Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 221 - 230 of 3733 in total

DLL Side Loading Vulnerability in VMware Host Guest Client Redirector Exploit

Disclosed: August 05, 2016

A DLL side loading vulnerability was found in the VMware Host Guest Client Redirector, a component of VMware Tools. This issue can be exploited by luring a victim into opening a document from the attacker's share. An attacker can exploit this issue to execute arbitrary code with the privileges of the target user. This can poten...

NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Unauthenticated Remote Code Execution Exploit

Disclosed: August 04, 2016

The NVRmini 2 Network Video Recorder and the ReadyNAS Surveillance application are vulnerable to an unauthenticated remote code execution on the exposed web administration interface. This results in code execution as root in the NVRmini and the 'admin' user in ReadyNAS. This exploit has been tested on several versions of ...

NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Default Configuration Load and Administrator Password Reset Exploit

Disclosed: August 04, 2016

The NVRmini 2 Network Video Recorded and the ReadyNAS Surveillance application are vulnerable to an administrator password reset on the exposed web management interface. Note that this only works for unauthenticated attackers in earlier versions of the Nuuo firmware (before v1.7.6), otherwise you need an administrative us...

NUUO NVRmini 2 / Crystal / NETGEAR ReadyNAS Surveillance Authenticated Remote Code Execution Exploit

Disclosed: August 04, 2016

The NVRmini 2 Network Video Recorder, Crystal NVR and the ReadyNAS Surveillance application are vulnerable to an authenticated remote code execution on the exposed web administration interface. An administrative account is needed to exploit this vulnerability. This results in code execution as root in the NVRmini and the ...

SMB Delivery Exploit

Disclosed: July 26, 2016

This module serves payloads via an SMB server and provides commands to retrieve and execute the generated payloads. Currently supports DLLs and Powershell.

SonicWall Global Management System XMLRPC set_time_zone Unath RCE Exploit

Disclosed: July 22, 2016

This module exploits a vulnerability in SonicWall Global Management System Virtual Appliance versions 8.1 (Build 8110.1197) and below. This virtual appliance can be downloaded from http://www.sonicwall.com/products/sonicwall-gms/ and is used 'in a holistic way to manage your entire network security environment.' ...

Drupal RESTWS Module Remote PHP Code Execution Exploit

Disclosed: July 13, 2016

This module exploits a Remote PHP Code Execution vulnerability in the Drupal RESTWS Module. Unauthenticated users can execute arbitrary code under the context of the web server user. RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this approach allows ...

Drupal CODER Module Remote Command Execution Exploit

Disclosed: July 13, 2016

This module exploits a Remote Command Execution vulnerability in the Drupal CODER Module. Unauthenticated users can execute arbitrary commands under the context of the web server user. The CODER module doesn't sufficiently validate user inputs in a script file that has the PHP extension. A malicious unauthenticat...

Tiki Wiki Unauthenticated File Upload Vulnerability Exploit

Disclosed: July 11, 2016

This module exploits a file upload vulnerability in Tiki Wiki <= 15.1 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user. The issue comes with one of the 3rd party components. Name of that component is ELFinder -version 2.0-. This component come...

NetBSD mail.local Privilege Escalation Exploit

Disclosed: July 07, 2016

This module attempts to exploit a race condition in mail.local with SUID bit set on: NetBSD 7.0 - 7.0.1 (verified on 7.0.1) NetBSD 6.1 - 6.1.5 NetBSD 6.0 - 6.0.6 Successful exploitation relies on a crontab job with root privilege, which may take up to 10min to execute.