The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.
Disclosed: September 28, 2018
This module exploits a stack buffer overflow in Zahir Enterprise Plus version 6 build 10b and below. The vulnerability is triggered when opening a CSV file containing CR/LF and overly long string characters via Import from other File. This results in overwriting a structured exception handler record.
Disclosed: September 26, 2018
This module exploits insufficient sanitization in the database::protect method, of Navigate CMS versions 2.8 and prior, to bypass authentication. The module then uses a path traversal vulnerability in navigate_upload.php that allows authenticated users to upload PHP files to arbitrary locations. Together these vu...
Disclosed: September 15, 2018
This module exploits a vulnerability in WebKit on Apple iOS. If successful, the device will restart after viewing the webpage.
Disclosed: August 29, 2018
When the WordPress plugin Snap Creek Duplicator restores a backup, it leaves dangerous files in the filesystem such as installer.php and installer-backup.php. These files allow anyone to call a function that overwrite the wp-config.php file AND this function does not sanitize POST parameters before inserting them ...
Disclosed: August 27, 2018
On vulnerable versions of Windows the alpc endpoint method SchRpcSetSecurity implemented by the task scheduler service can be used to write arbitrary DACLs to `.job` files located in `c:\windows\tasks` because the scheduler does not use impersonation when checking this location. Since users can create files in the `c:\win...
Disclosed: August 22, 2018
This module exploits a remote code execution vulnerability in Apache Struts version 2.3 - 2.3.4, and 2.5 - 2.5.16. Remote Code Execution can be performed via an endpoint that makes use of a redirect action. Note that this exploit is dependant on the version of Tomcat running on the target. Versions of Tomcat sta...
Disclosed: August 21, 2018
This module exploits a -dSAFER bypass in Ghostscript to execute arbitrary commands by handling a failed restore (grestore) in PostScript to disable LockSafetyParams and avoid invalidaccess. This vulnerability is reachable via libraries such as ImageMagick, and this module provides the latest vector for Ghostscrip...
Disclosed: August 13, 2018
This module extracts the usernames and hashed passwords of all users of the Pimcore web service by exploiting a SQL injection vulnerability in Pimcore's REST API. Pimcore begins to create password hashes by concatenating a user's username, the name of the application, and the user's password in the format...
Disclosed: August 05, 2018
This module exploits a local privilege escalation bug which exists in microsoft COM for windows when it fails to properly handle serialized objects.
cgit Directory Traversal Exploit
Disclosed: August 03, 2018
This module exploits a directory traversal vulnerability which exists in cgit < 1.2.1 cgit_clone_objects(), reachable when the configuration flag enable-http-clone is set to 1 (default).