32fa8bdfcf
Fixed typo in Stefan's last name
2012-07-11 14:53:26 +10:00
61ec07a10c
additional targets, meterpreter, bugfixes
2012-07-10 13:33:28 -04:00
06974cbc43
This bug is now patched
2012-07-10 12:28:46 -05:00
4af75ff7ed
Added module for CVE-2011-4542
2012-07-10 18:40:18 +02:00
6f97b330e7
Merge branch 'LittleLightLittleFire-module-cve-2012-1723'
2012-07-10 00:50:31 -05:00
5b7d1f17c0
Correct juan's name and comments
2012-07-10 00:43:46 -05:00
54576a9bbd
Last touch-up
...
The contents of this pull request are very similar to what the msf
dev had in private, so everybody is credited for the effort.
2012-07-10 00:37:07 -05:00
c532d4307a
Use the right failure reason
2012-07-10 00:26:14 -05:00
e9ac90f7b0
added CVE-2012-1723
2012-07-10 12:20:37 +10:00
73fcf73419
Added module for CVE-2011-2657
2012-07-09 18:03:16 +02:00
6d6b4bfa92
Merge remote branch 'rapid7/master' into omg-post-exploits
2012-07-08 17:32:39 -06:00
44290c2c89
add osvdb ref
2012-07-07 08:40:25 -05:00
70c718a5ed
Fix indent level
2012-07-06 12:44:03 -05:00
24c57b61a8
Add juan as an author too for improving the module a lot
2012-07-06 10:41:06 -05:00
9fecc80459
User of TARGETURI plus improve of description
2012-07-06 15:47:25 +02:00
7751c54a52
references updates
2012-07-06 11:56:03 +02:00
f8ca5b4234
Revision of pull request #562
2012-07-06 11:52:43 +02:00
1e6c4301b6
We worked on it, so we got credit
2012-07-06 02:12:10 -05:00
f8123ef316
Add a "#" in the end after the payload
2012-07-06 02:09:31 -05:00
187731f2cb
Add a check function to detect the vuln
2012-07-06 01:58:01 -05:00
dcddc712d2
Missing a "&"
2012-07-06 01:50:18 -05:00
3c8a836091
Add lcashdol's module from #568
...
Initial version being worked on by sinn3r & juan
2012-07-06 01:41:34 -05:00
260cea934d
Add more reference
2012-07-05 16:48:43 -05:00
850242e733
Remove the extra comma and a tab char
2012-07-05 14:05:23 -05:00
aee7d1a966
Added module for CVE-2012-0911
2012-07-05 20:58:27 +02:00
ff4a0bc3aa
poisonivy_bof description updated
2012-07-05 00:18:13 +02:00
8bdf3b56f5
tries updated
2012-07-04 15:48:32 +02:00
d8a5af7084
last changes done by gal, added RANDHEADER to single_exploit
2012-07-04 15:25:12 +02:00
644d5029d5
add bruteforce target as optional
2012-07-04 13:02:47 +02:00
7214a6c969
check function updated
2012-07-04 12:16:30 +02:00
c531bd264b
brute force version of the exploit
2012-07-04 11:37:36 +02:00
da2105787d
no rop versio of the exploit, metadata used, check and description fixed
2012-07-04 10:54:35 +02:00
8bcc0ba440
Review of pull request #559
2012-07-03 23:49:47 +02:00
600ca5b1dd
Added module for CVE-2012-0708
2012-07-03 19:03:58 +02:00
77d6fe16f0
Merge branch 'Winlog-CVE-resource' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-Winlog-CVE-resource
2012-07-02 16:04:02 -05:00
e2a2789f78
Support Ruby 1.8 syntax. Thanks M M.
2012-07-02 14:15:14 -05:00
e06ca8e654
Winlog-CVE-resource
2012-07-02 20:33:15 +02:00
9d49052c52
hp_dataprotector_new_folder: added support for hpdp 6
2012-07-02 18:32:19 +02:00
3bb7405b09
Only report auth if the username is not blank
2012-07-02 04:11:29 -05:00
a3d74f5b10
Correct dead milw0rm references
2012-06-30 16:50:04 -05:00
2874768539
Also add juan as author. And links to the vulnerable setup.
2012-06-30 13:12:13 -05:00
5dbfb7b9aa
last cleanup
2012-06-30 14:18:25 +02:00
19d476122b
versions affected corrected
2012-06-29 20:23:17 +02:00
533111c6da
irfanview_jpeg2000_bof: review of pull req #543
2012-06-29 20:13:02 +02:00
196e1b7f70
Update title & description to match what ZDI has.
...
ZDI publishes a new advisory that's closer to what we actually
see in a debugger. So we update the reference, as well as the
description + title to better match up theirs.
2012-06-29 11:10:28 -05:00
19b6ebbfbf
Merge branch 'apple_quicktime_texml_zdi' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-apple_quicktime_texml_zdi
2012-06-29 10:59:11 -05:00
0e87238e58
Space space
2012-06-29 10:56:12 -05:00
c79312547a
Added module for CVE-2012-0124
2012-06-29 17:50:21 +02:00
5efb459616
updated zdi reference
2012-06-29 16:36:11 +02:00
e5dd6fc672
Update milw0rm references.
...
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links. Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
7c9a8ba699
Add OSVDB reference
2012-06-28 02:09:12 -05:00
cf9a6d58cc
Update missing OSVDB ref
2012-06-28 00:44:01 -05:00
f63a3959e0
Update web app module references
2012-06-28 00:37:37 -05:00
869aec5e3e
Update CVE/OSVDB/Milw0rm references for browser modules
2012-06-28 00:26:20 -05:00
7dcdd205bb
Update CVEs for fileformat exploits
2012-06-28 00:21:03 -05:00
b83c02d8e3
Update CVE reference
2012-06-28 00:06:41 -05:00
d85ce8db5c
Update CVEs for HTTP exploits
2012-06-28 00:00:53 -05:00
e8102284ff
Add missing CVEs for misc exploit modules
2012-06-27 22:17:34 -05:00
f5faccfa07
Add missing CVEs for SCADA modules
2012-06-27 22:10:24 -05:00
e605a35433
Make sure the check func is always returning the same data type
2012-06-27 17:07:55 -05:00
cb1af5ab79
Final cleanup
2012-06-27 16:57:04 -05:00
73360dfae3
minor fixes
2012-06-27 23:38:52 +02:00
245205c6c9
changes on openfire_auth_bypass
2012-06-27 23:15:40 +02:00
6ec990ed85
Merge branch 'Openfire-auth-bypass' of https://github.com/h0ng10/metasploit-framework into h0ng10-Openfire-auth-bypass
2012-06-27 23:09:26 +02:00
2f733ff8b9
Add CVE-2012-0663 Apple QuickTime TeXML Exploit
2012-06-27 14:41:45 -05:00
94e28933c8
Whitespace fixes. msftidy.rb yall
2012-06-27 10:06:15 -05:00
9ea6d84a7a
Make it clear the exploit doesn't like certain PDF formats
...
If the exploit cannot fetch certain xref fields, we warn the user
we don't like their PDF, and recommend them to try a different
one.
2012-06-26 16:32:10 -05:00
6cc8390da9
Module rewrite, included Java support, direct upload, plugin deletion
2012-06-26 11:56:44 -04:00
b966dda980
Update missing CVE reference
2012-06-26 01:26:09 -05:00
8f355554c8
Update missing CVE reference
2012-06-26 01:21:24 -05:00
0d7b6d4053
Update missing CVE reference
2012-06-26 01:20:28 -05:00
c7935e0e99
Update OSVDB reference
2012-06-26 01:18:25 -05:00
9980c8f416
Add rh0's analysis
2012-06-25 21:32:45 -05:00
7698b2994d
Correct OSVDB typo
2012-06-25 18:32:35 -05:00
8927c8ae57
Make it more verbose, and do some exception handling for cleanup
2012-06-25 17:27:33 -05:00
7b0f3383d2
delete default credentials
2012-06-25 23:53:56 +02:00
7dc1a572e5
trying to fix serialization issues
2012-06-25 23:25:38 +02:00
4c453f9b87
Added module for CVE-2012-0694
2012-06-25 17:21:03 +02:00
807f7729f0
Merge branch 'master' into feature/vuln-info
2012-06-25 10:10:20 -05:00
5d2655b0ce
add osvdb ref
2012-06-25 09:00:03 -05:00
348a0b8f6e
Merge branch 'master' into feature/vuln-info
2012-06-24 23:00:13 -05:00
c28d47dc70
Take into account an integer-normalized datastore
2012-06-24 23:00:02 -05:00
e31a09203d
Take into account an integer-normalized datastore
2012-06-24 22:59:14 -05:00
65197e79e2
added Exploit for CVE-2008-6508 (Openfire Auth bypass)
2012-06-24 07:35:38 -04:00
e805675c1f
Add Apple iTunes 10 Extended M3U Stack Buffer Overflow
...
New exploit against Apple iTunes. Note that this appears to be
different than liquidworm's CVE-2012-0677, because this one is
a stack-based buffer overflow, while CVE-2012-0677 is heap-based,
and a different crash/backtrace. However, according to Rh0, this
bug is patched anyway in the same update... possibly a silent
patch.
As of now, there seems to be no CVE or OSVDB addressing this
particular bug.
2012-06-24 02:01:34 -05:00
6913440d67
More progress on syscall wrappers
...
Something is still broken, my socket() is returning EAFNOSUPPORT whereas
what looks like the same syscall in wunderbar_emporium's exploit.c is
returning a socket. Similarly, my __mmap2() is returning EFAULT when
trying to map anything, not just NULL.
2012-06-22 17:45:49 -06:00
d708f2526c
Adding ref for APSB12-09 to new Flash sploit
2012-06-22 17:30:52 -05:00
72ef8c91f0
module for CVE-2012-0779 added
2012-06-23 00:21:18 +02:00
315a1707e7
also new version v2.07.16 is vulnerable
2012-06-22 13:18:45 +02:00
fd8b1636b9
Add the first bits of a sock_sendpage exploit
...
This can currently build an executable that creates a socket, opens a
temporary file, truncates that file with ftruncate(2) and calls
sendfile. Still needs to mmap NULL and figure out ring0 shellcode.
Baby steps.
2012-06-22 00:03:29 -06:00
815d80a2cc
Merge branch 'rapid7' into omg-post-exploits
2012-06-21 17:02:55 -06:00
9d52ecfbb6
Fix a few mistakes (typos & reference)
2012-06-21 02:32:04 -05:00
6be7ba98aa
ezserver_http: added bid reference
2012-06-20 22:08:58 +02:00
f7ecc98923
Merge branch 'master' into feature/vuln-info
2012-06-20 13:34:53 -05:00
beb8e33fc4
Fix a typo
2012-06-20 09:53:09 -05:00
efaf5cf193
Oops, I found a typo.
2012-06-19 22:57:45 -05:00
9a9dd53e86
Use get_resource() instead of the hard-coded path
2012-06-19 22:56:25 -05:00
79fc053a2e
Merge branch 'module-CVE-2011-2110' of https://github.com/mrmee/metasploit-framework into mrmee-module-CVE-2011-2110
2012-06-19 22:05:07 -05:00
fcf42d3e7b
added adobe flashplayer array indexing exploit (CVE-2011-2110)
2012-06-20 12:52:37 +10:00
d40e39b71b
Additional exploit fail_with() changes to remove raise calls
2012-06-19 19:43:41 -05:00
LittleLightLittleFire
h0ng10
sinn3r
jvazquez-r7
HD Moore
James Lee
Steve Tornio
m-1-k-3
Tod Beardsley
Steven Seeley