Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 1 - 10 of 3431 in total

Intel AMT Digest Authentication Bypass Scanner Exploit

Disclosed: May 05, 2017

This module scans for Intel Active Management Technology endpoints and attempts to bypass authentication using a blank HTTP digest (CVE-2017-5689). This service can be found on ports 16992, 16993 (tls), 623, and 624(tls).

Crypttech CryptoLog Remote Code Execution Exploit

Disclosed: May 03, 2017

This module exploits the sql injection and command injection vulnerability of CryptoLog. An un-authenticated user can execute a terminal command under the context of the web user. login.php endpoint is responsible for login process. One of the user supplied parameter is used by the application without input validation an...

Serviio Media Server checkStreamUrl Command Execution Exploit

Disclosed: May 03, 2017

This module exploits an unauthenticated remote command execution vulnerability in the console component of Serviio Media Server versions 1.4 to 1.8 on Windows operating systems. The console service (on port 23423 by default) exposes a REST API which which does not require authentication. The 'action' API...

WordPress PHPMailer Host Header Command Injection Exploit

Disclosed: May 03, 2017

This module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability. Additionally, due to the altered Host header, expl...

Ghostscript Type Confusion Arbitrary Command Execution Exploit

Disclosed: April 27, 2017

This module exploits a type confusion vulnerability in Ghostscript that can be exploited to obtain arbitrary command execution. This vulnerability affects Ghostscript version 9.21 and earlier and can be exploited through libraries such as ImageMagick and Pillow.

WePresent WiPG-1000 Command Injection Exploit

Disclosed: April 20, 2017

This module exploits a command injection vulnerability in an undocumented CGI file in several versions of the WePresent WiPG-1000 devices. Version 2.0.0.7 was confirmed vulnerable, 2.2.3.0 patched this vulnerability.

Mercurial Custom hg-ssh Wrapper Remote Code Exec Exploit

Disclosed: April 18, 2017

This module takes advantage of custom hg-ssh wrapper implementations that don't adequately validate parameters passed to the hg binary, allowing users to trigger a Python Debugger session, which allows arbitrary Python code execution.

Huawei HG532n Command Injection Exploit

Disclosed: April 15, 2017

This module exploits a command injection vulnerability in the Huawei HG532n routers provided by TE-Data Egypt, leading to a root shell. The router's web interface has two kinds of logins, a "limited" user:user login given to all customers and an admin mode. The limited mode is used here to expose the router's tel...

Microsoft Office Word Malicious Hta Execution Exploit

Disclosed: April 14, 2017

This module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how a olelink object can make a http(s) request, and execute hta code in response. This bug was originally seen being exploited in the wild starting in Oct 201...

Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution Exploit

Disclosed: April 10, 2017

This module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot (CVE-2016-7552). The second is a cmdi flaw using the timezone parameter in the admin_s...