Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 221 - 230 of 3787 in total

Dlink DIR Routers Unauthenticated HNAP Login Stack Buffer Overflow Exploit

Disclosed: November 07, 2016

Several Dlink routers contain a pre-authentication stack buffer overflow vulnerability, which is exposed on the LAN interface on port 80. This vulnerability affects the HNAP SOAP protocol, which accepts arbitrarily long strings into certain XML parameters and then copies them into the stack. This exploit has been ...

Zyxel/Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064 Exploit

Disclosed: November 07, 2016

Broadband DSL modems manufactured by Zyxel and distributed by some European ISPs are vulnerable to a command injection vulnerability when setting the 'NewNTPServer' value using the TR-64 SOAP-based configuration protocol. In the tested case, no authentication is required to set this value on affected DSL modems. ...

WinaXe 7.7 FTP Client Remote Buffer Overflow Exploit

Disclosed: November 03, 2016

This module exploits a buffer overflow in the WinaXe 7.7 FTP client. This issue is triggered when a client connects to the server and is expecting the Server Ready response.

Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution Exploit

Disclosed: November 01, 2016

This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and allows an attacker to dynamically execute JavaScript code on the server side using an eval. Note that the code uses a '\x2f' character so that we hit the match...

Joomla Account Creation and Privilege Escalation Exploit

Disclosed: October 25, 2016

This module creates an arbitrary account with administrative privileges in Joomla versions 3.4.4 through 3.6.3. If an email server is configured in Joomla, an email will be sent to activate the account (the account is disabled by default).

Hadoop YARN ResourceManager Unauthenticated Command Execution Exploit

Disclosed: October 19, 2016

This module exploits an unauthenticated command execution vulnerability in Apache Hadoop through ResourceManager REST API.

Ruby on Rails Dynamic Render File Upload Remote Code Execution Exploit

Disclosed: October 16, 2016

This module exploits a remote code execution vulnerability in the explicit render method when leveraging user parameters. This module has been tested across multiple versions of Ruby on Rails. The technique used by this module requires the specified endpoint to be using dynamic render paths, such as the following ...

PowerShellEmpire Arbitrary File Upload (Skywalker) Exploit

Disclosed: October 15, 2016

A vulnerability existed in the PowerShellEmpire server prior to commit f030cf62 which would allow an arbitrary file to be written to an attacker controlled location with the permissions of the Empire server. This exploit will write the payload to /tmp/ directory followed by a cron.d file to execute the payload.

Cisco Firepower Management Console 6.0 Post Auth Report Download Directory Traversal Exploit

Disclosed: October 10, 2016

This module exploits a directory traversal vulnerability in Cisco Firepower Management under the context of www user. Authentication is required to exploit this vulnerability.

Cisco Firepower Management Console 6.0 Post Authentication UserAdd Vulnerability Exploit

Disclosed: October 10, 2016

This module exploits a vulnerability found in Cisco Firepower Management Console. The management system contains a configuration flaw that allows the www user to execute the useradd binary, which can be abused to create backdoor accounts. Authentication is required to exploit this vulnerability.