Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 11 - 20 of 3536 in total

Trend Micro OfficeScan Remote Code Execution Exploit

Disclosed: October 07, 2017

This module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 443 by default. The Trend Micro Officescan product ...

Tomcat RCE via JSP Upload Bypass Exploit

Disclosed: October 03, 2017

This module uploads a jsp payload and executes it.

DenyAll Web Application Firewall Remote Code Execution Exploit

Disclosed: September 19, 2017

This module exploits the command injection vulnerability of DenyAll Web Application Firewall. Unauthenticated users can execute a terminal command under the context of the web server user.

Apache Optionsbleed Scanner Exploit

Disclosed: September 18, 2017

This module scans for the Apache optionsbleed vulnerability where the Allow response header returned from an OPTIONS request may bleed memory if the server has a .htaccess file with an invalid Limit method defined.

Apache Struts 2 REST Plugin XStream RCE Exploit

Disclosed: September 05, 2017

Apache Struts versions 2.1.2 - 2.3.33 and Struts 2.5 - Struts 2.5.12, using the REST plugin, are vulnerable to a Java deserialization attack in the XStream library.

Mako Server v2.5, 2.6 OS Command Injection RCE Exploit

Disclosed: September 03, 2017

This module exploits a vulnerability found in Mako Server v2.5, 2.6. It's possible to inject arbitrary OS commands in the Mako Server tutorial page through a PUT request to save.lsp. Attacker input will be saved on the victims machine and can be executed by sending a GET request to manage.lsp.

IBM Notes encodeURI DOS Exploit

Disclosed: August 31, 2017

This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes. If successful, it could cause the Notes client to hang and have to be restarted.

IBM Notes Denial Of Service Exploit

Disclosed: August 31, 2017

This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes. If successful, the browser will crash after viewing the webpage.

Disk Pulse Enterprise GET Buffer Overflow Exploit

Disclosed: August 25, 2017

This module exploits an SEH buffer overflow in Disk Pulse Enterprise 9.9.16. If a malicious user sends a crafted HTTP GET request it is possible to execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account.

Malicious Git HTTP Server For CVE-2017-1000117 Exploit

Disclosed: August 10, 2017

This module exploits CVE-2017-1000117, which affects Git version 2.7.5 and lower. A submodule of the form 'ssh://' can be passed parameters from the username incorrectly. This can be used to inject commands to the operating system when the submodule is cloned. This module creates a fake git repository whi...