Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.

Displaying module details 71 - 80 of 3836 in total

Etcd Version Scanner Exploit

Disclosed: March 16, 2018

This module connections to etcd API endpoints, typically on 2379/TCP, and attempts to obtain the version of etcd.

Etcd Keys API Information Gathering Exploit

Disclosed: March 16, 2018

This module queries the etcd API to recursively retrieve all of the stored key value pairs. Etcd by default does not utilize authentication.

Safari Proxy Object Type Confusion Exploit

Disclosed: March 15, 2018

This module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e.g. an argument wit...

Mac OS X libxpc MITM Privilege Escalation Exploit

Disclosed: March 15, 2018

This module exploits a vulnerablity in libxpc on macOS <= 10.13.3 The task_set_special_port API allows callers to overwrite their bootstrap port, which is used to communicate with launchd. This port is inherited across forks: child processes will use the same bootstrap port as the parent. By overwriting the bootst...

Unitrends Enterprise Backup bpserverd Privilege Escalation Exploit

Disclosed: March 14, 2018

It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. This is very similar to exploits/linux/misc/ueb9_bpserverd ho...

Flexense HTTP Server Denial Of Service Exploit

Disclosed: March 09, 2018

This module triggers a Denial of Service vulnerability in the Flexense HTTP server. Vulnerability caused by a user mode write access memory violation and can be triggered with rapidly sending variety of HTTP requests with long HTTP header values. Multiple Flexense applications that are using Flexense HTTP server 10.6.24 ...

HTTP SickRage Password Leak Exploit

Disclosed: March 08, 2018

SickRage < v2018-09-03 allows an attacker to view a user's saved Github credentials in HTTP responses unless the user has set login information for SickRage. By default, SickRage does not require login information for the installation.

ManageEngine Applications Manager Remote Code Execution Exploit

Disclosed: March 07, 2018

This module exploits command injection vulnerability in the ManageEngine Application Manager product. An unauthenticated user can execute a operating system command under the context of privileged user. Publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessi...

ClipBucket beats_uploader Unauthenticated Arbitrary File Upload Exploit

Disclosed: March 03, 2018

This module exploits a vulnerability found in ClipBucket versions before 4.0.0 (Release 4902). A malicious file can be uploaded using an unauthenticated arbitrary file upload vulnerability. It is possible for an attacker to upload a malicious script to issue operating system commands. This issue is caused by improper sess...

Memcached Stats Amplification Scanner Exploit

Disclosed: February 27, 2018

This module can be used to discover Memcached servers which expose the unrestricted UDP port 11211. A basic "stats" request is executed to check if an amplification attack is possible against a third party.