The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.
Geutebrueck GCore - GCoreServer.exe Buffer Overflow RCE Exploit
Disclosed: January 24, 2017
This module exploits a stack Buffer Overflow in the GCore server (GCoreServer.exe). The vulnerable webserver is running on Port 13003 and Port 13004, does not require authentication and affects all versions from 2003 till July 2016 (Version 1.4.YYYYY).
Advantech WebAccess 8.1 Post Authentication Credential Collector Exploit
Disclosed: January 21, 2017
This module allows you to log into Advantech WebAccess 8.1, and collect all of the credentials. Although authentication is required, any level of user permission can exploit this vulnerability. Note that 8.2 is not suitable for this.
Cisco WebEx Chrome Extension RCE (CVE-2017-3823) Exploit
Disclosed: January 21, 2017
This module exploits a vulnerability present in the Cisco WebEx Chrome Extension version 1.0.1 which allows an attacker to execute arbitrary commands on a system.
Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution Exploit
Disclosed: January 15, 2017
This module exploits a command injection vulnerability in the Trend Micro IMSVA product. An authenticated user can execute a terminal command under the context of the web server user which is root. Besides, default installation of IMSVA comes with a default administrator credentials. saveCert.imss endpoint takes ...
Debian/Ubuntu ntfs-3g Local Privilege Escalation Exploit
Disclosed: January 05, 2017
ntfs-3g mount helper in Ubuntu 16.04, 16.10, Debian 7, 8, and possibly 9 does not properly sanitize the environment when executing modprobe. This can be abused to load a kernel module and execute a binary payload as the root user.
TrueOnline / ZyXEL P660HN-T v2 Router Authenticated Command Injection Exploit
Disclosed: December 26, 2016
TrueOnline is a major ISP in Thailand, and it distributes a customized version of the ZyXEL P660HN-T v2 router. This customized version has an authenticated command injection vulnerability in the remote log forwarding page. This can be exploited using the "supervisor" account that comes with a default password on the devi...
TrueOnline / Billion 5200W-T Router Unauthenticated Command Injection Exploit
Disclosed: December 26, 2016
TrueOnline is a major ISP in Thailand, and it distributes a customized version of the Billion 5200W-T router. This customized version has at least two command injection vulnerabilities, one authenticated and one unauthenticated, on different firmware versions. This module will attempt to exploit the unauthenticated inject...
PHPMailer Sendmail Argument Injection Exploit
Disclosed: December 26, 2016
PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This module writes a payload to the web root of the ...
TrueOnline / ZyXEL P660HN-T v1 Router Unauthenticated Command Injection Exploit
Disclosed: December 26, 2016
TrueOnline is a major ISP in Thailand, and it distributes a customized version of the ZyXEL P660HN-T v1 router. This customized version has an unauthenticated command injection vulnerability in the remote log forwarding page. This module was tested in an emulated environment, as the author doesn't have access to the ...
NETGEAR WNR2000v5 Administrator Password Recovery Exploit
Disclosed: December 20, 2016
The NETGEAR WNR2000 router has a vulnerability in the way it handles password recovery. This vulnerability can be exploited by an unauthenticated attacker who is able to guess the value of a certain timestamp which is in the configuration of the router. Brute forcing the timestamp token might take a few minutes, a few hou...