Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 141 - 150 of 3851 in total

Disk Pulse Enterprise GET Buffer Overflow Exploit

Disclosed: August 25, 2017

This module exploits an SEH buffer overflow in Disk Pulse Enterprise 9.9.16. If a malicious user sends a crafted HTTP GET request it is possible to execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account.

HP iLO 4 1.00-2.50 Authentication Bypass Administrator Account Creation Exploit

Disclosed: August 24, 2017

This module exploits an authentication bypass in HP iLO 4 1.00 to 2.50, triggered by a buffer overflow in the Connection HTTP header handling by the web server. Exploiting this vulnerability gives full access to the REST API, allowing arbitrary accounts creation.

Malicious Git HTTP Server For CVE-2017-1000117 Exploit

Disclosed: August 10, 2017

This module exploits CVE-2017-1000117, which affects Git version 2.7.5 and lower. A submodule of the form 'ssh://' can be passed parameters from the username incorrectly. This can be used to inject commands to the operating system when the submodule is cloned. This module creates a fake git repository whi...

Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation Exploit

Disclosed: August 10, 2017

This module attempts to gain root privileges on Linux systems by abusing UDP Fragmentation Offload (UFO). This exploit targets only systems using Ubuntu (Trusty / Xenial) kernels 4.4.0-21 <= 4.4.0-89 and 4.8.0-34 <= 4.8.0-58, including Linux distros based on Ubuntu, such as Linux Mint. The target system ...

DIR-850L (Un)authenticated OS Command Exec Exploit

Disclosed: August 09, 2017

This module leverages an unauthenticated credential disclosure vulnerability to then execute arbitrary commands on DIR-850L routers as an authenticated user. Unable to use Meterpreter payloads.

Unitrends UEB bpserverd authentication bypass RCE Exploit

Disclosed: August 08, 2017

It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.

Unitrends UEB http api remote code execution Exploit

Disclosed: August 08, 2017

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. UEB v9 runs the ap...

QNAP Transcode Server Command Execution Exploit

Disclosed: August 06, 2017

This module exploits an unauthenticated remote command injection vulnerability in QNAP NAS devices. The transcoding server listens on port 9251 by default and is vulnerable to command injection using the 'rmfile' command. This module was tested successfully on a QNAP TS-431 with firmware version 4.3.3.026...

Western Digital MyCloud multi_uploadify File Upload Vulnerability Exploit

Disclosed: July 29, 2017

This module exploits a file upload vulnerability found in Western Digital's MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multi_uploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file sy...

Gh0st Client buffer Overflow Exploit

Disclosed: July 27, 2017

This module exploits a Memory buffer overflow in the Gh0st client (C2 server)