Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 261 - 270 of 3743 in total

Apache Struts Dynamic Method Invocation Remote Code Execution Exploit

Disclosed: April 27, 2016

This module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.

pfSense authenticated graph status RCE Exploit

Disclosed: April 18, 2016

pfSense, a free BSD based open source firewall distribution, version <= 2.2.6 contains a remote command execution vulnerability post authentication in the _rrd_graph_img.php page. The vulnerability occurs via the graph GET parameter. A non-administrative authenticated attacker can inject arbitrary operatin...

HP Data Protector Encrypted Communication Remote Command Execution Exploit

Disclosed: April 18, 2016

This module exploits a well known remote code execution exploit after establishing encrypted control communications with a Data Protector agent. This allows exploitation of Data Protector agents that have been configured to only use encrypted control communications. This exploit works by executing the payload with Micros...

op5 v7.1.9 Configuration Command Execution Exploit

Disclosed: April 08, 2016

op5 an open source network monitoring software. The configuration page in version 7.1.9 and below allows the ability to test a system command, which can be abused to run arbitrary code as an unpriv user.

ExaGrid Known SSH Key and Default Password Exploit

Disclosed: April 07, 2016

ExaGrid ships a public/private key pair on their backup appliances to allow passwordless authentication to other ExaGrid appliances. Since the private key is easily retrievable, an attacker can use it to gain unauthorized remote access as root. Additionally, this module will attempt to use the default password fo...

Apache CouchDB Arbitrary Command Execution Exploit

Disclosed: April 06, 2016

CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB...

Apache Continuum Arbitrary Command Execution Exploit

Disclosed: April 06, 2016

This module exploits a command injection in Apache Continuum <= 1.4.2. By injecting a command into the installation.varValue POST parameter to /continuum/saveInstallation.action, a shell can be spawned.

Novell ServiceDesk Authenticated File Upload Exploit

Disclosed: March 30, 2016

This module exploits an authenticated arbitrary file upload via directory traversal to execute code on the target. It has been tested on versions 6.5 and 7.1.0, in Windows and Linux installations of Novell ServiceDesk, as well as the Virtual Appliance provided by Novell.

HID discoveryd command_blink_on Unauthenticated RCE Exploit

Disclosed: March 28, 2016

This module exploits an unauthenticated remote command execution vulnerability in the discoveryd service exposed by HID VertX and Edge door controllers. This module was tested successfully on a HID Edge model EH400 with firmware version 2.3.1.603 (Build 04/23/2012).

HTTP Client Information Gather Exploit

Disclosed: March 22, 2016

This module gathers information about a browser that exploits might be interested in, such as OS name, browser version, plugins, etc. By default, the module will return a fake 404, but you can customize this output by changing the Custom404 datastore option, and redirect to an external web page.