Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.

Displaying module details 21 - 30 of 3463 in total

MantisBT password reset Exploit

Disclosed: April 16, 2017

MantisBT before 1.3.10, 2.2.4, and 2.3.1 are vulnerable to unauthenticated password reset.

Huawei HG532n Command Injection Exploit

Disclosed: April 15, 2017

This module exploits a command injection vulnerability in the Huawei HG532n routers provided by TE-Data Egypt, leading to a root shell. The router's web interface has two kinds of logins, a "limited" user:user login given to all customers and an admin mode. The limited mode is used here to expose the router's tel...

Microsoft Office Word Malicious Hta Execution Exploit

Disclosed: April 14, 2017

This module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how a olelink object can make a http(s) request, and execute hta code in response. This bug was originally seen being exploited in the wild starting in Oct 201...

Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution Exploit

Disclosed: April 10, 2017

This module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot (CVE-2016-7552). The second is a cmdi flaw using the timezone parameter in the admin_s...

Quest Privilege Manager pmmasterd Buffer Overflow Exploit

Disclosed: April 09, 2017

This modules exploits a buffer overflow in the Quest Privilege Manager, a software used to integrate Active Directory with Linux and Unix systems. The vulnerability exists in the pmmasterd daemon, and can only triggered when the host has been configured as a policy server ( Privilege Manager for Unix or Quest Sudo...

Satel Iberia SenNet Data Logger and Electricity Meters Command Injection Vulnerability Exploit

Disclosed: April 07, 2017

This module exploits an OS Command Injection vulnerability in Satel Iberia SenNet Data Loggers & Electricity Meters to perform arbitrary command execution as 'root'.

MediaWiki SyntaxHighlight extension option injection vulnerability Exploit

Disclosed: April 06, 2017

This module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create & execute a PHP file in the document root. The USERNAME & PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki installation with SyntaxHighlig...

Microsoft IIS WebDav ScStoragePathFromUrl Overflow Exploit

Disclosed: March 26, 2017

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wi...

Samba is_known_pipename() Arbitrary Module Load Exploit

Disclosed: March 24, 2017

This module triggers an arbitrary shared library load vulnerability in Samba versions 3.5.0 to 4.4.14, 4.5.10, and 4.6.4. This module requires valid credentials, a writeable folder in an accessible share, and knowledge of the server-side path of the writeable folder. In some cases, anonymous access combined with c...

Razer Synapse rzpnk.sys ZwOpenProcess Exploit

Disclosed: March 22, 2017

A vulnerability exists in the latest version of Razer Synapse (v2.20.15.1104 as of the day of disclosure) which can be leveraged locally by a malicious application to elevate its privileges to those of NT_AUTHORITY\SYSTEM. The vulnerability lies in a specific IOCTL handler in the rzpnk.sys driver that passes a PID...