The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.
Cisco IOS Telnet Denial of Service Exploit
Disclosed: March 17, 2017
This module triggers a Denial of Service condition in the Cisco IOS telnet service affecting multiple Cisco switches. Tested against Cisco Catalyst 2960 and 3750.
Sync Breeze Enterprise GET Buffer Overflow Exploit
Disclosed: March 15, 2017
This module exploits a stack-based buffer overflow vulnerability in the web interface of Sync Breeze Enterprise v9.4.28, v10.0.28, and v10.1.16, caused by improper bounds checking of the request in HTTP GET and POST requests sent to the built-in web server. This module has been tested successfully on Windows 7 SP1...
Github Enterprise Default Session Secret And Deserialization Vulnerability Exploit
Disclosed: March 15, 2017
This module exploits two security issues in Github Enterprise, version 2.8.0 - 2.8.6. The first is that the session management uses a hard-coded secret value, which can be abused to sign a serialized malicious Ruby object. The second problem is due to the use of unsafe deserialization, which allows the malicious Ruby obje...
VX Search Enterprise GET Buffer Overflow Exploit
Disclosed: March 15, 2017
This module exploits a stack-based buffer overflow vulnerability in the web interface of VX Search Enterprise v9.5.12, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This module has been tested successfully on Windows 7 SP1 x86.
Disk Sorter Enterprise GET Buffer Overflow Exploit
Disclosed: March 15, 2017
This module exploits a stack-based buffer overflow vulnerability in the web interface of Disk Sorter Enterprise v9.5.12, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This module has been tested successfully on Windows 7 SP1 x86.
Dup Scout Enterprise GET Buffer Overflow Exploit
Disclosed: March 15, 2017
This module exploits a stack-based buffer overflow vulnerability in the web interface of Dup Scout Enterprise v9.5.14, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This module has been tested successfully on Windows 7 SP1 x86.
Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload Exploit
Disclosed: March 14, 2017
This module exploits an unrestricted file upload vulnerability in Web Viewer 1.0.0.193 on Samsung SRN-1670D devices. The network_ssl_upload.php file allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to th...
MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution Exploit
Disclosed: March 14, 2017
This module will exploit SMB with vulnerabilities in MS17-010 to achieve a write-what-where primitive. This will then be used to overwrite the connection session information with as an Administrator session. From there, the normal psexec payload code execution is done. Exploits a type confusion between Transaction and Wr...
MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution Exploit
Disclosed: March 14, 2017
This module will exploit SMB with vulnerabilities in MS17-010 to achieve a write-what-where primitive. This will then be used to overwrite the connection session information with as an Administrator session. From there, the normal psexec command execution is done. Exploits a type confusion between Transaction and ...
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption Exploit
Disclosed: March 14, 2017
This module is a port of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memmove operation in Srv!SrvOs2FeaToNt. The size is calculated in Srv!SrvOs2FeaListSizeToNt, with mathematical error where a DWORD is subtracted into a WORD. The ke...