between Transaction and Wr...

Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload Exploit

Disclosed: March 14, 2017

This module exploits an unrestricted file upload vulnerability in Web Viewer 1.0.0.193 on Samsung SRN-1670D devices. The network_ssl_upload.php file allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to th...

DnaLIMS Directory Traversal Exploit

Disclosed: March 08, 2017

This module exploits a directory traversal vulnerability found in dnaLIMS. Due to the way the viewAppletFsa.cgi script handles the 'secID' parameter, it is possible to read a file outside the www directory.

dnaLIMS Admin Module Command Execution Exploit

Disclosed: March 08, 2017

This module utilizes an administrative module which allows for command execution. This page is completely unprotected from any authentication when given a POST request.

Apache Struts Jakarta Multipart Parser OGNL Injection Exploit

Disclosed: March 07, 2017

This module exploits a remote code execution vulnerability in Apache Struts version 2.3.5 - 2.3.31, and 2.5 - 2.5.10. Remote Code Execution can be performed via http Content-Type header. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, whic...

Easy File Sharing FTP Server 3.6 Directory Traversal Exploit

Disclosed: March 07, 2017

This module exploits a directory traversal vulnerability found in Easy File Sharing FTP Server Version 3.6 and Earlier. This vulnerability allows an attacker to download arbitrary files from the server by crafting a RETR command that includes file system traversal strings such as '../'

DC/OS Marathon UI Docker Exploit Exploit

Disclosed: March 03, 2017

Utilizing the DCOS Cluster's Marathon UI, an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to ed...

SysGauge SMTP Validation Buffer Overflow Exploit

Disclosed: February 28, 2017

This module will setup an SMTP server expecting a connection from SysGauge 1.5.18 via its SMTP server validation. The module sends a malicious response along in the 220 service ready response and exploits the client, resulting in an unprivileged shell.

Logsign Remote Command Injection Exploit

Disclosed: February 26, 2017

This module exploits a command injection vulnerability in Logsign. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the root user. Logsign has a publicly accessible endpoint. That endpoint takes a user input and then use it during operating system command execution without ...

Netgear DGN2200 dnslookup.cgi Command Injection Exploit

Disclosed: February 25, 2017

This module exploits a command injection vulnerablity in NETGEAR DGN2200v1/v2/v3/v4 routers by sending a specially crafted post request with valid login details.