Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 11 - 20 of 3743 in total

Dicoogle PACS Web Server Directory Traversal Exploit

Disclosed: July 11, 2018

This module exploits an unauthenticated directory traversal vulnerability in the Dicoogle PACS Web Server v2.5.0 and possibly earlier, allowing an attacker to read arbitrary files with the web server privileges. While the application is java based, the directory traversal was only successful against Windows targets.

CMS Made Simple Authenticated RCE via File Upload/Copy Exploit

Disclosed: July 03, 2018

CMS Made Simple allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory. This module has been successfully tested on CMS Made Simple versions 2.2.5 and 2.2.7.

Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow Exploit

Disclosed: July 02, 2018

This module exploits a stack based buffer overflow in Delta Electronics Delta Industrial Automation COMMGR 1.08. The vulnerability exists in COMMGR.exe when handling specially crafted packets. This module has been tested successfully on Delta Electronics Delta Industrial Automation COMMGR 1.08 over Windows XP SP...

Manage Engine Exchange Reporter Plus Unauthenticated RCE Exploit

Disclosed: June 28, 2018

This module exploits a remote code execution vulnerability that exists in Exchange Reporter Plus <= 5310, caused by execution of bcp.exe file inside ADSHACluster servlet

Wordpress Arbitrary File Deletion Exploit

Disclosed: June 26, 2018

An arbitrary file deletion vulnerability in the WordPress core allows any user with privileges of an Author to completely take over the WordPress site and to execute arbitrary code on the server.

HP VAN SDN Controller Root Command Injection Exploit

Disclosed: June 25, 2018

This module exploits a hardcoded service token or default credentials in HPE VAN SDN Controller <= 2.7.18.0503 to execute a payload as root. A root command injection was discovered in the uninstall action's name parameter, obviating the need to use sudo for privilege escalation. If the service token option TOKEN...

MicroFocus Secure Messaging Gateway Remote Code Execution Exploit

Disclosed: June 19, 2018

This module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application without input validation and/or parameter bindin...

phpMyAdmin Authenticated Remote Code Execution Exploit

Disclosed: June 19, 2018

phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1.

Axis Network Camera .srv to parhand RCE Exploit

Disclosed: June 18, 2018

This module exploits an auth bypass in .srv functionality and a command injection in parhand to execute code as the root user.

Cisco ASA Directory Traversal Exploit

Disclosed: June 06, 2018

This module exploits a directory traversal vulnerability in Cisco's Adaptive Security Appliance (ASA) software and Firepower Threat Defense (FTD) software. It lists the contents of Cisco's VPN web service which includes directories, files, and currently logged in users.