Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 11 - 20 of 3826 in total

Nuuo Central Management Server User Session Token Bruteforce Exploit

Disclosed: October 11, 2018

Nuuo Central Management Server below version 2.4 has a flaw where it sends the heap address of the user object instead of a real session number when a user logs in. This can be used to reduce the keyspace for the session number from 10 million to 1.2 million, and with a bit of analysis it can be guessed in less than 500k ...

Nuuo Central Management Authenticated SQL Server SQLi Exploit

Disclosed: October 11, 2018

The Nuuo Central Management Server allows an authenticated user to query the state of the alarms. This functionality can be abused to inject SQL into the query. As SQL Server 2005 Express is installed by default, xp_cmdshell can be enabled and abused to achieve code execution. This module will either use a provided session numb...

blueimp's jQuery (Arbitrary) File Upload Exploit

Disclosed: October 09, 2018

This module exploits an arbitrary file upload in the sample PHP upload handler for blueimp's jQuery File Upload widget in versions <= 9.22.0. Due to a default configuration in Apache 2.3.9+, the widget's .htaccess file may be disabled, enabling exploitation of this vulnerability. This vulnerability has been expl...

WebEx Local Service Permissions Exploit Exploit

Disclosed: October 09, 2018

This module exploits a flaw in the 'webexservice' Windows service, which runs as SYSTEM, can be used to run arbitrary commands locally, and can be started by limited users in default installations.

Microsoft Excel .SLK Payload Delivery Exploit

Disclosed: October 07, 2018

This module generates a download and execute Powershell command to be placed in an .SLK Excel spreadsheet. When executed, it will retrieve a payload via HTTP from a web server. When the file is opened, the user will be prompted to "Enable Content." Once this is pressed, the payload will execute.

Malicious Git HTTP Server For CVE-2018-17456 Exploit

Disclosed: October 05, 2018

This module exploits CVE-2018-17456, which affects Git versions 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, and 2.19.1 and lower. When a submodule url which starts with a dash e.g "-u./payload" is passed as an argument to git clone, the file "payload" inside the repository is executed. This module ...

Cisco Prime Infrastructure Unauthenticated Remote Code Execution Exploit

Disclosed: October 04, 2018

Cisco Prime Infrastructure (CPI) contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege escalation to root by byp...

Zahir Enterprise Plus 6 Stack Buffer Overflow Exploit

Disclosed: September 28, 2018

This module exploits a stack buffer overflow in Zahir Enterprise Plus version 6 build 10b and below. The vulnerability is triggered when opening a CSV file containing CR/LF and overly long string characters via Import from other File. This results in overwriting a structured exception handler record.

Navigate CMS Unauthenticated Remote Code Execution Exploit

Disclosed: September 26, 2018

This module exploits insufficient sanitization in the database::protect method, of Navigate CMS versions 2.8 and prior, to bypass authentication. The module then uses a path traversal vulnerability in navigate_upload.php that allows authenticated users to upload PHP files to arbitrary locations. Together these vu...

iOS Safari Denial of Service with CSS Exploit

Disclosed: September 15, 2018

This module exploits a vulnerability in WebKit on Apple iOS. If successful, the device will restart after viewing the webpage.