sinn3r
|
a2b709b20e
|
Land #3189 - Vtiger Install Unauthenticated Remote Command Execution
|
2014-04-08 14:58:34 -05:00 |
sinn3r
|
4012dd0acc
|
Fix everything that needs to be fixed
|
2014-04-08 14:57:42 -05:00 |
dummys
|
ca7dcc0781
|
cleanup with msftidy
|
2014-04-06 12:41:58 +02:00 |
dummys
|
c90c49e319
|
Add vtiger install rce 0 day
|
2014-04-04 10:16:55 +02:00 |
jvazquez-r7
|
577bd7c855
|
Land #3146, @wchen-r7's flash version detection code
|
2014-04-02 15:13:41 -05:00 |
joev
|
ebcf972c08
|
Add initial firefox xpi prompt bypass.
|
2014-04-01 23:48:35 -05:00 |
sinn3r
|
a173fcf2fa
|
Flash detection for firefox_svg_plugin
Good test case
|
2014-03-28 15:39:25 -05:00 |
Joe Vennix
|
80808fc98c
|
Cleans up firefox SVG plugin.
|
2014-03-26 13:12:39 -05:00 |
Tod Beardsley
|
d27264b402
|
Land #2782, fix expand_path abuse
|
2014-03-19 08:41:28 -05:00 |
Tod Beardsley
|
c916b62f47
|
Removes hash rockets from references.
[SeeRM #8776]
|
2014-03-17 09:40:32 -05:00 |
William Vu
|
170608e97b
|
Fix first chunk of msftidy "bad char" errors
There needs to be a better way to go about preventing/fixing these.
|
2014-03-11 11:18:54 -05:00 |
OJ
|
3ea3968d88
|
Merge branch 'upstream/master' into stop_abusing_expand_path
Conflicts:
lib/msf/core/post/windows/shadowcopy.rb
modules/exploits/windows/local/bypassuac.rb
modules/post/windows/gather/wmic_command.rb
modules/post/windows/manage/persistence.rb
|
2014-03-11 23:13:39 +10:00 |
jvazquez-r7
|
6c490af75e
|
Add randomization to Rex::Zip::Jar and java_signed_applet
|
2014-02-27 12:38:52 -06:00 |
jvazquez-r7
|
c981bbeab9
|
Land #3011, @wchen-r7's fix for Dexter exploit
|
2014-02-24 10:53:10 -06:00 |
jvazquez-r7
|
998fa06912
|
Land #2998, @bit4bit's fix for the vtigercrm exploit
|
2014-02-20 08:36:05 -06:00 |
jvazquez-r7
|
0b27cd13e8
|
Make module work
|
2014-02-20 08:35:37 -06:00 |
sinn3r
|
ed2ac95396
|
Always replace \ with / for Dexter exploit
Fix for the following:
48199fec27 (commitcomment-5419010)
|
2014-02-19 09:24:07 -06:00 |
jvazquez-r7
|
4ca4d82d89
|
Land #2939, @Meatballs1 exploit for Wikimedia RCE and a lot more...
|
2014-02-18 17:48:02 -06:00 |
Tod Beardsley
|
a863d0a526
|
Pre-release fixes, including msftidy errors.
|
2014-02-18 14:02:37 -06:00 |
sinn3r
|
52ac85be11
|
Land #2931 - Oracle Forms and Reports RCE
|
2014-02-17 08:54:23 -06:00 |
sinn3r
|
110ffbf342
|
Indent looks off for this line
|
2014-02-17 08:53:29 -06:00 |
sinn3r
|
632ea05688
|
100 columns
|
2014-02-17 08:52:56 -06:00 |
sinn3r
|
8da7ba131b
|
In case people actually don't know what RCE means
|
2014-02-17 08:51:48 -06:00 |
sinn3r
|
73459baefd
|
Add OSVDB references
|
2014-02-17 08:50:34 -06:00 |
Mekanismen
|
fb7b938f8e
|
check func fixed
|
2014-02-17 15:11:56 +01:00 |
Mekanismen
|
e27d98368e
|
fixed local server issues
|
2014-02-16 18:26:08 +01:00 |
Mekanismen
|
e40b9e5f37
|
updated and improved
|
2014-02-16 16:24:39 +01:00 |
Jovany Leandro G.C
|
74344d6c7e
|
vtigerolservice.php to vtigerservice.php
using direct soap/vtigerolservice.php not work..php need require('config.php');
|
2014-02-15 20:36:36 -05:00 |
Mekanismen
|
b7d69c168c
|
bugfix and user supplied local path support
|
2014-02-15 16:24:59 +01:00 |
sinn3r
|
9daffbd484
|
Land #2973 - Dexter panel (CasinoLoader) SQLi to file upload code exec
|
2014-02-14 17:16:27 -06:00 |
sinn3r
|
48199fec27
|
Change URL identifier, and make the user choose a target
|
2014-02-14 17:15:00 -06:00 |
jvazquez-r7
|
ff267a64b1
|
Have into account the Content-Transfer-Encoding header
|
2014-02-12 12:40:11 -06:00 |
bwall
|
783e62ea85
|
Applied changes from @wchen-r7's comments
|
2014-02-11 10:14:52 -08:00 |
jvazquez-r7
|
51df2d8b51
|
Use the fixed API on the mediawiki exploit
|
2014-02-11 08:28:58 -06:00 |
jvazquez-r7
|
79d559a0c9
|
Fix MIME message to_s
|
2014-02-10 22:23:23 -06:00 |
bwall
|
13fadffe7e
|
Dexter panel (CasinoLoader) SQLi to PHP code exec - Initial
|
2014-02-10 13:44:30 -08:00 |
jvazquez-r7
|
8ece4a7750
|
Delete debug print
|
2014-02-10 08:57:45 -06:00 |
jvazquez-r7
|
57320a59f1
|
Do small clean up for mediawiki_thumb pr
|
2014-02-10 08:57:09 -06:00 |
Meatballs
|
dcff06eba1
|
More verbose failure messages
|
2014-02-07 23:59:28 +00:00 |
Meatballs
|
783a986a19
|
Windows and auto target up and running
|
2014-02-07 23:26:57 +00:00 |
Meatballs
|
a0f47f6b2b
|
Correct error check logic
|
2014-02-07 22:06:53 +00:00 |
Meatballs
|
443a51bbf5
|
Undo revert from merge
|
2014-02-07 21:28:04 +00:00 |
Meatballs
|
56359aa99f
|
Merge changes from other dev machine
|
2014-02-07 21:22:44 +00:00 |
Meatballs
|
a4cc75bf98
|
Potential .pdf support
|
2014-02-07 20:37:44 +00:00 |
Meatballs
|
e13520d7fb
|
Handle a blank filename
|
2014-02-07 20:15:32 +00:00 |
Meatballs
|
103780c3da
|
Merge remote-tracking branch 'upstream/master' into mediawiki
|
2014-02-07 20:07:04 +00:00 |
grimmlin
|
2d93b38e2a
|
Fixed java_signed_applet for Java 7u51
|
2014-02-07 16:29:50 +01:00 |
Meatballs
|
0a3cb3377f
|
AppendEncoder
|
2014-02-04 15:41:10 +00:00 |
Meatballs
|
26c506da42
|
Naming of follow method
|
2014-02-04 15:25:51 +00:00 |
Meatballs
|
f5fa3fb5ce
|
Windows compat, fixed PHP-CLI
|
2014-02-04 14:27:10 +00:00 |