Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 21 - 30 of 3678 in total

GitStack Unauthenticated REST API Requests Exploit

Disclosed: January 15, 2018

This modules exploits unauthenticated REST API requests in GitStack through v2.3.10. The module supports requests for listing users of the application and listing available repositories. Additionally, the module can create a user and add the user to the application's repositories. This module has been tested against GitSt...

GitStack Unsanitized Argument RCE Exploit

Disclosed: January 15, 2018

This module exploits a remote code execution vulnerability that exists in GitStack through v2.3.10, caused by an unsanitized argument being passed to an exec function call. This module has been tested on GitStack v2.3.10.

Cambium ePMP1000 'get_chart' Shell via Command Injection (v3.1-3.5-RC7) Exploit

Disclosed: December 18, 2017

This module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to set up a reverse netcat shell. The module has been tested on versions 3.1-3.5-RC7.

GoAhead Web Server LD_PRELOAD Arbitrary Module Load Exploit

Disclosed: December 18, 2017

This module triggers an arbitrary shared library load vulnerability in GoAhead web server versions between 2.5 and that have the CGI module enabled.

Linksys WVBR0-25 User-Agent Command Execution Exploit

Disclosed: December 13, 2017

The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless Genie cable boxes to the Genie DVR, is vulnerable to OS command injection in version < 1.0.41 of the web management portal via the User-Agent header. Authentication is not required to exploit this vulnerability.

Commvault Communications Service (cvd) Command Injection Exploit

Disclosed: December 12, 2017

This module exploits a command injection vulnerability discovered in Commvault Service v11 SP5 and earlier versions (tested in v11 SP5 and v10). The vulnerability exists in the cvd.exe service and allows an attacker to execute arbitrary commands in the context of the service. By default, the Commvault Communicatio...

Palo Alto Networks readSessionVarsFromFile() Session Corruption Exploit

Disclosed: December 11, 2017

This module exploits a chain of vulnerabilities in Palo Alto Networks products running PAN-OS versions prior to 6.1.19, 7.0.19, 7.1.14, and 8.0.6. This chain starts by using an authentication bypass flaw to to exploit an XML injection issue, which is then abused to create an arbitrary directory, and finally gains root cod...

Mac OS X Root Privilege Escalation Exploit

Disclosed: November 29, 2017

This module exploits a serious flaw in MacOSX High Sierra. Any user can login with user "root", leaving an empty password.

Clickjacking Vulnerability In CSRF Error Page pfSense Exploit

Disclosed: November 21, 2017

This module exploits a Clickjacking vulnerability in pfSense <= 2.4.1. pfSense is a free and open source firewall and router. It was found that the pfSense WebGUI is vulnerable to Clickjacking. By tricking an authenticated admin into interacting with a specially crafted webpage it is possible for an attacker ...

Microsoft Office CVE-2017-11882 Exploit

Disclosed: November 15, 2017

Module exploits a flaw in how the Equation Editor that allows an attacker to execute arbitrary code in RTF files without interaction. The vulnerability is caused by the Equation Editor, to which fails to properly handle OLE objects in memory.