Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.

Displaying module details 131 - 140 of 3854 in total

CyberLink LabelPrint 2.5 Stack Buffer Overflow Exploit

Disclosed: September 23, 2017

This module exploits a stack buffer overflow in CyberLink LabelPrint 2.5 and below. The vulnerability is triggered when opening a .lpp project file containing overly long string characters via open file menu. This results in overwriting a structured exception handler record and take over the application. This module has b...

DenyAll Web Application Firewall Remote Code Execution Exploit

Disclosed: September 19, 2017

This module exploits the command injection vulnerability of DenyAll Web Application Firewall. Unauthenticated users can execute a terminal command under the context of the web server user.

Apache Optionsbleed Scanner Exploit

Disclosed: September 18, 2017

This module scans for the Apache optionsbleed vulnerability where the Allow response header returned from an OPTIONS request may bleed memory if the server has a .htaccess file with an invalid Limit method defined.

xdebug Unauthenticated OS Command Execution Exploit

Disclosed: September 17, 2017

Module exploits a vulnerability in the eval command present in Xdebug versions 2.5.5 and below. This allows the attacker to execute arbitrary php code as the context of the web user.

Kaltura Remote PHP Code Execution over Cookie Exploit

Disclosed: September 12, 2017

This module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hardcoded cookie secret which allows to sign arbitrary cookie data. After passing this signature ch...

Apache Struts 2 REST Plugin XStream RCE Exploit

Disclosed: September 05, 2017

Apache Struts versions 2.1.2 - 2.3.33 and Struts 2.5 - Struts 2.5.12, using the REST plugin, are vulnerable to a Java deserialization attack in the XStream library.

Mako Server v2.5, 2.6 OS Command Injection RCE Exploit

Disclosed: September 03, 2017

This module exploits a vulnerability found in Mako Server v2.5, 2.6. It's possible to inject arbitrary OS commands in the Mako Server tutorial page through a PUT request to save.lsp. Attacker input will be saved on the victims machine and can be executed by sending a GET request to manage.lsp.

Open WAN-to-LAN proxy on AT&T routers Exploit

Disclosed: August 31, 2017

The Arris NVG589 and NVG599 routers configured with AT&T U-verse firmware 9.2.2h0d83 expose an un-authenticated proxy that allows connecting from WAN to LAN by MAC address.

IBM Notes encodeURI DOS Exploit

Disclosed: August 31, 2017

This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes. If successful, it could cause the Notes client to hang and have to be restarted.

Android 'su' Privilege Escalation Exploit

Disclosed: August 31, 2017

This module uses the su binary present on rooted devices to run a payload as root. A rooted Android device will contain a su binary (often linked with an application) that allows the user to run commands as root. This module will use the su binary to execute a command stager as root. The command...