Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 21 - 30 of 3438 in total

Disk Sorter Enterprise GET Buffer Overflow Exploit

Disclosed: March 15, 2017

This module exploits a stack-based buffer overflow vulnerability in the web interface of Disk Sorter Enterprise v9.5.12, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This module has been tested successfully on Windows 7 SP1 x86.

Github Enterprise Default Session Secret And Deserialization Vulnerability Exploit

Disclosed: March 15, 2017

This module exploits two security issues in Github Enterprise, version 2.8.0 - 2.8.6. The first is that the session management uses a hard-coded secret value, which can be abused to sign a serialized malicious Ruby object. The second problem is due to the use of unsafe deserialization, which allows the malicious Ruby obje...

Sync Breeze Enterprise GET Buffer Overflow Exploit

Disclosed: March 15, 2017

This module exploits a stack-based buffer overflow vulnerability in the web interface of Sync Breeze Enterprise v9.4.28, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This module has been tested successfully on Windows 7 SP1 x86.

Dup Scout Enterprise GET Buffer Overflow Exploit

Disclosed: March 15, 2017

This module exploits a stack-based buffer overflow vulnerability in the web interface of Dup Scout Enterprise v9.5.14, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This module has been tested successfully on Windows 7 SP1 x86.

MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption Exploit

Disclosed: March 14, 2017

This module is a port of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memmove operation in Srv!SrvOs2FeaToNt. The size is calculated in Srv!SrvOs2FeaListSizeToNt, with mathematical error where a DWORD is subtracted into a WORD. The ke...

dnaLIMS Admin Module Command Execution Exploit

Disclosed: March 08, 2017

This module utilizes an administrative module which allows for command execution. This page is completely unprotected from any authentication when given a POST request.

DnaLIMS Directory Traversal Exploit

Disclosed: March 08, 2017

This module exploits a directory traversal vulnerability found in dnaLIMS. Due to the way the viewAppletFsa.cgi script handles the 'secID' parameter, it is possible to read a file outside the www directory.

Apache Struts Jakarta Multipart Parser OGNL Injection Exploit

Disclosed: March 07, 2017

This module exploits a remote code execution vunlerability in Apache Struts version 2.3.5 - 2.3.31, and 2.5 - 2.5.10. Remote Code Execution can be performed via http Content-Type header. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, whic...

Easy File Sharing FTP Server 3.6 Directory Traversal Exploit

Disclosed: March 07, 2017

This module exploits a directory traversal vulnerability found in Easy File Sharing FTP Server Version 3.6 and Earlier. This vulnerability allows an attacker to download arbitrary files from the server by crafting a RETR command that includes file system traversal strings such as '../'

DC/OS Marathon UI Docker Exploit Exploit

Disclosed: March 03, 2017

Utilizing the DCOS Cluster's Marathon UI, an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to ed...