Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.

Displaying module details 51 - 60 of 3826 in total

Windows SetImeInfoEx Win32k NULL Pointer Dereference Exploit

Disclosed: May 09, 2018

This module exploits elevation of privilege vulnerability that exists in Windows 7 and 2008 R2 when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete ...

Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability Exploit

Disclosed: May 08, 2018

This module exploits a vulnerability in a statement in the system programming guide of the Intel 64 and IA-32 architectures software developer's manual being mishandled in various operating system kerneles, resulting in unexpected behavior for #DB excpetions that are deferred by MOV SS or POP SS. This module will...

LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator Exploit

Disclosed: May 01, 2018

Generates a Malicious ODT File which can be used with auxiliary/server/capture/smb or similar to capture hashes.

osCommerce Installer Unauthenticated Code Execution Exploit

Disclosed: April 30, 2018

If the /install/ directory was not removed, it is possible for an unauthenticated attacker to run the "install_4.php" script, which will create the configuration file for the installation. This allows the attacker to inject PHP code into the configuration file and execute it.

GitList v0.6.0 Argument Injection Vulnerability Exploit

Disclosed: April 26, 2018

This module exploits an argument injection vulnerability in GitList v0.6.0. The vulnerability arises from GitList improperly validating input using the php function 'escapeshellarg'.

Foxit PDF Reader Pointer Overwrite UAF Exploit

Disclosed: April 20, 2018

Foxit PDF Reader v9.0.1.1049 has a Use-After-Free vulnerability in the Text Annotations component and the TypedArray's use uninitialized pointers. The vulnerabilities can be combined to leak a vtable memory address, which can be adjusted to point to the base address of the executable. A ROP chain can be c...

Oracle Weblogic Server Deserialization RCE Exploit

Disclosed: April 17, 2018

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object to the interface to execute code on vulnerable hosts.

Nagios XI Chained Remote Code Execution Exploit

Disclosed: April 17, 2018

This module exploits a few different vulnerabilities in Nagios XI 5.2.6-5.4.12 to gain remote root access. The steps are: 1. Issue a POST request to /nagiosql/admin/settings.php which sets the database user to root. 2. SQLi on /nagiosql/admin/helpedit.php allows us to enumerate API keys. 3. The API keys are ...

Metasploit msfd Remote Code Execution via Browser Exploit

Disclosed: April 11, 2018

Metasploit's msfd-service makes it possible to get a msfconsole-like interface over a TCP socket. This module connects to the msfd-socket through the victim's browser. To execute msfconsole-commands in JavaScript from a web application, this module places the payload in the POST-data. These POST-requests can be sen...

Metasploit msfd Remote Code Execution Exploit

Disclosed: April 11, 2018

Metasploit's msfd-service makes it possible to get a msfconsole-like interface over a TCP socket. If this socket is accessible on a remote interface, an attacker can execute commands on the victim's machine. If msfd is running with higher privileges than the current local user, this module can also be used for privilege ...