MongoDB: Exploit on the net, Metasploit in the making - Update
An exploit has been published for 10gen's open source NoSQL database MongoDB. The discoverer of the hole, who goes by the name "agixid", says a Metasploit module will be coming soon. The exploit has been tested with 32-bit systems running the somewhat older but still supported MongoDB 2.2.3; the discoverer is working on a 64-bit exploit. The recently released latest branch of MongoDB – 2.4 – is not affected by the exploit.
Update - Agixid contacted The H and says that the issue is not a buffer overflow, simply an abuse of a function pointer.