Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 11 - 20 of 3414 in total

Easy File Sharing FTP Server 3.6 Directory Traversal Exploit

Disclosed: March 07, 2017

This module exploits a directory traversal vulnerability found in Easy File Sharing FTP Server Version 3.6 and Earlier. This vulnerability allows an attacker to download arbitrary files from the server by crafting a RETR command that includes file system traversal strings such as '../'

Apache Struts Jakarta Multipart Parser OGNL Injection Exploit

Disclosed: March 07, 2017

This module exploits a remote code execution vunlerability in Apache Struts version 2.3.5 - 2.3.31, and 2.5 - 2.5.10. Remote Code Execution can be performed via http Content-Type header. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, whic...

SysGauge SMTP Validation Buffer Overflow Exploit

Disclosed: February 28, 2017

This module will setup an SMTP server expecting a connection from SysGauge 1.5.18 via its SMTP server validation. The module sends a malicious response along in the 220 service ready response and exploits the client, resulting in an unprivileged shell.

Logsign Remote Command Injection Exploit

Disclosed: February 26, 2017

This module exploits an command injection vulnerability in Logsign. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the root user. Logsign has a publicly accessible endpoint. That endpoint takes a user input and then use it during operating system command execution without...

Kodi 17.0 Local File Inclusion Vulnerability Exploit

Disclosed: February 12, 2017

This module exploits a directory traversal flaw found in Kodi before 17.1.

Apache OpenOffice Text Document Malicious Macro Execution Exploit

Disclosed: February 08, 2017

This module generates an Apache OpenOffice Text Document with a malicious macro in it. To exploit successfully, the targeted user must adjust the security level in Macro Security to either Medium or Low. If set to Medium, a prompt is presented to the user to enable or disable the macro. If set to Low, the macro can automa...

Piwik Superuser Plugin Upload Exploit

Disclosed: February 05, 2017

This module will generate a plugin, pack the payload into it and upload it to a server running Piwik. Superuser Credentials are required to run this module. This module does not work against Piwik 1 as there is no option to upload custom plugins. Piwik disabled custom plugin uploads in version 3.0.3. From ...

WordPress REST API Content Injection Exploit

Disclosed: February 01, 2017

This module exploits a content injection vulnerability in WordPress versions 4.7 and 4.7.1 via type juggling in the REST API.

AlienVault OSSIM/USM Remote Code Execution Exploit

Disclosed: January 31, 2017

This module exploits object injection, authentication bypass and ip spoofing vulnerabities all together. Unauthenticated users can execute arbitrary commands under the context of the root user. By abusing authentication bypass issue on gauge.php lead adversaries to exploit object injection vulnerability which leads to SQ...

QNAP NAS/NVR Administrator Hash Disclosure Exploit

Disclosed: January 31, 2017

This module exploits combined heap and stack buffer overflows for QNAP NAS and NVR devices to dump the admin (root) shadow hash from memory via an overwrite of __libc_argv[0] in the HTTP-header-bound glibc backtrace. A binary search is performed to find the correct offset for the BOFs. Since the server forks, bli...