Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 21 - 30 of 3795 in total

Hashicorp Consul Remote Command Execution via Services API Exploit

Disclosed: August 11, 2018

This module exploits Hashicorp Consul's services API to gain remote command execution on Consul nodes.

Hashicorp Consul Remote Command Execution via Rexec Exploit

Disclosed: August 11, 2018

This module exploits a feature of Hashicorp Consul named rexec.

Windows unmarshal post exploitation Exploit

Disclosed: August 05, 2018

This module exploits a local privilege escalation bug which exists in microsoft COM for windows when it fails to properly handle serialized objects.

cgit Directory Traversal Exploit

Disclosed: August 03, 2018

This module exploits a directory traversal vulnerability which exists in cgit < 1.2.1 cgit_clone_objects(), reachable when the configuration flag enable-http-clone is set to 1 (default).

Network Manager VPNC Username Privilege Escalation Exploit

Disclosed: July 26, 2018

This module exploits an injection vulnerability in the Network Manager VPNC plugin to gain root privileges. This module uses a new line injection vulnerability in the configured username for a VPN network connection to inject a `Password helper` configuration directive into the connection configuration. ...

Eaton Xpert Meter SSH Private Key Exposure Scanner Exploit

Disclosed: July 18, 2018

Eaton Power Xpert Meters running firmware below version 12.x.x.x or below version 13.3.x.x ship with a public/private key pair that facilitate remote administrative access to the devices. Tested on: Firmware 12.1.9.1 and 13.3.2.10.

Dicoogle PACS Web Server Directory Traversal Exploit

Disclosed: July 11, 2018

This module exploits an unauthenticated directory traversal vulnerability in the Dicoogle PACS Web Server v2.5.0 and possibly earlier, allowing an attacker to read arbitrary files with the web server privileges. While the application is java based, the directory traversal was only successful against Windows targets.

QNAP Q'Center change_passwd Command Execution Exploit

Disclosed: July 11, 2018

This module exploits a command injection vulnerability in the `change_passwd` API method within the web interface of QNAP Q'Center virtual appliance versions prior to 1.7.1083. The vulnerability allows the 'admin' privileged user account to execute arbitrary commands as the 'admin' operating system user. ...

CMS Made Simple Authenticated RCE via File Upload/Copy Exploit

Disclosed: July 03, 2018

CMS Made Simple allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory. This module has been successfully tested on CMS Made Simple versions 2.2.5 and 2.2.7.

Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow Exploit

Disclosed: July 02, 2018

This module exploits a stack based buffer overflow in Delta Electronics Delta Industrial Automation COMMGR 1.08. The vulnerability exists in COMMGR.exe when handling specially crafted packets. This module has been tested successfully on Delta Electronics Delta Industrial Automation COMMGR 1.08 over Windows XP SP...