Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 1 - 10 of 3463 in total

Easy Chat Server User Registeration Buffer Overflow (SEH) Exploit

Disclosed: October 09, 2017

This module exploits a buffer overflow during user registration in Easy Chat Server software.

Nitro Pro PDF Reader 11.0.3.173 Javascript API Remote Code Execution Exploit

Disclosed: July 24, 2017

This module exploits an unsafe Javascript API implemented in Nitro and Nitro Pro PDF Reader version 11. The saveAs() Javascript API function allows for writing arbitrary files to the file system. Additionally, the launchURL() function allows an attacker to execute local files on the file system and bypass the securi...

SurgeNews User Credentials Exploit

Disclosed: June 16, 2017

This module exploits a vulnerability in the WebNews web interface of SurgeNews on TCP ports 9080 and 8119 which allows unauthenticated users to download arbitrary files from the software root directory; including the user database, configuration files and log files. This module extracts the administrator username...

Easy File Sharing HTTP Server 7.2 POST Buffer Overflow Exploit

Disclosed: June 12, 2017

This module exploits a POST buffer overflow in the Easy File Sharing FTP Server 7.2 software.

IPFire proxy.cgi RCE Exploit

Disclosed: June 09, 2017

IPFire, a free linux based open source firewall distribution, version < 2.19 Update Core 110 contains a remote command execution vulnerability in the ids.cgi page in the OINKCODE field.

WMI Event Subscription Persistence Exploit

Disclosed: June 06, 2017

This module will create a permanent WMI event subscription to achieve file-less persistence using one of five methods. The EVENT method will create an event filter that will query the event log for an EVENT_ID_TRIGGER (default: failed logon request id 4625) that also contains a specified USERNAME_TRIGGER (note: failed logon a...

Riverbed SteelHead VCX File Read Exploit

Disclosed: June 01, 2017

This module exploits an authenticated arbitrary file read in the log module's filter engine. SteelHead VCX (VCX255U) version 9.6.0a was confirmed as vulnerable.

ScadaBR Credentials Dumper Exploit

Disclosed: May 28, 2017

This module retrieves credentials from ScadaBR, including service credentials and unsalted SHA1 password hashes for all users, by invoking the 'EmportDwr.createExportData' DWR method of Mango M2M which is exposed to all authenticated users regardless of privilege level. This module has been tested success...

VICIdial user_authorization Unauthenticated Command Execution Exploit

Disclosed: May 26, 2017

This module exploits a vulnerability in VICIdial versions 2.9 RC 1 to 2.13 RC1 which allows unauthenticated users to execute arbitrary operating system commands as the web server user if password encryption is enabled (disabled by default). When password encryption is enabled the user's password s...

Octopus Deploy Authenticated Code Execution Exploit

Disclosed: May 15, 2017

This module can be used to execute a payload on an Octopus Deploy server given valid credentials or an API key. The payload is execued as a powershell script step on the Octopus Deploy server during a deployment.