Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.

Displaying module details 11 - 20 of 3854 in total

Total.js prior to 3.2.4 Directory Traversal Exploit

Disclosed: February 18, 2019

This module check and exploits a directory traversal vulnerability in Total.js prior to 3.2.4. Here is a list of accepted extensions: flac, jpg, jpeg, png, gif, ico, js, css, txt, xml, woff, woff2, otf, ttf, eot, svg, zip, rar, pdf, docx, xlsx, doc, xls, html, htm, appcache, manifest, map, ogv, ogg, mp4, mp3, webp, webm,...

Cisco RV320/RV326 Configuration Disclosure Exploit

Disclosed: January 24, 2019

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnera...

Webmin Upload Authenticated RCE Exploit

Disclosed: January 17, 2019

This module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the 'Running Processes' (proc) privilege is set the user can accurately determine which...

Microsoft Windows Contact File Format Arbitary Code Execution Exploit

Disclosed: January 17, 2019

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw is due to the processing of ".contact" files <c:Url> node param which takes an ...

BMC Patrol Agent Privilege Escalation Cmd Execution Exploit

Disclosed: January 17, 2019

This module leverages the remote command execution feature provided by the BMC Patrol Agent software. It can also be used to escalate privileges on Windows hosts as the software runs as SYSTEM but only verfies that the password of the provided user is correct. This also means if the software is running on a domain...

ES File Explorer Open Port Exploit

Disclosed: January 16, 2019

This module connects to ES File Explorer's HTTP server to run certain commands. The HTTP server is started on app launch, and is available as long as the app is open. Version and below are reported vulnerable This module has been tested against

Jenkins ACL Bypass and Metaprogramming RCE Exploit

Disclosed: January 08, 2019

This module exploits a vulnerability in Jenkins dynamic routing to bypass the Overall/Read ACL and leverage Groovy metaprogramming to download and execute a malicious JAR file. The ACL bypass gadget is specific to Jenkins <= 2.137 and will not work on later versions of Jenkins. Tested against Jenkins 2.1...

Mailcleaner Remote Code Execution Exploit

Disclosed: December 19, 2018

This module exploits the command injection vulnerability of MailCleaner Community Edition product. An authenticated user can execute an operating system command under the context of the web server user which is root. /admin/managetracing/search/search endpoint takes several user inputs and then pass them to the internal service ...

Linux Nested User Namespace idmap Limit Local Privilege Escalation Exploit

Disclosed: November 15, 2018

This module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow elevation to root (CVE-2018-18955). The target system must have unprivileged user namespaces enabled and the newuidm...

WordPress WP GDPR Compliance Plugin Privilege Escalation Exploit

Disclosed: November 08, 2018

The Wordpress GDPR Compliance plugin <= v1.4.2 allows unauthenticated users to set wordpress administration options by overwriting values within the database. The vulnerability is present in WordPress’s admin-ajax.php, which allows unauthorized users to trigger handlers and make configuration changes because of a failure...