Pearce Barry
1dae206fde
Land #7379 , Linux Kernel BPF Priv Esc (CVE-2016-4557)
2016-11-11 16:50:20 -06:00
Pedro Ribeiro
50f578ba79
Add full disclosure link
2016-11-08 22:15:19 +00:00
Pedro Ribeiro
95bd950133
Point to proper link on github
2016-11-07 17:59:29 +00:00
Pedro Ribeiro
f268c28415
Create dlink_hnap_login_bof.rb
2016-11-07 17:45:37 +00:00
William Vu
da356e7d62
Remove Compat hash to allow more payloads
2016-11-04 13:57:05 -05:00
William Vu
f0c89ffb56
Refactor module and use FileDropper
2016-11-04 13:57:05 -05:00
William Vu
6d7cf81429
Update references
2016-11-04 13:57:05 -05:00
William Vu
009d6a45aa
Update description
2016-11-04 13:57:05 -05:00
William Vu
bf7936adf5
Add instance_eval and syscall targets
2016-11-04 13:57:05 -05:00
Brendan
dae1f26313
Land #7521 , Modernize TLS protocol configuration for SMTP / SQL Server
2016-11-03 12:56:50 -05:00
William Vu
eca4b73aab
Land #7499 , check method for pkexec exploit
2016-11-03 10:59:06 -05:00
William Vu
1c746c0f93
Prefer CheckCode::Detected
2016-11-03 11:14:48 +01:00
William Vu
2cdff0f414
Fix check method
2016-11-03 11:14:48 +01:00
William Webb
31b593ac67
Land #7402 , Add Linux local privilege escalation via overlayfs
2016-11-01 12:46:40 -05:00
Brent Cook
f8912486df
fix typos
2016-11-01 05:43:03 -05:00
OJ
3c56f1e1f7
Remove commented x64 arch from sock_sendpage
2016-11-01 01:29:11 +10:00
Alex Flores
45d6012f2d
fix check method
2016-10-30 14:57:42 -04:00
OJ
57eabda5dc
Merge upstream/master
2016-10-29 13:54:31 +10:00
Quentin Kaiser
c7b775ac1c
Fix detection following @bwatters-r7 recommendations. Remove safesync exploit that shouldn't be here.
2016-10-28 18:03:56 +00:00
OJ
1d617ae389
Implement first pass of architecture/platform refactor
2016-10-28 07:16:05 +10:00
Julien (jvoisin) Voisin
23ab4f1fc1
Remove one last tab
2016-10-27 12:32:40 +02:00
Julien (jvoisin) Voisin
d9f07183bd
Please h00die ;)
2016-10-27 12:18:33 +02:00
Julien (jvoisin) Voisin
2ac54f5028
Add a check for the linux pkexec module
2016-10-27 10:28:13 +02:00
wolfthefallen
684feb6b50
moved STAGE0 and STAGE1 into datastore
2016-10-18 11:47:38 -04:00
wolfthefallen
e806466fe3
correct carriage return and link issue
2016-10-17 10:31:39 -04:00
wolfthefallen
7e68f7d2a4
EmpirePowerShell Arbitrary File Upload (Skywalker)
2016-10-17 10:03:07 -04:00
h00die
0d1fe20ae5
revamped
2016-10-15 20:57:31 -04:00
William Webb
5e7d546fa2
Land #7094 , OpenNMS Java Object Deserialization RCE Module
2016-10-14 13:19:11 -05:00
Brent Cook
cfddc734a8
Land #7286 , WiFi pineapple preconfig command injection module
2016-10-14 12:57:42 -05:00
Brent Cook
e05a325786
Land #7285 , WiFi pineapple command injection via authentication bypass
2016-10-14 12:57:05 -05:00
h00die
12493d5c06
moved c code to external sources
2016-10-13 20:37:03 -04:00
h00die
9d2355d128
removed debug line
2016-10-10 10:23:51 -04:00
h00die
2ad82ff8e3
more nagios versatility
2016-10-10 10:21:49 -04:00
Pearce Barry
7b84e961ed
Minor output correction.
2016-10-09 19:01:06 -05:00
h00die
7e6facd87f
added wrong file
2016-10-09 09:49:58 -04:00
h00die
2c4a069e32
prepend fork fix
2016-10-09 09:40:44 -04:00
h00die
2dfebe586e
working cve-2014-0038
2016-10-08 23:58:09 -04:00
h00die
27cf5c65c4
working module
2016-10-04 23:21:53 -04:00
h00die
75bea08e0e
changing branches
2016-10-04 21:08:12 -04:00
h00die
e6daef62b4
egypt
2016-10-03 20:24:59 -04:00
h00die
7b0a8784aa
additional doc updates
2016-09-29 19:02:16 -04:00
h00die
bac4a25b2c
compile or nill
2016-09-29 06:15:17 -04:00
h00die
4fac5271ae
slight cleanup
2016-09-29 05:51:13 -04:00
h00die
c036c258a9
cve-2016-4557
2016-09-29 05:23:12 -04:00
jvoisin
2272e15ca2
Remove some anti-patterns, in the same spirit than #7372
2016-09-29 00:15:01 +02:00
William Vu
988471b860
Land #7372 , useless use of cat fix
...
Obligatory: modules/exploits/linux/local/kloxo_lxsuexec.rb.
2016-09-28 16:37:11 -05:00
William Vu
3033c16da6
Add missing rank
2016-09-28 16:37:04 -05:00
jvoisin
b46073b34a
Replace `cat` with Ruby's `read_file`
...
Thanks to wvu-r7 for the comment
2016-09-28 23:22:19 +02:00
William Vu
45ee59581b
Fix inverted logic in Docker exploit
...
Positive condition should be tested first, imo. Confusing otherwise. My
bad, though.
Credit to @fslavin-r7.
2016-09-28 15:36:09 -05:00
Julien (jvoisin) Voisin
dbb2abeda1
Remove the `cat $FILE | grep $PATTERN` anti-pattern
...
The `kloxo_lxsuexec.rb` and `netfilter_pvi_esc.rb` exploits
were using the infamous `cat+grep` anti-pattern, this commit
replaces it with `cat` and Ruby's `.include?` method.
2016-09-28 13:41:25 +02:00
Pearce Barry
6382fffc75
Land #7326 , Linux Kernel Netfilter Privesc
2016-09-26 12:38:50 -05:00
h00die
23e5556a4c
binary drops work!
2016-09-24 21:31:00 -04:00
h00die
7646771dec
refactored for live compile or drop binary
2016-09-22 20:07:07 -04:00
Brent Cook
88cef32ea4
Land #7339 , SSH module fixes from net:ssh updates
2016-09-22 00:27:32 -05:00
Brendan
04f8f7a0ea
Land #7266 , Add Kaltura Remote PHP Code Execution
2016-09-21 17:14:49 -05:00
Mehmet Ince
2d3c167b78
Grammar changes again.
2016-09-20 23:51:12 +03:00
Mehmet Ince
0f16393220
Yet another grammar changes
2016-09-20 19:48:40 +03:00
Mehmet Ince
fb00d1c556
Another minor grammer changes
2016-09-20 19:23:28 +03:00
Brendan
251421e4a7
Minor grammar changes
2016-09-20 10:37:39 -05:00
Mehmet Ince
385428684f
Move module and docs under the exploit/linux/http folder
2016-09-20 12:45:23 +03:00
David Maloney
e315ec4e73
Merge branch 'master' into bug/7321/fix-ssh-modules
2016-09-19 15:27:37 -05:00
h00die
edd1704080
reexploit and other docs and edits added
2016-09-18 09:01:41 -04:00
h00die
4f85a1171f
reexploit and other docs and edits added
2016-09-18 08:51:27 -04:00
Thao Doan
d2100bfc4e
Land #7301 , Support URIHOST for exim4_dovecot_exec for NAT
2016-09-16 12:49:57 -07:00
Thao Doan
7c396dbf59
Use URIHOST
2016-09-16 12:48:54 -07:00
William Vu
4d0643f4d1
Add missing DefaultTarget to Docker exploit
2016-09-16 13:09:00 -05:00
William Vu
da516cb939
Land #7027 , Docker privesc exploit
2016-09-16 12:44:21 -05:00
William Vu
e3060194c6
Fix formatting in ubiquiti_airos_file_upload
...
Also add :config and :use_agent options.
2016-09-16 12:27:09 -05:00
Jan Mitchell
7393d91bfa
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into upstream-master
2016-09-16 10:46:44 +01:00
h00die
4be4bcf7eb
forgot updates
2016-09-16 02:08:09 -04:00
h00die
2e42e0f091
first commit
2016-09-16 01:54:49 -04:00
David Maloney
dfcd5742c1
some more minor fixes
...
some more minor fixes around broken
ssh modules
7321
2016-09-15 14:25:17 -05:00
David Maloney
e10c133eef
fix the exagrid exploit module
...
split the exagrid exploit module up and
refactor to be able to easily tell if the
key or the password was used
7321
2016-09-15 11:44:19 -05:00
William Vu
c6214d9c5e
Fix and clean module
2016-09-14 14:36:29 -05:00
Brent Cook
7352029497
first round of SSL damage fixes
2016-09-13 17:42:31 -05:00
aushack
11342356f8
Support LHOST for metasploit behind NAT
2016-09-13 11:23:49 +10:00
catatonic
c06ee991ed
Adding WiFi pineapple command injection via authenticaiton bypass.
2016-09-06 17:22:25 -07:00
catatonic
8d40dddc17
Adding WiFi pineapple preconfig command injection module.
2016-09-06 17:18:36 -07:00
Quentin Kaiser
e4d118108a
Trend Micro SafeSync exploit.
2016-09-06 19:33:23 +00:00
William Vu
fed2ed444f
Remove deprecated modules
...
psexec_psh is undeprecated because users have been reporting
idiosyncrasies between it and psexec in the field.
2016-09-03 12:43:01 -05:00
Jan Mitchell
411689aa44
Adding changes to Samba exploit to target MIPSBE (this is for OpenWRT on a router
2016-09-01 10:05:13 +01:00
Pearce Barry
226ded8d7e
Land #6921 , Support basic and form auth at the same time
2016-08-25 16:31:26 -05:00
William Vu
2b6576b038
Land #7012 , Linux service persistence module
2016-08-17 22:45:35 -05:00
William Vu
c64d91457f
Land #7003 , cron/crontab persistence module
2016-08-17 22:45:16 -05:00
wchen-r7
c64e1b8fe6
Land #7181 , NUUO NVRmini 2 / Crystal / NETGEAR ReadyNAS Surveillance
2016-08-08 16:04:33 -05:00
wchen-r7
cb04ff48bc
Land #7180 , Add exploit for CVE 2016-5674 / Nuuo / Netgear unauth RCE
2016-08-08 15:55:39 -05:00
wchen-r7
8654baf3dd
Land #6880 , add a module for netcore/netdis udp 53413 backdoor
2016-08-08 15:43:34 -05:00
wchen-r7
f98efb1345
Fix typos
2016-08-08 15:41:03 -05:00
Quentin Kaiser
1320647f31
Exploit for Trend Micro Smart Protection Server (CVE-2016-6267).
2016-08-08 18:47:46 +00:00
Pedro Ribeiro
3b64b891a6
Update nuuo_nvrmini_unauth_rce.rb
2016-08-05 21:53:25 +01:00
Pedro Ribeiro
746ba4d76c
Add bugtraq reference
2016-08-05 21:53:08 +01:00
Pedro Ribeiro
2aca610095
Add github link
2016-08-04 17:38:31 +01:00
Pedro Ribeiro
7d8dc9bc82
Update nuuo_nvrmini_unauth_rce.rb
2016-08-04 17:38:14 +01:00
Pedro Ribeiro
b48518099c
add exploit for CVE 2016-5674
2016-08-04 16:55:21 +01:00
Pedro Ribeiro
0deac80d61
add exploit for CVE 2016-5675
2016-08-04 16:54:38 +01:00
wchen-r7
1e1866f583
Fix #7158 , tiki_calendar_exec incorrectly reports successful login
...
Fix #7158
2016-07-28 17:03:31 -05:00
Vex Woo
864989cf6c
For echo command
2016-07-26 20:27:23 -05:00
Brendan
4720d77c3a
Land #6965 , centreon useralias exec
2016-07-26 15:02:36 -07:00
James Lee
b057a9486c
Don't use ssh agent
2016-07-19 17:07:22 -05:00
James Lee
ff63e6e05a
Land #7018 , unvendor net-ssh
2016-07-19 17:06:35 -05:00
forzoni
6f35a04e21
Incorporate review fixes, ensure PrependFork is true, fix echo compat.
2016-07-19 01:45:56 -05:00
Brent Cook
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e0216
, reversing
changes made to 7b1d9596c7
.
2016-07-15 12:00:31 -05:00
h00die
03dca5fee2
updates round 2
2016-07-15 09:02:23 -04:00
h00die
33ce3ec3ed
fixes round 2
2016-07-15 08:44:39 -04:00
David Maloney
b6b52952f4
set ssh to non-interactive
...
have to set the non-interactive flag so that it does not
prompt the user on an incorrect password
MS-1688
2016-07-14 11:12:03 -05:00
David Maloney
01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-14 09:48:28 -05:00
Brent Cook
2b016e0216
Land #6812 , remove broken OSVDB references
2016-07-11 22:59:11 -05:00
Brent Cook
a530aa4cf1
restrict perms a bit more
2016-07-11 22:22:34 -05:00
Brent Cook
a107a0f955
remove unneeded rport/rhost defines
2016-07-11 22:22:34 -05:00
Brent Cook
6bf51fe064
streamline payload generation
2016-07-11 22:22:34 -05:00
Brent Cook
7ef6c8bf9e
ruby style updates
2016-07-11 22:22:33 -05:00
Brent Cook
c1f51e7ddf
Update and fixup module against OpenNMS-16
2016-07-11 22:22:33 -05:00
benpturner
50746eec29
Fixes comments in regards to #{peer}
2016-07-11 22:22:33 -05:00
benpturner
ce8317294f
New module to exploit the OpenNMS Java Object Unserialization RCE vulnerability. This now gets flagged inside Nessus and there was no Metasploit module to exploit this.
...
This module exploits the vulnerability to a full session.
2016-07-11 22:22:32 -05:00
William Webb
52c6daa0f2
Land #7048 , Riverbed SteelCentral NetProfiler and NetExpress Remote
...
Command Injection
2016-07-10 18:54:12 -05:00
Francesco
b75084249a
Removed duplicate 'Privileged' key
2016-07-10 01:37:03 -04:00
sho-luv
25f49c0091
Fixed Description
...
Just cleaned up Description.
2016-07-08 16:17:39 -07:00
David Maloney
5f9f3259f8
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-05 10:48:38 -05:00
Francesco
4ed12d7077
Added: support for credentials saving using report_cred method as suggested
...
Added: support for detection of valid user credentials to skip login SQLi if not necessary.
2016-07-02 01:41:13 -04:00
William Vu
9663f88fdc
Download profile.zip instead of including it
...
profile.zip is GPL-licensed...
2016-07-01 01:17:23 -05:00
Francesco
068a4007de
Riverbed SteelCentral NetProfiler & NetExpress Exploit Module
...
Changes to be committed:
new file: modules/exploits/linux/http/riverbed_netprofiler_netexpress_exec.rb
2016-06-29 22:27:40 -04:00
William Vu
68bd4e2375
Fire and forget the shell
...
Edge case where reverse_perl returns 302 when app is unconfigured.
2016-06-29 14:51:05 -05:00
forzoni
d414ea59c3
Remove bash dependency. Oops.
2016-06-28 22:39:45 -05:00
David Maloney
3d93c55174
move sshfactory into a mixin method
...
use a convience method to DRY up creation
of the SSHFactory inside modules. This will make it easier
to apply changes as needed in future. Also changed msframework attr
to just framework as per our normal convention
MS-1688
2016-06-28 15:23:12 -05:00
David Maloney
ee2d1d4fdc
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-06-28 15:00:35 -05:00
forzoni
5f044ffda0
s/print_warning/print_error.
2016-06-28 10:26:23 -05:00
forzoni
0635fee820
Move some log lines to vprint_status.
2016-06-28 03:28:41 -05:00
forzoni
6c11692b04
Add privilege escalation for host users that can access the docker daemon.
2016-06-28 03:24:41 -05:00
William Vu
5f08591fef
Add Nagios XI exploit
2016-06-27 15:17:18 -05:00
h00die
1c20122648
fedora compatibility, added naming options
2016-06-25 08:43:55 -04:00
David Maloney
6c3871bd0c
update ssh modules to use new SSHFactory
...
updated all of our SSh based module to use the
new SSHFactory class to plug Rex::Sockets into
Net::SSH
MS-1688
2016-06-24 13:55:28 -05:00
h00die
18a3bf5f62
service persistence
2016-06-22 19:22:18 -04:00
wchen-r7
de5152401a
Land #6992 , Add tiki calendar exec exploit
2016-06-22 11:18:14 -05:00
wchen-r7
8697d3d6fb
Update tiki_calendar_exec module and documentation
2016-06-22 11:17:45 -05:00
h00die
0f2c1d886c
append over read and write
2016-06-21 16:56:34 -04:00
h00die
9cb57d78d7
updated check and docs that 14.2 may not be vuln
2016-06-21 16:48:09 -04:00
h00die
c7bacebd5b
slight issues found by void-in
2016-06-21 05:12:10 -04:00
h00die
4b8f572976
cron persistence
2016-06-20 21:45:04 -04:00
h00die
15a3d739c0
fix per wchen
2016-06-20 17:57:10 -04:00
h00die
6fe7698b13
follow redirect automatically
2016-06-19 20:24:54 -04:00
h00die
3f25c27e34
2 void-in fixes of 3
2016-06-19 14:35:27 -04:00
h00die
ddfd015310
functionalized calendar call, updated docs
2016-06-19 08:53:22 -04:00
h00die
3feff7533b
tiki calendar
2016-06-18 13:11:11 -04:00
h00die
ebde552982
gem version
2016-06-16 21:09:56 -04:00
Brendan Watters
9ea0b8f944
Land #6934 , Adds exploit for op5 configuration command execution
2016-06-16 14:36:10 -05:00
William Vu
ea988eaa72
Add setsid to persist the shell
...
Prevents the watchdog from killing our session.
2016-06-16 11:31:35 -05:00
h00die
cfb034fa95
fixes all previously identified issues
2016-06-15 20:58:04 -04:00
h00die
81fa068ef0
pulling out the get params
2016-06-15 12:27:31 -04:00
h00die
52db99bfae
vars_post for post request
2016-06-15 07:24:41 -04:00
h00die
625d60b52a
fix the other normalize_uri
2016-06-14 15:03:07 -04:00
h00die
afc942c680
fix travis
2016-06-13 19:07:14 -04:00
h00die
bd4dacdbc3
added Rank
2016-06-13 19:04:06 -04:00
h00die
72ed478b59
added exploit rank
2016-06-13 18:56:33 -04:00
h00die
40f7fd46f9
changes outlined by wvu-r7
2016-06-13 18:52:25 -04:00
h00die
f63273b172
email change
2016-06-11 21:05:34 -04:00
h00die
bd6eecf7b0
centreon useralias first add
2016-06-11 20:57:18 -04:00
William Vu
ec1248d7af
Convert to CmdStager
2016-06-10 20:42:01 -05:00
William Vu
46239d5b0d
Add Apache Continuum exploit
2016-06-09 22:35:38 -05:00
h00die
d63dc5845e
wvu-r7 comment fixes
2016-06-09 21:52:21 -04:00
William Vu
6da8c22171
Rename hash method to crypt
...
To avoid a conflict with Object#hash in Pro.
MS-1636
2016-06-09 15:21:40 -05:00
h00die
6f5edb08fe
pull uri from datastore consistently
2016-06-08 20:28:36 -04:00
Brendan Watters
c4aa99fdac
Land #6925 , ipfire proxy exec
2016-06-07 10:24:59 -05:00
Brendan Watters
7e84c808b2
Merge remote-tracking branch 'upstream/pr/6924' into dev
2016-06-07 09:24:25 -05:00
h00die
c2699ef194
rubocop fixes
2016-06-03 17:43:11 -04:00
h00die
2f837d5d60
fixed EDB spelling
2016-06-03 17:17:36 -04:00
h00die
8d76bdb8af
fixed EDB reference
2016-06-03 17:13:36 -04:00
Brendan Watters
d7cd10f586
Suggested updates for style and clarity
2016-06-03 14:04:58 -05:00
Brendan Watters
91658d2a61
Changes per rubocop and sinn3r
2016-06-03 12:42:38 -05:00
h00die
68d647edf1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into op5
2016-06-01 18:05:18 -04:00
h00die
52d5028548
op5 config exec
2016-06-01 15:07:31 -04:00
h00die
8ce59ae330
travis fixes
2016-05-31 05:46:20 -04:00
h00die
057947d7e8
ipfire proxy exec
2016-05-30 10:24:17 -04:00
h00die
9b5e3010ef
doc/module cleanup
2016-05-30 06:33:48 -04:00
h00die
df55f9a57c
first add of ipfire shellshock
2016-05-29 20:40:12 -04:00
wchen-r7
14adcce8bf
Missed the HTTPUSERNAME fix
2016-05-27 18:37:04 -05:00
wchen-r7
61f9cc360b
Correct casing - should be HttpUsername and HttpPassword
2016-05-27 18:31:54 -05:00
wchen-r7
4dcddb2399
Fix #4885 , Support basic and form auth at the same time
...
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.
Fix #4885
2016-05-27 16:25:42 -05:00
William Vu
6581fbd294
Add note about "mf" malware
...
This is the malware I found upon shelling my friend's device.
2016-05-20 23:09:10 -05:00
William Vu
a16f4b5167
Return nil properly in rescue
...
Missed this because I copypasta'd myself.
2016-05-19 15:35:38 -05:00
William Vu
d018bba301
Store SSH key as a note
...
I know, I know, it should use the creds model. >:[
2016-05-19 15:12:58 -05:00
William Vu
9f738c3e41
Add note about overwritten files
2016-05-19 15:07:27 -05:00
William Vu
8fccb26446
Add Ubiquiti airOS exploit
...
Thanks to my friend wolf359 for providing a test device!
2016-05-19 14:50:20 -05:00
Vex Woo
4a4904149b
ruby conditional operator -> expression
2016-05-16 10:45:04 -05:00
Vex Woo
4a3ab9d464
add a module for netcore/netdis udp 53413 backdoor
2016-05-16 02:11:53 -05:00
Nicholas Starke
4b23d2dc58
Adjusting exception handling
...
This commit adjusts the error handling to close the socket before
calling fail_with and adds specific exceptions to catch
2016-05-11 17:18:51 -05:00
Nicholas Starke
32ae3e881e
Adding save_cred and exception handling to module
...
This commit adds a save_cred method for saving off the credentials
upon a successful login attempt. Also, exception handling surrounding
the opening of the telnet socket has been added to avoid any accidental
resource leaking.
2016-05-10 20:54:44 -05:00
Nicholas Starke
8eb3193941
Adding TP-Link sc2020n Module
...
This module exploits a command injection vulnerability in
TP-Link sc2020n network video cameras in order to start the
telnet daemon on a random port. The module then connects to
the telnet daemon, which returns a root shell on the device.
2016-05-08 14:02:50 -05:00
wchen-r7
df44dc9c1c
Deprecate exploits/linux/http/struts_dmi_exec
...
Please use exploits/multi/http/struts_dmi_exec, which supports
Windows and Java targets.
2016-05-02 15:03:25 -05:00
join-us
6a00f2fc5a
mv exploits/linux/http/struts_dmi_exec.rb to exploits/multi/http/struts_dmi_exec.rb
2016-05-01 00:00:29 +08:00
join-us
ec66410fab
add java_stager / windows_stager | exploit with only one http request
2016-04-30 23:56:56 +08:00
wchen-r7
d6a6577c5c
Default payload to linux/x86/meterpreter/reverse_tcp_uuid
...
Default to linux/x86/meterpreter/reverse_tcp_uuid for now because
of issue #6833
2016-04-29 11:52:50 -05:00
wchen-r7
97061c1b90
Update struts_dmi_exec.rb
2016-04-29 11:13:25 -05:00
wchen-r7
e9535dbc5b
Address all @FireFart's feedback
2016-04-29 11:03:15 -05:00
wchen-r7
6f6558923b
Rename module as struts_dmi_exec.rb
2016-04-29 10:34:48 -05:00
wchen-r7
4a95e675ae
Rm empty references
2016-04-24 11:46:08 -05:00
wchen-r7
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
wchen-r7
92ef8f4ab3
Land #6751 , Correct proftp version check at module runtime
2016-04-14 15:34:53 -05:00
wchen-r7
c4aac2a54a
Remove unwanted comments
2016-04-07 11:22:57 -05:00
James Lee
7658014fb7
Add CVEs
2016-04-07 08:39:29 -05:00
James Lee
87d59a9bfb
Add exploit for ExaGrid known credentials
2016-04-07 04:17:43 -05:00