Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 231 - 240 of 3570 in total

Safari User-Assisted Applescript Exec Attack Exploit

Disclosed: October 16, 2015

In versions of Mac OS X before 10.11.1, the applescript:// URL scheme is provided, which opens the provided script in the Applescript Editor. Pressing cmd-R in the Editor executes the code without any additional confirmation from the user. By getting the user to press cmd-R in Safari, and by hooking the cmd-key ke...

Limesurvey Unauthenticated File Download Exploit

Disclosed: October 12, 2015

This module exploits an unauthenticated file download vulnerability in limesurvey between 2.0+ and 2.06+ Build 151014. The file is downloaded as a ZIP and unzipped automatically, thus binary files can be downloaded.

Wordpress Ajax Load More PHP Upload Vulnerability Exploit

Disclosed: October 10, 2015

This module exploits an arbitrary file upload in the WordPress Ajax Load More version 2.8.1.1. It allows to upload arbitrary php files and get remote code execution. This module has been tested successfully on WordPress Ajax Load More 2.8.0 with Wordpress 4.1.3 on Ubuntu 12.04/14.04 Server.

HP SiteScope DNS Tool Command Injection Exploit

Disclosed: October 09, 2015

This module exploits a command injection vulnerability discovered in HP SiteScope 11.30 and earlier versions (tested in 11.26 and 11.30). The vulnerability exists in the DNS Tool allowing an attacker to execute arbitrary commands in the context of the service. By default, HP SiteScope installs and runs as SYSTEM i...

PDF Shaper Buffer Overflow Exploit

Disclosed: October 03, 2015

PDF Shaper is prone to a security vulnerability when processing PDF files. The vulnerability appears when we use Convert PDF to Image and use a specially crafted PDF file. This module has been tested successfully on Win XP, Win 7, Win 8, Win 10.

ManageEngine ServiceDesk Plus Path Traversal Exploit

Disclosed: October 03, 2015

This module exploits an unauthenticated path traversal vulnerability found in ManageEngine ServiceDesk Plus build 9110 and lower. The module will retrieve any file on the filesystem with the same privileges as Support Center Plus is running. On Windows, files can be retrieved with SYSTEM privileges. The issue has been res...

Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation Exploit

Disclosed: October 01, 2015

This module writes to the sudoers file without root access by exploiting rsh and malloc log files. Makes sudo require no password, giving access to su even if root is disabled. Works on OS X 10.9.5 to 10.10.5 (patched on 10.11).

PCMan FTP Server 2.0.7 Directory Traversal Information Disclosure Exploit

Disclosed: September 28, 2015

This module exploits a directory traversal vulnerability found in PCMan FTP Server 2.0.7. This vulnerability allows an attacker to download arbitrary files from the server by crafting a RETR command that includes file system traversal strings such as '..//'

BisonWare BisonFTP Server 3.5 Directory Traversal Information Disclosure Exploit

Disclosed: September 28, 2015

This module exploits a directory traversal vulnerability found in BisonWare BisonFTP server version 3.5. This vulnerability allows an attacker to download arbitrary files from the server by crafting a RETR command including file system traversal strings such as '..//.'

Kaseya VSA uploader.aspx Arbitrary File Upload Exploit

Disclosed: September 23, 2015

This module exploits an arbitrary file upload vulnerability found in Kaseya VSA versions between 7 and 9.1. A malicious unauthenticated user can upload an ASP file to an arbitrary directory leading to arbitrary code execution with IUSR privileges. This module has been tested with Kaseya v7.0.0.17, v8.0.0.10 and v9.0.0.3.