Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.

Displaying module details 41 - 50 of 3533 in total

VICIdial user_authorization Unauthenticated Command Execution Exploit

Disclosed: May 26, 2017

This module exploits a vulnerability in VICIdial versions 2.9 RC 1 to 2.13 RC1 which allows unauthenticated users to execute arbitrary operating system commands as the web server user if password encryption is enabled (disabled by default). When password encryption is enabled the user's password s...

Octopus Deploy Authenticated Code Execution Exploit

Disclosed: May 15, 2017

This module can be used to execute a payload on an Octopus Deploy server given valid credentials or an API key. The payload is executed as a powershell script step on the Octopus Deploy server during a deployment.

Windows UAC Protection Bypass (Via FodHelper Registry Key) Exploit

Disclosed: May 12, 2017

This module will bypass Windows 10 UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows fodhelper.exe application is launched. It will spawn a second shell that has the UAC flag turned off. This module modifies a ...

Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free Exploit

Disclosed: May 10, 2017

This module exploits a use-after-free vulnerability in the handling of SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for Windows. When SSL is re-established on a NDMP connection that previously has had SSL established, the BIO struct for the connection's previous SSL session is reused, even though it...

Intel AMT Digest Authentication Bypass Scanner Exploit

Disclosed: May 05, 2017

This module scans for Intel Active Management Technology endpoints and attempts to bypass authentication using a blank HTTP digest (CVE-2017-5689). This service can be found on ports 16992, 16993 (tls), 623, and 624 (tls).

Serviio Media Server checkStreamUrl Command Execution Exploit

Disclosed: May 03, 2017

This module exploits an unauthenticated remote command execution vulnerability in the console component of Serviio Media Server versions 1.4 to 1.8 on Windows operating systems. The console service (on port 23423 by default) exposes a REST API which which does not require authentication. The 'action' API...

WordPress PHPMailer Host Header Command Injection Exploit

Disclosed: May 03, 2017

This module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability. Additionally, due to the altered Host header, expl...

Crypttech CryptoLog Remote Code Execution Exploit

Disclosed: May 03, 2017

This module exploits a SQL injection and command injection vulnerability in the PHP version of CryptoLog. An unauthenticated user can execute a terminal command under the context of the web user. These vulnerabilities are no longer present in the ASP.NET version CryptoLog, available since 2009. CryptoLog's login.php endp...

Ghostscript Type Confusion Arbitrary Command Execution Exploit

Disclosed: April 27, 2017

This module exploits a type confusion vulnerability in Ghostscript that can be exploited to obtain arbitrary command execution. This vulnerability affects Ghostscript version 9.21 and earlier and can be exploited through libraries such as ImageMagick and Pillow.

Symantec Messaging Gateway Remote Code Execution Exploit

Disclosed: April 26, 2017

This module exploits the command injection vulnerability of Symantec Messaging Gateway product. An authenticated user can execute a terminal command under the context of the web server user which is root. backupNow.do endpoint takes several user inputs and then pass them to the internal service which is responsible for executing...