Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.

Displaying module details 71 - 80 of 3795 in total

AsusWRT LAN Unauthenticated Remote Code Execution Exploit

Disclosed: January 22, 2018

The HTTP server in AsusWRT has a flaw where it allows an unauthenticated client to perform a POST in certain cases. This can be combined with another vulnerability in the VPN configuration upload routine that sets NVRAM configuration variables directly from the POST request to enable a special command mode. This command m...

CloudMe Sync v1.10.9 Exploit

Disclosed: January 17, 2018

This module exploits a stack-based buffer overflow vulnerability in CloudMe Sync v1.10.9 client application. This module has been tested successfully on Windows 7 SP1 x86.

glibc 'realpath()' Privilege Escalation Exploit

Disclosed: January 16, 2018

This module attempts to gain root privileges on Linux systems by abusing a vulnerability in GNU C Library (glibc) version 2.26 and prior. This module uses halfdog's RationalLove exploit to exploit a buffer underflow in glibc realpath() and create a SUID root shell. The exploit has offsets for glibc versions 2.23-...

GitStack Unauthenticated REST API Requests Exploit

Disclosed: January 15, 2018

This modules exploits unauthenticated REST API requests in GitStack through v2.3.10. The module supports requests for listing users of the application and listing available repositories. Additionally, the module can create a user and add the user to the application's repositories. This module has been tested against GitSt...

GitStack Unsanitized Argument RCE Exploit

Disclosed: January 15, 2018

This module exploits a remote code execution vulnerability that exists in GitStack through v2.3.10, caused by an unsanitized argument being passed to an exec function call. This module has been tested on GitStack v2.3.10.

Windows UAC Protection Bypass (Via Slui File Handler Hijack) Exploit

Disclosed: January 15, 2018

This module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under the Current User hive, and inserting a custom command that will get invoked when any binary (.exe) application is launched. But slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking. When we run sl...

GoAhead Web Server LD_PRELOAD Arbitrary Module Load Exploit

Disclosed: December 18, 2017

This module triggers an arbitrary shared library load vulnerability in GoAhead web server versions between 2.5 and that have the CGI module enabled.

Monstra CMS Authenticated Arbitrary File Upload Exploit

Disclosed: December 18, 2017

MonstraCMS 3.0.4 allows users to upload Arbitrary files which leads to remote command execution on the remote server. An attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This module was tested against MonstraCMS 3.0.4.

Cambium ePMP1000 'get_chart' Shell via Command Injection (v3.1-3.5-RC7) Exploit

Disclosed: December 18, 2017

This module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to set up a reverse netcat shell. The module has been tested on versions 3.1-3.5-RC7.

Linksys WVBR0-25 User-Agent Command Execution Exploit

Disclosed: December 13, 2017

The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless Genie cable boxes to the Genie DVR, is vulnerable to OS command injection in version < 1.0.41 of the web management portal via the User-Agent header. Authentication is not required to exploit this vulnerability.