Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.

Displaying module details 161 - 170 of 3718 in total

Apache OpenOffice Text Document Malicious Macro Execution Exploit

Disclosed: February 08, 2017

This module generates an Apache OpenOffice Text Document with a malicious macro in it. To exploit successfully, the targeted user must adjust the security level in Macro Security to either Medium or Low. If set to Medium, a prompt is presented to the user to enable or disable the macro. If set to Low, the macro can automa...

Piwik Superuser Plugin Upload Exploit

Disclosed: February 05, 2017

This module will generate a plugin, pack the payload into it and upload it to a server running Piwik. Superuser Credentials are required to run this module. This module does not work against Piwik 1 as there is no option to upload custom plugins. Piwik disabled custom plugin uploads in version 3.0.3. From ...

Postfixadmin Protected Alias Deletion Vulnerability Exploit

Disclosed: February 03, 2017

Postfixadmin installations between 2.91 and 3.0.1 do not check if an admin is allowed to delete protected aliases. This vulnerability can be used to redirect protected aliases to an other mail address. Eg. rewrite the postmaster@domain alias

WordPress REST API Content Injection Exploit

Disclosed: February 01, 2017

This module exploits a content injection vulnerability in WordPress versions 4.7 and 4.7.1 via type juggling in the REST API.

QNAP NAS/NVR Administrator Hash Disclosure Exploit

Disclosed: January 31, 2017

This module exploits combined heap and stack buffer overflows for QNAP NAS and NVR devices to dump the admin (root) shadow hash from memory via an overwrite of __libc_argv[0] in the HTTP-header-bound glibc backtrace. A binary search is performed to find the correct offset for the BOFs. Since the server forks, bli...

Disk Savvy Enterprise v10.4.18 Exploit

Disclosed: January 31, 2017

This module exploits a stack-based buffer overflow vulnerability in Disk Savvy Enterprise v10.4.18, caused by improper bounds checking of the request sent to the built-in server. This module has been tested successfully on Windows 7 SP1 x86.

AlienVault OSSIM/USM Remote Code Execution Exploit

Disclosed: January 31, 2017

This module exploits object injection, authentication bypass and ip spoofing vulnerabilities all together. Unauthenticated users can execute arbitrary commands under the context of the root user. By abusing authentication bypass issue on gauge.php lead adversaries to exploit object injection vulnerability which leads to ...

Geutebrueck GCore - GCoreServer.exe Buffer Overflow RCE Exploit

Disclosed: January 24, 2017

This module exploits a stack Buffer Overflow in the GCore server (GCoreServer.exe). The vulnerable webserver is running on Port 13003 and Port 13004, does not require authentication and affects all versions from 2003 till July 2016 (Version 1.4.YYYYY).

Cisco WebEx Chrome Extension RCE (CVE-2017-3823) Exploit

Disclosed: January 21, 2017

This module exploits a vulnerability present in the Cisco WebEx Chrome Extension version 1.0.1 which allows an attacker to execute arbitrary commands on a system.

Advantech WebAccess 8.1 Post Authentication Credential Collector Exploit

Disclosed: January 21, 2017

This module allows you to log into Advantech WebAccess 8.1, and collect all of the credentials. Although authentication is required, any level of user permission can exploit this vulnerability. Note that 8.2 is not suitable for this.