Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.

Displaying module details 161 - 170 of 3666 in total

Ruby on Rails Dynamic Render File Upload Remote Code Execution Exploit

Disclosed: October 16, 2016

This module exploits a remote code execution vulnerability in the explicit render method when leveraging user parameters. This module has been tested across multiple versions of Ruby on Rails. The technique used by this module requires the specified endpoint to be using dynamic render paths, such as the following ...

PowerShellEmpire Arbitrary File Upload (Skywalker) Exploit

Disclosed: October 15, 2016

A vulnerability existed in the PowerShellEmpire server prior to commit f030cf62 which would allow an arbitrary file to be written to an attacker controlled location with the permissions of the Empire server. This exploit will write the payload to /tmp/ directory followed by a cron.d file to execute the payload.

Cisco Firepower Management Console 6.0 Post Authentication UserAdd Vulnerability Exploit

Disclosed: October 10, 2016

This module exploits a vulnerability found in Cisco Firepower Management Console. The management system contains a configuration flaw that allows the www user to execute the useradd binary, which can be abused to create backdoor accounts. Authentication is required to exploit this vulnerability.

Cisco Firepower Management Console 6.0 Post Auth Report Download Directory Traversal Exploit

Disclosed: October 10, 2016

This module exploits a directory traversal vulnerability in Cisco Firepower Management under the context of www user. Authentication is required to exploit this vulnerability.

HTA Web Server Exploit

Disclosed: October 06, 2016

This module hosts an HTML Application (HTA) that when opened will run a payload via Powershell. When a user navigates to the HTA file they will be prompted by IE twice before the payload is executed.

Disk Pulse Enterprise Login Buffer Overflow Exploit

Disclosed: October 03, 2016

This module exploits a stack buffer overflow in Disk Pulse Enterprise 9.0.34. If a malicious user sends a malicious HTTP login request, it is possible to execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account. Due to size constraints, this module uses the Egghunter technique.

Cisco IKE Information Disclosure Exploit

Disclosed: September 29, 2016

A vulnerability in Internet Key Exchange version 1 (IKEv1) packet processing code in Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insuffici...

BIND TKEY Query Denial of Service Exploit

Disclosed: September 27, 2016

A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria. This assertion can be triggered even if the apparent source address isn't allowed to make queries.

MagniComp SysInfo mcsiwrapper Privilege Escalation Exploit

Disclosed: September 23, 2016

This module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable load path. This module abuses this functionalit...

BuilderEngine Arbitrary File Upload Vulnerability and execution Exploit

Disclosed: September 18, 2016

This module exploits a vulnerability found in BuilderEngine 3.5.0 via elFinder 2.0. The jquery-file-upload plugin can be abused to upload a malicious file, which would result in arbitrary remote code execution under the context of the web server.