Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 81 - 90 of 3678 in total

ScadaBR Credentials Dumper Exploit

Disclosed: May 28, 2017

This module retrieves credentials from ScadaBR, including service credentials and unsalted SHA1 password hashes for all users, by invoking the 'EmportDwr.createExportData' DWR method of Mango M2M which is exposed to all authenticated users regardless of privilege level. This module has been tested success...

VICIdial user_authorization Unauthenticated Command Execution Exploit

Disclosed: May 26, 2017

This module exploits a vulnerability in VICIdial versions 2.9 RC 1 to 2.13 RC1 which allows unauthenticated users to execute arbitrary operating system commands as the web server user if password encryption is enabled (disabled by default). When password encryption is enabled the user's password s...

VMware Workstation ALSA Config File Local Privilege Escalation Exploit

Disclosed: May 22, 2017

This module exploits a vulnerability in VMware Workstation Pro and Player on Linux which allows users to escalate their privileges by using an ALSA configuration file to load and execute a shared object as root when launching a virtual machine with an attached sound card. This module has been tested successfully ...

PlaySMS import.php Authenticated CSV File Upload Code Execution Exploit

Disclosed: May 21, 2017

This module exploits an authenticated file upload remote code excution vulnerability in PlaySMS Version 1.4. This issue is caused by improper file contents handling in import.php (aka the Phonebook import feature). Authenticated Users can upload a CSV file containing a malicious payload via vectors involving the Use...

PlaySMS sendfromfile.php Authenticated "Filename" Field Code Execution Exploit

Disclosed: May 21, 2017

This module exploits a code injection vulnerability within an authenticated file upload feature in PlaySMS v1.4. This issue is caused by improper file name handling in sendfromfile.php file. Authenticated Users can upload a file and rename the file with a malicious payload. This module was tested against P...

Joomla Component Fields SQLi Remote Code Execution Exploit

Disclosed: May 17, 2017

This module exploits a SQL injection vulnerability in the com_fields component, which was introduced to the core of Joomla in version 3.7.0.

LabF nfsAxe 3.7 FTP Client Stack Buffer Overflow Exploit

Disclosed: May 15, 2017

This module exploits a buffer overflow in the LabF nfsAxe 3.7 FTP Client allowing remote code execution.

HPE iMC dbman RestartDB Unauthenticated RCE Exploit

Disclosed: May 15, 2017

This module exploits a remote command execution vulnerablity in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restart a user-specified database instance (OpCode 10008), however the instance ID is not sanitized...

Octopus Deploy Authenticated Code Execution Exploit

Disclosed: May 15, 2017

This module can be used to execute a payload on an Octopus Deploy server given valid credentials or an API key. The payload is executed as a powershell script step on the Octopus Deploy server during a deployment.

HPE iMC dbman RestoreDBase Unauthenticated RCE Exploit

Disclosed: May 15, 2017

This module exploits a remote command execution vulnerablity in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restore a user-specified database (OpCode 10007), however the database connection username is not s...