infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Title enhancement, OSVDB refs

bug/bundler_fix
Darius Freamon 2015-04-28 15:56:34 -06:00
parent 1a7a5c2977
commit c01fc829ab
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/exploits/windows/antivirus/symantec_endpoint_manager_rce.rb
View File

@ -15,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'Symantec Endpoint Protection Manager Remote Command Execution', 'Name' => 'Symantec Endpoint Protection Manager /servlet/ConsoleServlet Remote Command Execution',
'Description' => %q{ 'Description' => %q{
This module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager This module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager
versions 11.0, 12.0 and 12.1. When supplying a specially crafted XML external entity (XXE) request an attacker versions 11.0, 12.0 and 12.1. When supplying a specially crafted XML external entity (XXE) request an attacker
@ -35,6 +35,8 @@ class Metasploit3 < Msf::Exploit::Remote
[ 'CVE', '2013-5014' ], [ 'CVE', '2013-5014' ],
[ 'CVE', '2013-5015' ], [ 'CVE', '2013-5015' ],
[ 'EDB', '31853'], [ 'EDB', '31853'],
[ 'OSVDB', '103305'],
[ 'OSVDB', '103306'],
[ 'URL', 'https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140218-0_Symantec_Endpoint_Protection_Multiple_critical_vulnerabilities_wo_poc_v10.txt' ] [ 'URL', 'https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140218-0_Symantec_Endpoint_Protection_Multiple_critical_vulnerabilities_wo_poc_v10.txt' ]
], ],
'Arch' => ARCH_X86, 'Arch' => ARCH_X86,