INCIDENT DETECTION & RESPONSE
The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.
IPFire proxy.cgi RCE Exploit
Disclosed: May 04, 2016
IPFire, a free linux based open source firewall distribution, version < 2.19 Update Core 101 contains a remote command execution vulnerability in the proxy.cgi page.
Disclosed: May 03, 2016
This module exploits a shell command injection in the way "delegates" (commands for converting files) are processed in ImageMagick versions <= 7.0.1-0 and <= 6.9.3-9 (legacy). Since ImageMagick uses file magic to detect file format, you can create a .png (for example) which is actually a crafted SVG (for example)...
Disclosed: April 30, 2016
This module attempts to exploit a debug backdoor privilege escalation in Allwinner SoC based devices. Vulnerable Allwinner SoC chips: H3, A83T or H8 which rely on Kernel 3.4 Vulnerable OS: all OS images available for Orange Pis, any for FriendlyARM's NanoPi M1, SinoV...
Disclosed: April 27, 2016
This module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 188.8.131.52 and 184.108.40.206). Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.
Disclosed: April 19, 2016
This module simplifies the Regsvr32.exe Application Whitelisting Bypass technique. The module creates a web server that hosts an .sct file. When the user types the provided regsvr32 command on a system, regsvr32 will request the .sct file and then execute the included PowerShell command. This command then downloads and ex...
Disclosed: April 18, 2016
This module exploits a well known remote code execution exploit after establishing encrypted control communications with a Data Protector agent. This allows exploitation of Data Protector agents that have been configured to only use encrypted control communications. This exploit works by executing the payload with Micros...
Disclosed: April 08, 2016
op5 an open source network monitoring software. The configuration page in version 7.1.9 and below allows the ability to test a system command, which can be abused to run arbitrary code as an unpriv user.
Disclosed: April 07, 2016
ExaGrid ships a public/private key pair on their backup appliances to allow passwordless authentication to other ExaGrid appliances. Since the private key is easily retrievable, an attacker can use it to gain unauthorized remote access as root. Additionally, this module will attempt to use the default password fo...
Disclosed: April 06, 2016
This module exploits a command injection in Apache Continuum <= 1.4.2. By injecting a command into the installation.varValue POST parameter to /continuum/saveInstallation.action, a shell can be spawned.
Disclosed: March 30, 2016
This module exploits an authenticated arbitrary file upload via directory traversal to execute code on the target. It has been tested on versions 6.5 and 7.1.0, in Windows and Linux installations of Novell ServiceDesk, as well as the Virtual Appliance provided by Novell.