infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Title enhancement, OSVDB refs

bug/bundler_fix
Darius Freamon 2015-04-28 15:56:34 -06:00
parent 1a7a5c2977
commit c01fc829ab
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/exploits/windows/antivirus/symantec_endpoint_manager_rce.rb
View File

@ -15,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {})
super(update_info(info,
'Name' => 'Symantec Endpoint Protection Manager Remote Command Execution',
'Name' => 'Symantec Endpoint Protection Manager /servlet/ConsoleServlet Remote Command Execution',
'Description' => %q{
This module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager
versions 11.0, 12.0 and 12.1. When supplying a specially crafted XML external entity (XXE) request an attacker
@ -35,6 +35,8 @@ class Metasploit3 < Msf::Exploit::Remote
[ 'CVE', '2013-5014' ],
[ 'CVE', '2013-5015' ],
[ 'EDB', '31853'],
[ 'OSVDB', '103305'],
[ 'OSVDB', '103306'],
[ 'URL', 'https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140218-0_Symantec_Endpoint_Protection_Multiple_critical_vulnerabilities_wo_poc_v10.txt' ]
],
'Arch' => ARCH_X86,