Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.

Displaying module details 101 - 110 of 3837 in total

Microsoft Office CVE-2017-11882 Exploit

Disclosed: November 15, 2017

Module exploits a flaw in how the Equation Editor that allows an attacker to execute arbitrary code in RTF files without interaction. The vulnerability is caused by the Equation Editor, to which fails to properly handle OLE objects in memory.

Dup Scout Enterprise Login Buffer Overflow Exploit

Disclosed: November 14, 2017

This module exploits a stack buffer overflow in Dup Scout Enterprise 10.0.18. The buffer overflow exists via the web interface during login. This gives NT AUTHORITY\SYSTEM access.

Linux BPF Sign Extension Local Privilege Escalation Exploit

Disclosed: November 12, 2017

Linux kernel prior to 4.14.8 utilizes the Berkeley Packet Filter (BPF) which contains a vulnerability where it may improperly perform sign extension. This can be utilized to escalate privileges. The target system must be compiled with BPF support and must not have kernel.unprivileged_bpf_disabled set to 1. ...

Polycom Shell HDX Series Traceroute Command Execution Exploit

Disclosed: November 12, 2017

Within Polycom command shell, a command execution flaw exists in lan traceroute, one of the dev commands, which allows for an attacker to execute arbitrary payloads with telnet or openssl.

Samsung Internet Browser SOP Bypass Exploit

Disclosed: November 08, 2017

This module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather credentials via a fake pop-up.

pfSense authenticated group member RCE Exploit

Disclosed: November 06, 2017

pfSense, a free BSD based open source firewall distribution, version <= 2.3.1_1 contains a remote command execution vulnerability post authentication in the system_groupmanager.php page. Verified against 2.2.6 and 2.3.

Advantech WebAccess Webvrpcs Service Opcode 80061 Stack Buffer Overflow Exploit

Disclosed: November 02, 2017

This module exploits a stack buffer overflow in Advantech WebAccess 8.2. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code.

Brother Debut http Denial Of Service Exploit

Disclosed: November 02, 2017

The Debut embedded HTTP server <= 1.20 on Brother printers allows for a Denial of Service (DoS) condition via a crafted HTTP request. The printer will be unresponsive from HTTP and printing requests for ~300 seconds. After which, the printer will start responding again.

Xplico Remote Code Execution Exploit

Disclosed: October 29, 2017

This module exploits command injection vulnerability. Unauthenticated users can register a new account and then execute a terminal command under the context of the root user. The specific flaw exists within the Xplico, which listens on TCP port 9876 by default. The goal of Xplico is extract from an internet traffic captu...

Tuleap 9.6 Second-Order PHP Object Injection Exploit

Disclosed: October 23, 2017

This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap <= 9.6 which could be abused by authenticated users to execute arbitrary PHP code with the permissions of the webserver. The vulnerability exists because of the User::getRecentElements() method is using the unserialize() function with data th...