Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.

Displaying module details 251 - 260 of 3699 in total

Cerberus Helpdesk User Hash Disclosure Exploit

Disclosed: March 07, 2016

This module extracts usernames and password hashes from the Cerberus Helpdesk through an unauthenticated access to a workers file. Verified on Version 4.2.3 Stable (Build 925) and 5.4.4

Apache Jetspeed Arbitrary File Upload Exploit

Disclosed: March 06, 2016

This module exploits the unsecured User Manager REST API and a ZIP file path traversal in Apache Jetspeed-2, version 2.3.0 and unknown earlier versions, to upload and execute a shell. Note: this exploit will create, use, and then delete a new admin user. Warning: in testing, exploiting the file upload clobbered ...

Nagios XI Chained Remote Code Execution Exploit

Disclosed: March 06, 2016

This module exploits an SQL injection, auth bypass, file upload, command injection, and privilege escalation in Nagios XI <= 5.2.7 to pop a root shell.

ATutor 2.2.1 SQL Injection / Remote Code Execution Exploit

Disclosed: March 01, 2016

This module exploits a SQL Injection vulnerability and an authentication weakness vulnerability in ATutor. This essentially means an attacker can bypass authentication and reach the administrator's interface where they can upload malicious code.

ATutor 2.2.1 Directory Traversal / Remote Code Execution Exploit

Disclosed: March 01, 2016

This module exploits a directory traversal vulnerability in ATutor on an Apache/PHP setup with display_errors set to On, which can be used to allow us to upload a malicious ZIP file. On the web application, a blacklist verification is performed before extraction, however it is not sufficient to prevent exploitation. ...

Ruby on Rails ActionPack Inline ERB Code Execution Exploit

Disclosed: March 01, 2016

This module exploits a remote code execution vulnerability in the inline request processor of the Ruby on Rails ActionPack component. This vulnerability allows an attacker to process ERB to the inline JSON processor, which is then rendered, permitting full RCE within the runtime, without logging an error condition.

Centreon Web Useralias Command Execution Exploit

Disclosed: February 26, 2016

Centreon Web Interface <= 2.5.3 utilizes an ECHO for logging SQL errors. This functionality can be abused for arbitrary code execution, and can be triggered via the login screen prior to authentication.

Jenkins XStream Groovy classpath Deserialization Vulnerability Exploit

Disclosed: February 24, 2016

This module exploits CVE-2016-0792 a vulnerability in Jenkins versions older than 1.650 and Jenkins LTS versions older than 1.642.2 which is caused by unsafe deserialization in XStream with Groovy in the classpath, which allows remote arbitrary code execution. The issue affects default installations. Authentication is not...

Ubiquiti airOS Arbitrary File Upload Exploit

Disclosed: February 13, 2016

This module exploits a pre-auth file upload to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorized_keys. FYI, /etc/{passwd,dropbear/authorized_keys} will be overwritten. /etc/persistent/rc.poststart will be overwritten if PERSIST_ETC is true. This method is used by the "mf" malware ...

MS16-016 mrxdav.sys WebDav Local Privilege Escalation Exploit

Disclosed: February 09, 2016

This module exploits the vulnerability in mrxdav.sys described by MS16-016. The module will spawn a process on the target system and elevate its privileges to NT AUTHORITY\SYSTEM before executing the specified payload within the context of the elevated process.