Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.

Displaying module details 241 - 250 of 3647 in total

ManageEngine Desktop Central 9 FileUploadServlet ConnectionId Vulnerability Exploit

Disclosed: December 14, 2015

This module exploits a vulnerability found in ManageEngine Desktop Central 9. When uploading a 7z file, the FileUploadServlet class does not check the user-controlled ConnectionId parameter in the FileUploadServlet class. This allows a remote attacker to inject a null bye at the end of the value to create a malicious file...

MS15-134 Microsoft Windows Media Center MCL Information Disclosure Exploit

Disclosed: December 08, 2015

This module exploits a vulnerability found in Windows Media Center. It allows an MCL file to render itself as an HTML document in the local machine zone by Internet Explorer, which can be used to leak files on the target machine. Please be aware that if this exploit is used against a patched Windows, it can cause the ...

PHP Utility Belt Remote Code Execution Exploit

Disclosed: December 08, 2015

This module exploits a remote code execution vulnerability in PHP Utility Belt, which is a set of tools for PHP developers and should not be installed in a production environment, since this application runs arbitrary PHP code as an intended functionality.

Office OLE Multiple DLL Side Loading Vulnerabilities Exploit

Disclosed: December 08, 2015

Multiple DLL side loading vulnerabilities were found in various COM components. These issues can be exploited by loading various these components as an embedded OLE object. When instantiating a vulnerable object Windows will try to load one or more DLLs from the current working directory. If an attacker convinces the ...

Xdh / LinuxNet Perlbot / fBot IRC Bot Remote Code Execution Exploit

Disclosed: December 04, 2015

This module allows remote command execution on an IRC Bot developed by xdh. This perl bot was caught by Conor Patrick with his shellshock honeypot server and is categorized by Markus Zanke as an fBot (Fire & Forget - DDoS Bot). Matt Thayer also found this script which has a description of LinuxNet perlbot. ...

Easy File Sharing HTTP Server 7.2 SEH Overflow Exploit

Disclosed: December 02, 2015

This module exploits a SEH overflow in the Easy File Sharing FTP Server 7.2 software.

Advantech Switch Bash Environment Variable Code Injection (Shellshock) Exploit

Disclosed: December 01, 2015

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets the 'ping.sh' CGI script, accessible through the Boa web server on Advantech switches. This module was tested against firmware version 1322_D1.98.

Cambium ePMP1000 'ping' Shell via Command Injection (up to v2.5) Exploit

Disclosed: November 28, 2015

This module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to set up a reverse netcat shell.

Jenkins CLI RMI Java Deserialization Vulnerability Exploit

Disclosed: November 18, 2015

This module exploits a vulnerability in Jenkins. An unsafe deserialization bug exists on the Jenkins master, which allows remote arbitrary code execution. Authentication is not required to exploit this vulnerability.

Redis File Upload Exploit

Disclosed: November 11, 2015

This module can be used to leverage functionality exposed by Redis to achieve somewhat arbitrary file upload to a file and directory to which the user account running the redis instance has access. It is not totally arbitrary because the exact contents of the file cannot be completely controlled given the...