Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 21 - 30 of 3533 in total

Unitrends UEB bpserverd authentication bypass RCE Exploit

Disclosed: August 08, 2017

It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.

Unitrends UEB 9 http api/storage remote root Exploit

Disclosed: August 08, 2017

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.

QNAP Transcode Server Command Execution Exploit

Disclosed: August 06, 2017

This module exploits an unauthenticated remote command injection vulnerability in QNAP NAS devices. The transcoding server listens on port 9251 by default and is vulnerable to command injection using the 'rmfile' command. This module was tested successfully on a QNAP TS-431 with firmware version 4.3.3.026...

SMBLoris NBSS Denial of Service Exploit

Disclosed: July 29, 2017

The SMBLoris attack consumes large chunks of memory in the target by sending SMB requests with the NetBios Session Service(NBSS) Length Header value set to the maximum possible value. By keeping these connections open and initiating large numbers of these sessions, the memory does not get freed, and the server gri...

PlugX Controller Stack Overflow Exploit

Disclosed: July 27, 2017

This module exploits a Stack buffer overflow in the PlugX Controller (C2 server)

Gh0st Client buffer Overflow Exploit

Disclosed: July 27, 2017

This module exploits a Memory buffer overflow in the Gh0st client (C2 server)

Rancher Server - Docker Exploit Exploit

Disclosed: July 27, 2017

Utilizing Rancher Server, an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to edit/create files ...

Docker Daemon - Unprotected TCP Socket Exploit Exploit

Disclosed: July 25, 2017

Utilizing Docker via unprotected tcp socket (2375/tcp, maybe 2376/tcp with tls but without tls-auth), an attacker can create a Docker container with the '/' path mounted with read/write permissions on the host server that is running the Docker container. As the Docker container executes command as uid 0 it is hono...

Nitro Pro PDF Reader 11.0.3.173 Javascript API Remote Code Execution Exploit

Disclosed: July 24, 2017

This module exploits an unsafe Javascript API implemented in Nitro and Nitro Pro PDF Reader version 11. The saveAs() Javascript API function allows for writing arbitrary files to the file system. Additionally, the launchURL() function allows an attacker to execute local files on the file system and bypass the securi...

Supervisor XML-RPC Authenticated Remote Code Execution Exploit

Disclosed: July 19, 2017

This module exploits a vulnerability in the Supervisor process control software, where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this ...