Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 51 - 60 of 3524 in total

Satel Iberia SenNet Data Logger and Electricity Meters Command Injection Vulnerability Exploit

Disclosed: April 07, 2017

This module exploits an OS Command Injection vulnerability in Satel Iberia SenNet Data Loggers & Electricity Meters to perform arbitrary command execution as 'root'.

Windows Escalate UAC Protection Bypass (In Memory Injection) abusing WinSXS Exploit

Disclosed: April 06, 2017

This module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off by abusing the way "WinSxS" works in Windows systems. This module uses the Reflective DLL Injection technique to drop only the DLL payload bina...

MediaWiki SyntaxHighlight extension option injection vulnerability Exploit

Disclosed: April 06, 2017

This module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create & execute a PHP file in the document root. The USERNAME & PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki installation with SyntaxHighlig...

Microsoft IIS WebDav ScStoragePathFromUrl Overflow Exploit

Disclosed: March 26, 2017

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wi...

Samba is_known_pipename() Arbitrary Module Load Exploit

Disclosed: March 24, 2017

This module triggers an arbitrary shared library load vulnerability in Samba versions 3.5.0 to 4.4.14, 4.5.10, and 4.6.4. This module requires valid credentials, a writeable folder in an accessible share, and knowledge of the server-side path of the writeable folder. In some cases, anonymous access combined with c...

Razer Synapse rzpnk.sys ZwOpenProcess Exploit

Disclosed: March 22, 2017

A vulnerability exists in the latest version of Razer Synapse (v2.20.15.1104 as of the day of disclosure) which can be leveraged locally by a malicious application to elevate its privileges to those of NT_AUTHORITY\SYSTEM. The vulnerability lies in a specific IOCTL handler in the rzpnk.sys driver that passes a PID...

Cisco IOS Telnet Denial of Service Exploit

Disclosed: March 17, 2017

This module triggers a Denial of Service condition in the Cisco IOS telnet service affecting multiple Cisco switches. Tested against Cisco Catalyst 2960 and 3750.

SolarWind LEM Default SSH Password Remote Code Execution Exploit

Disclosed: March 17, 2017

This module exploits the default credentials of SolarWind LEM. A menu system is encountered when the SSH service is accessed with the default username and password which is "cmc" and "password". By exploiting a vulnerability that exist on the menuing script, an attacker can escape from restricted shell. This module was t...

Dup Scout Enterprise GET Buffer Overflow Exploit

Disclosed: March 15, 2017

This module exploits a stack-based buffer overflow vulnerability in the web interface of Dup Scout Enterprise v9.5.14, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This module has been tested successfully on Windows 7 SP1 x86.

VX Search Enterprise GET Buffer Overflow Exploit

Disclosed: March 15, 2017

This module exploits a stack-based buffer overflow vulnerability in the web interface of VX Search Enterprise v9.5.12, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This module has been tested successfully on Windows 7 SP1 x86.