infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

automatic module_metadata_base.json update

GSoC/Meterpreter_Web_Console
Metasploit 2019-02-20 05:59:43 -08:00
parent bf3256a64a
commit 3a346fbb98
No known key found for this signature in database
GPG Key ID: CDFB5FA52007B954
1 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
db/modules_metadata_base.json
View File

@ -117961,6 +117961,44 @@
"notes": {
}
},
"exploit_windows/nuuo/nuuo_cms_fu": {
"name": "Nuuo Central Management Server Authenticated Arbitrary File Upload",
"full_name": "exploit/windows/nuuo/nuuo_cms_fu",
"rank": 0,
"disclosure_date": "2018-10-11",
"type": "exploit",
"author": [
"Pedro Ribeiro <pedrib@gmail.com>"
],
"description": "The COMMITCONFIG verb is used by a CMS client to upload and modify the configuration of the\n CMS Server.\n The vulnerability is in the \"FileName\" parameter, which accepts directory traversal (..\\..\\)\n characters. Therefore, this function can be abused to overwrite any files in the installation\n drive of CMS Server.\n\n This vulnerability is exploitable in CMS versions up to and including v2.4.\n\n This module will either use a provided session number (which can be guessed with an auxiliary\n module) or attempt to login using a provided username and password - it will also try the\n default credentials if nothing is provided.\n\n This module will overwrite the LicenseTool.dll file in the CMS Server installation. If the module\n fails to restore LicenseTool.dll then the installation will be corrupted and NCS Server will\n not execute successfully.",
"references": [
"CVE-2018-17936",
"URL-https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02",
"URL-https://seclists.org/fulldisclosure/2019/Jan/51",
"URL-https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-cms-ownage.txt"
],
"platform": "Windows",
"arch": "x86",
"rport": 5180,
"autofilter_ports": [
],
"autofilter_services": [
],
"targets": [
"Nuuo Central Management Server <= v2.4.0"
],
"mod_time": "2019-02-19 05:48:54 +0000",
"path": "/modules/exploits/windows/nuuo/nuuo_cms_fu.rb",
"is_install_path": true,
"ref_name": "windows/nuuo/nuuo_cms_fu",
"check": false,
"post_auth": false,
"default_credential": false,
"notes": {
}
},
"exploit_windows/oracle/client_system_analyzer_upload": {
"name": "Oracle Database Client System Analyzer Arbitrary File Upload",
"full_name": "exploit/windows/oracle/client_system_analyzer_upload",