Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 221 - 230 of 3570 in total

Redis File Upload Exploit

Disclosed: November 11, 2015

This module can be used to leverage functionality exposed by Redis to achieve somewhat arbitrary file upload to a file and directory to which the user account running the redis instance has access. It is not totally arbitrary because the exact contents of the file cannot be completely controlled given the...

Oracle BeeHive 2 voice-servlet prepareAudioToPlay() Arbitrary File Upload Exploit

Disclosed: November 10, 2015

This module exploits a vulnerability found in Oracle BeeHive. The prepareAudioToPlay method found in voice-servlet can be abused to write a malicious file onto the target machine, and gain remote arbitrary code execution under the context of SYSTEM. Authentication is not required to exploit this vulnerability.

IBM WebSphere RCE Java Deserialization Vulnerability Exploit

Disclosed: November 06, 2015

This module exploits a vulnerability in IBM's WebSphere Application Server. An unsafe deserialization call of unauthenticated Java objects exists to the Apache Commons Collections (ACC) library, which allows remote arbitrary code execution. Authentication is not required in order to exploit this vulnerability.

OpenNMS Java Object Unserialization Remote Code Execution Exploit

Disclosed: November 06, 2015

This module exploits a vulnerability in the OpenNMS Java object which allows an unauthenticated attacker to run arbitrary code against the system.

vBulletin 5.1.2 Unserialize Code Execution Exploit

Disclosed: November 04, 2015

This module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9

Atlassian HipChat for Jira Plugin Velocity Template Injection Exploit

Disclosed: October 28, 2015

Atlassian Hipchat is a web service for internal instant messaging. A plugin is available for Jira that allows team collaboration at real time. A message can be used to inject Java code into a Velocity template, and gain code execution as Jira. Authentication is required to exploit this vulnerability, and you must make sur...

China Chopper Caidao PHP Backdoor Code Execution Exploit

Disclosed: October 27, 2015

This module takes advantage of the China Chopper Webshell that is commonly used by Chinese hackers.

Joomla Content History SQLi Remote Code Execution Exploit

Disclosed: October 23, 2015

This module exploits a SQL injection vulnerability found in Joomla versions 3.2 up to 3.4.4. The vulnerability exists in the Content History administrator component in the core of Joomla. Triggering the SQL injection makes it possible to retrieve active Super User sessions. The cookie can be used to login to the J...

Joomla com_contenthistory Error-Based SQL Injection Exploit

Disclosed: October 22, 2015

This module exploits a SQL injection vulnerability in Joomla versions 3.2 through 3.4.4 in order to either enumerate usernames and password hashes.

Joomla Real Estate Manager Component Error-Based SQL Injection Exploit

Disclosed: October 22, 2015

This module exploits a SQL injection vulnerability in Joomla Plugin com_realestatemanager versions 3.7 in order to either enumerate usernames and password hashes.