Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.

Displaying module details 241 - 250 of 3570 in total

Kaseya VSA Master Administrator Account Creation Exploit

Disclosed: September 23, 2015

This module abuses the setAccount page on Kaseya VSA between 7 and 9.1 to create a new Master Administrator account. Normally this page is only accessible via the localhost interface, but the application does nothing to prevent this apart from attempting to force a redirect. This module has been tested with Kaseya VSA v7....

Konica Minolta FTP Utility 1.00 Directory Traversal Information Disclosure Exploit

Disclosed: September 22, 2015

This module exploits a directory traversal vulnerability found in Konica Minolta FTP Utility 1.0. This vulnerability allows an attacker to download arbitrary files from the server by crafting a RETR command that includes file system traversal strings such as '..//'

ManageEngine OpManager Remote Code Execution Exploit

Disclosed: September 14, 2015

This module exploits a default credential vulnerability in ManageEngine OpManager, where a default hidden account "IntegrationUser" with administrator privileges exists. The account has a default password of "plugin" which cannot be reset through the user interface. By log-in and abusing the default administrator's SQL qu...

Simple Backdoor Shell Remote Code Execution Exploit

Disclosed: September 08, 2015

This module exploits unauthenticated simple web backdoor shells by leveraging the common backdoor shell's vulnerable parameter to execute commands. The SecLists project of Daniel Miessler and Jason Haddix has a lot of samples for these kind of backdoor shells which is categorized under Payloads.

MS15-100 Microsoft Windows Media Center MCL Vulnerability Exploit

Disclosed: September 08, 2015

This module exploits a vulnerability in Windows Media Center. By supplying an UNC path in the *.mcl file, a remote file will be automatically downloaded, which can result in arbitrary code execution.

F5 iControl iCall::Script Root Command Execution Exploit

Disclosed: September 03, 2015

This module exploits an authenticated privilege escalation vulnerability in the iControl API on the F5 BIG-IP LTM (and likely other F5 devices). This requires valid credentials and the Resource Administrator role. The exploit should work on BIG-IP 11.3.0 - 11.6.0, (11.5.x < 11.5.3 HF2 or 11.6.x < 11.6.0 HF...

Nibbleblog File Upload Vulnerability Exploit

Disclosed: September 01, 2015

Nibbleblog contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. This module was tested on version 4.0.3.

phpFileManager 0.9.8 Remote Code Execution Exploit

Disclosed: August 28, 2015

This module exploits a remote code execution vulnerability in phpFileManager 0.9.8 which is a filesystem management tool on a single file.

MVPower DVR Shell Unauthenticated Command Execution Exploit

Disclosed: August 23, 2015

This module exploits an unauthenticated remote command execution vulnerability in MVPower digital video recorders. The 'shell' file on the web interface executes arbitrary operating system commands in the query string. This module was tested successfully on a MVPower model TV-7104HE with firmware version ...

Konica Minolta FTP Utility 1.00 Post Auth CWD Command SEH Overflow Exploit

Disclosed: August 23, 2015

This module exploits an SEH overflow in Konica Minolta FTP Server 1.00. Konica Minolta FTP fails to check input size when parsing 'CWD' commands, which leads to an SEH overflow. Konica FTP allows anonymous access by default; valid credentials are typically unnecessary to exploit this vulnerability.