Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 21 - 30 of 3826 in total

Adobe ColdFusion CKEditor unrestricted file upload Exploit

Disclosed: September 11, 2018

A file upload vulnerability in the CKEditor of Adobe ColdFusion 11 (Update 14 and earlier), ColdFusion 2016 (Update 6 and earlier), and ColdFusion 2018 (July 12 release) allows unauthenticated remote attackers to upload and execute JSP files through the filemanager plugin. Tested on Adobe ColdFusion 2018.0...

Snap Creek Duplicator WordPress plugin code injection Exploit

Disclosed: August 29, 2018

When the WordPress plugin Snap Creek Duplicator restores a backup, it leaves dangerous files in the filesystem such as installer.php and installer-backup.php. These files allow anyone to call a function that overwrite the wp-config.php file AND this function does not sanitize POST parameters before inserting them ...

Microsoft Windows ALPC Task Scheduler Local Privilege Elevation Exploit

Disclosed: August 27, 2018

On vulnerable versions of Windows the alpc endpoint method SchRpcSetSecurity implemented by the task scheduler service can be used to write arbitrary DACLs to `.job` files located in `c:\windows\tasks` because the scheduler does not use impersonation when checking this location. Since users can create files in the `c:\win...

Apache Struts 2 Namespace Redirect OGNL Injection Exploit

Disclosed: August 22, 2018

This module exploits a remote code execution vulnerability in Apache Struts version 2.3 - 2.3.4, and 2.5 - 2.5.16. Remote Code Execution can be performed via an endpoint that makes use of a redirect action. Note that this exploit is dependant on the version of Tomcat running on the target. Versions of Tomcat sta...

Ghostscript Failed Restore Command Execution Exploit

Disclosed: August 21, 2018

This module exploits a -dSAFER bypass in Ghostscript to execute arbitrary commands by handling a failed restore (grestore) in PostScript to disable LockSafetyParams and avoid invalidaccess. This vulnerability is reachable via libraries such as ImageMagick, and this module provides the latest vector for Ghostscrip...

Pimcore Gather Credentials via SQL Injection Exploit

Disclosed: August 13, 2018

This module extracts the usernames and hashed passwords of all users of the Pimcore web service by exploiting a SQL injection vulnerability in Pimcore's REST API. Pimcore begins to create password hashes by concatenating a user's username, the name of the application, and the user's password in the format...

Hashicorp Consul Remote Command Execution via Services API Exploit

Disclosed: August 11, 2018

This module exploits Hashicorp Consul's services API to gain remote command execution on Consul nodes.

Hashicorp Consul Remote Command Execution via Rexec Exploit

Disclosed: August 11, 2018

This module exploits a feature of Hashicorp Consul named rexec.

Windows unmarshal post exploitation Exploit

Disclosed: August 05, 2018

This module exploits a local privilege escalation bug which exists in microsoft COM for windows when it fails to properly handle serialized objects.

NUUO NVRmini upgrade_handle.php Remote Command Execution Exploit

Disclosed: August 04, 2018

This exploits a vulnerability in the web application of NUUO NVRmini IP camera, which can be done by triggering the writeuploaddir command in the upgrade_handle.php file.