Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 31 - 40 of 3787 in total

MicroFocus Secure Messaging Gateway Remote Code Execution Exploit

Disclosed: June 19, 2018

This module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application without input validation and/or parameter bindin...

Axis Network Camera .srv to parhand RCE Exploit

Disclosed: June 18, 2018

This module exploits an auth bypass in .srv functionality and a command injection in parhand to execute code as the root user.

Cisco ASA Directory Traversal Exploit

Disclosed: June 06, 2018

This module exploits a directory traversal vulnerability in Cisco's Adaptive Security Appliance (ASA) software and Firepower Threat Defense (FTD) software. It lists the contents of Cisco's VPN web service which includes directories, files, and currently logged in users.

WebKitGTK+ WebKitFaviconDatabase DoS Exploit

Disclosed: June 03, 2018

This module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If successful, it could lead to application crash, resulting in denial of service.

Quest KACE Systems Management Command Injection Exploit

Disclosed: May 31, 2018

This module exploits a command injection vulnerability in Quest KACE Systems Management Appliance version 8.0.318 (and possibly prior). The `download_agent_installer.php` file allows unauthenticated users to execute arbitrary commands as the web server user `www`. A valid Organization ID is required. The default...

Dolibarr Gather Credentials via SQL Injection Exploit

Disclosed: May 30, 2018

This module enables an authenticated user to collect the usernames and encrypted passwords of other users in the Dolibarr ERP/CRM via SQL injection.

IBM QRadar SIEM Unauthenticated Remote Code Execution Exploit

Disclosed: May 28, 2018

IBM QRadar SIEM has three vulnerabilities in the Forensics web application that when chained together allow an attacker to achieve unauthenticated remote code execution. The first stage bypasses authentication by fixating session cookies. The second stage uses those authenticated sessions cookies to write a file to disk ...

VLC Media Player MKV Use After Free Exploit

Disclosed: May 24, 2018

This module exploits a use after free vulnerability in VideoLAN VLC =< 2.2.8. The vulnerability exists in the parsing of MKV files and affects both 32 bits and 64 bits. In order to exploit this, this module will generate two files: The first .mkv file contains the main vulnerability and heap spray, the ...

DHCP Client Command Injection (DynoRoot) Exploit

Disclosed: May 15, 2018

This module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could u...

Windows SetImeInfoEx Win32k NULL Pointer Dereference Exploit

Disclosed: May 09, 2018

This module exploits elevation of privilege vulnerability that exists in Windows 7 and 2008 R2 when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete ...