The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.
Apache Struts 2 REST Plugin XStream RCE Exploit
Disclosed: September 05, 2017
Apache Struts versions 2.1.2 - 2.3.33 and Struts 2.5 - Struts 2.5.12, using the REST plugin, are vulnerable to a Java deserialization attack in the XStream library.
Mako Server v2.5, 2.6 OS Command Injection RCE Exploit
Disclosed: September 03, 2017
This module exploits a vulnerability found in Mako Server v2.5, 2.6. It's possible to inject arbitrary OS commands in the Mako Server tutorial page through a PUT request to save.lsp. Attacker input will be saved on the victims machine and can be executed by sending a GET request to manage.lsp.
IBM Notes encodeURI DOS Exploit
Disclosed: August 31, 2017
This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes. If successful, it could cause the Notes client to hang and have to be restarted.
IBM Notes Denial Of Service Exploit
Disclosed: August 31, 2017
This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes. If successful, the browser will crash after viewing the webpage.
Open WAN-to-LAN proxy on AT&T routers Exploit
Disclosed: August 31, 2017
The Arris NVG589 and NVG599 routers configured with AT&T U-verse firmware 9.2.2h0d83 expose an un-authenticated proxy that allows connecting from WAN to LAN by MAC address.
Disk Pulse Enterprise GET Buffer Overflow Exploit
Disclosed: August 25, 2017
This module exploits an SEH buffer overflow in Disk Pulse Enterprise 9.9.16. If a malicious user sends a crafted HTTP GET request it is possible to execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account.
HP iLO 4 1.00-2.50 Authentication Bypass Administrator Account Creation Exploit
Disclosed: August 24, 2017
This module exploits an authentication bypass in HP iLO 4 1.00 to 2.50, triggered by a buffer overflow in the Connection HTTP header handling by the web server. Exploiting this vulnerability gives full access to the REST API, allowing arbitrary accounts creation.
Malicious Git HTTP Server For CVE-2017-1000117 Exploit
Disclosed: August 10, 2017
This module exploits CVE-2017-1000117, which affects Git version 2.7.5 and lower. A submodule of the form 'ssh://' can be passed parameters from the username incorrectly. This can be used to inject commands to the operating system when the submodule is cloned. This module creates a fake git repository whi...
DIR-850L (Un)authenticated OS Command Exec Exploit
Disclosed: August 09, 2017
This module leverages an unauthenticated credential disclosure vulnerability to then execute arbitrary commands on DIR-850L routers as an authenticated user. Unable to use Meterpreter payloads.
Unitrends UEB 9 http api/storage remote root Exploit
Disclosed: August 08, 2017
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.