Commit Graph

19961 Commits (007b3de06dcd066e0ddf3deffb7470f32f91b524)

Author SHA1 Message Date
sinn3r 202b31d869 Better fix based on feedback
Tell daddy how you want it.
2013-08-20 12:52:04 -05:00
jvazquez-r7 6cf0cc78e9 Land #2261, @CharlieEriksen's exploit for CVE-2013-5093 2013-08-20 12:03:00 -05:00
jvazquez-r7 42f774a064 Fix check method 2013-08-20 12:02:09 -05:00
Charlie Eriksen 533d98bd1b Adding module for CVE 2013-5093, Graphite Web Exploit 2013-08-20 12:56:30 -04:00
jvazquez-r7 546c523ed8 Land #2252, @wchen-r7's patch for print_line vs print 2013-08-20 11:17:38 -05:00
jvazquez-r7 8adc4f05dd Land #2250, @wchen-r7's clean up for mssql_ping 2013-08-20 10:38:01 -05:00
jvazquez-r7 586ae8ded3 Land #2249, @wchen-r7's patch for [SeeRM #8314] 2013-08-20 10:32:47 -05:00
jvazquez-r7 277fc69a19 Land #2246, @wchen-r7's patch for [SeeRM #8313] 2013-08-20 10:15:15 -05:00
sinn3r f148eb4715 Land #2255 - Fix fail_with() 2013-08-20 01:28:21 -05:00
sinn3r 7e1a14ff08 Land #2254 - Fix TypeError can't convert nil into String
This fixes TypeError can't convert nil into String errors.
2013-08-20 01:25:09 -05:00
sinn3r f68d581b7a [FixRM #8319] - Properly disable BLANK_PASSWORDS for ektron_cms400net
In module ektron_cms400net.rb, datastore option "BLANK_PASSWORDS" is
set to false by default, because according to the original author, a
blank password will result in account lockouts. Since the user should
never set "BLANK_PASSWORDS" to true, this option should never be
presented as an option (when issuing the "show options").

While fixing #8319, I also noticed another bug at line 108, where
res.code is used when res could be nil due to a timeout, so I ended
up fixing it, too.
2013-08-20 01:20:52 -05:00
jvazquez-r7 4790d8de50 Land #2256, @wchen-r7's patch for [FixRM #8316] 2013-08-19 23:23:57 -05:00
sinn3r 246c2d82f9 [FixRM #8318] - Use normalize_uri properly
normalize_uri should be used when paths are being merged, not after.
2013-08-19 18:04:12 -05:00
sinn3r 3c27520e10 [FixRM #8317] - Fix possible double slash in file path
It is possible to have a double slash in the base path, shouldn't
happen.
2013-08-19 17:55:14 -05:00
sinn3r 268a3e769e Missed this one 2013-08-19 17:45:05 -05:00
sinn3r 5366453031 [FixRM #8316] - Escape characters correctly
dots need to be escaped
2013-08-19 16:51:19 -05:00
jvazquez-r7 9d53ff43a0 Land #2253, @wchen-r7's patch to fix emails format 2013-08-19 16:50:59 -05:00
jvazquez-r7 491ea81acf Fix calls to fail_with from mixins 2013-08-19 16:42:52 -05:00
sinn3r 7fc37231e0 Fix email format
Correct email format
2013-08-19 16:34:14 -05:00
jvazquez-r7 7e37130837 Patch for [SeeRM #8315] 2013-08-19 16:34:02 -05:00
sinn3r a8ca32ab34 Oh yeah, need to do this too 2013-08-19 16:28:58 -05:00
sinn3r 154b1e8888 Remove comments 2013-08-19 16:27:35 -05:00
sinn3r cf10a0ca91 Use print_line instead of print
These modules should be using print_line instead of print
2013-08-19 16:25:44 -05:00
sinn3r 8eb9266bff Use the correct var 2013-08-19 16:19:03 -05:00
sinn3r 58d5cf6faa Module should use OptRegexp for regex pattern option
Instead of using OptString, OptRegexp should be used because this
datastore option is a regex pattern.
2013-08-19 16:16:34 -05:00
sinn3r 8c03e905de Get rid of function that's never used
RPORT datastore option is deregistered, and is never used anywhere
in the module, so I don't why we need this rport() function here.
2013-08-19 16:09:10 -05:00
Brandon Turner a815d9277e Merge pull request #2245 from todb-r7/grammar-and-such
Trivial grammar and word choice fixes for modules
2013-08-19 13:45:18 -07:00
jvazquez-r7 809b42984e Land @2243, @wchen-r7's patch for [SeeRM #8312] 2013-08-19 15:40:24 -05:00
sinn3r 17b5e57280 Typo 2013-08-19 15:32:19 -05:00
sinn3r fb5ded1472 [FixRM #8314] - Use OptPath instead of OptString
These modules need to use OptPath to make sure the path is validated.
2013-08-19 15:30:33 -05:00
sinn3r 2e74c50880 [SeeRM #8313] - Print where files are stored
As an user, I want to be able to see where my file is stored when the
module I'm using runs a store_loot().
2013-08-19 15:02:15 -05:00
sinn3r d0b56e1650 Use the correct variable 2013-08-19 14:38:40 -05:00
sinn3r d89932bfd8 Use the correct variable 2013-08-19 14:33:01 -05:00
Tod Beardsley ca313806ae Trivial grammar and word choice fixes for modules 2013-08-19 13:24:42 -05:00
sinn3r 4cef4e88a6 If exception hits, make sure it's closed. 2013-08-19 13:21:53 -05:00
sinn3r 11ef366818 Properly close hashlist 2013-08-19 13:14:13 -05:00
sinn3r 89d4f0180d Make sure we close hashlist 2013-08-19 12:54:27 -05:00
jvazquez-r7 0af2f1c611 Land #2234, @ndavis-r7's patch for [SeeRM #8296] 2013-08-19 09:48:59 -05:00
sinn3r abaec32ad6 What Luke said.
"You cannot, in general, place a variable declaration in a begin
scope and use it in the ensure scope unless you use nil?. It is
better to swap line 35 and line 34."
2013-08-18 23:54:04 -05:00
sinn3r 86d6bce8c4 [FixRM #8312] - Fix file handle leaks
Fix file handle leaks for [SeeRM #8312]
2013-08-18 20:31:13 -05:00
sinn3r 6191023b67 Land #2241 - Fix undefined method `text' for nil:NilClass 2013-08-18 17:44:15 -05:00
Nicholas Davis 559dfb5a7e Fix for bug #8297
Fixed getting the policy_hash_list which can fail if elements are null
[SeeRM #89297]
2013-08-18 14:49:44 -07:00
William Vu 9467297bf7 Land #2239, OSVDB refs for Chasys and OpenX 2013-08-18 13:41:21 -06:00
Steve Tornio abd4fb778f add osvdb ref for chasys overflow 2013-08-18 06:35:28 -05:00
Steve Tornio 0037ccceed add osvdb ref for openx backdoor 2013-08-18 06:34:50 -05:00
jvazquez-r7 c5d426fc70 Land #2235, @wchen-r7's patch for [SeeRM #6264] 2013-08-17 10:05:41 -05:00
sinn3r 790654ac1b Land #2236 - Cogent DataHub HTTP Server Buffer Overflow 2013-08-16 23:28:50 -05:00
sinn3r a75a4906f2 Description update 2013-08-16 23:28:24 -05:00
sinn3r 780293d817 Minor changes 2013-08-16 23:24:40 -05:00
jvazquez-r7 a8cc15db20 Add module for ZDI-13-178 2013-08-16 18:13:18 -05:00