Brendan
70a79bb0e8
Land #7014 , Nagios remote root shell exploit
2016-07-01 08:17:38 -07:00
William Vu
d42d9f8557
Add module docs to appease the Thao god
2016-07-01 01:17:27 -05:00
Scott Lee Davis
c2b4e22b46
updated with discovered changes from k kali & documentation update changes requested.
2016-06-27 01:53:20 -04:00
h00die
1c20122648
fedora compatibility, added naming options
2016-06-25 08:43:55 -04:00
Scott Davis
5e1b7d8c0f
even more clean up.
2016-06-23 14:59:11 -07:00
Scott Davis
63d8787101
added back (new) usage examples for nodejs,java,ruby,php.
2016-06-23 14:56:46 -07:00
Tod Beardsley
ff741fbc35
Rename for docs
2016-06-23 14:53:49 -05:00
Tod Beardsley
92522138c5
Remove the RC files
2016-06-23 14:52:23 -05:00
Scott Lee Davis
fbd0bc4308
updated as per @egypt & @todb-r7 recommendations.
2016-06-23 11:41:54 -04:00
Scott Davis
47e4321424
CVE-2016-5641
2016-06-23 06:09:37 -07:00
h00die
a3b08418b9
fixed markdown
2016-06-22 20:32:51 -04:00
h00die
35e3fb3e2f
fixed markdown
2016-06-22 20:15:29 -04:00
h00die
bc293e2a8b
fixed bad markup
2016-06-22 20:10:25 -04:00
h00die
18a3bf5f62
service persistence
2016-06-22 19:22:18 -04:00
wchen-r7
de5152401a
Land #6992 , Add tiki calendar exec exploit
2016-06-22 11:18:14 -05:00
wchen-r7
8697d3d6fb
Update tiki_calendar_exec module and documentation
2016-06-22 11:17:45 -05:00
h00die
9cb57d78d7
updated check and docs that 14.2 may not be vuln
2016-06-21 16:48:09 -04:00
h00die
4b8f572976
cron persistence
2016-06-20 21:45:04 -04:00
h00die
6fe7698b13
follow redirect automatically
2016-06-19 20:24:54 -04:00
h00die
ddfd015310
functionalized calendar call, updated docs
2016-06-19 08:53:22 -04:00
h00die
1db10eec39
slight documentation update
2016-06-18 13:27:46 -04:00
h00die
3feff7533b
tiki calendar
2016-06-18 13:11:11 -04:00
Brendan Watters
9ea0b8f944
Land #6934 , Adds exploit for op5 configuration command execution
2016-06-16 14:36:10 -05:00
h00die
cfb034fa95
fixes all previously identified issues
2016-06-15 20:58:04 -04:00
wchen-r7
1d27538545
Missing a word
2016-06-14 14:15:28 -05:00
wchen-r7
a7c778b852
Update magento_unserialize.md
2016-06-14 11:15:25 -05:00
h00die
bd6eecf7b0
centreon useralias first add
2016-06-11 20:57:18 -04:00
wchen-r7
7cdadca79b
Land #6945 , Add struts_dmi_rest_exec exploit
2016-06-08 23:16:46 -05:00
wchen-r7
dff60d96c8
Add mod doc for struts_dmi_rest_exec and update struts_dmi_exec.md
2016-06-08 23:15:44 -05:00
Brendan Watters
c4aa99fdac
Land #6925 , ipfire proxy exec
2016-06-07 10:24:59 -05:00
Brendan Watters
7e84c808b2
Merge remote-tracking branch 'upstream/pr/6924' into dev
2016-06-07 09:24:25 -05:00
wchen-r7
b59d10d9c4
Land #6929 , Add HP Data Protector Encrypted Comms exploit
2016-06-06 22:45:53 -05:00
wchen-r7
d8d6ab3ae8
Add hp_dataprotector_encrypted_comms.md
2016-06-06 22:45:17 -05:00
wchen-r7
1dad9bf7fa
Correct module doc path for magento_unserialize.md
2016-06-02 17:12:39 -05:00
wchen-r7
184802d7d1
Add documentation for magento_unserialize
2016-06-02 17:10:26 -05:00
h00die
68d647edf1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into op5
2016-06-01 18:05:18 -04:00
h00die
52d5028548
op5 config exec
2016-06-01 15:07:31 -04:00
h00die
3163af603d
md fix
2016-05-30 10:25:49 -04:00
h00die
057947d7e8
ipfire proxy exec
2016-05-30 10:24:17 -04:00
h00die
9b5e3010ef
doc/module cleanup
2016-05-30 06:33:48 -04:00
h00die
df55f9a57c
first add of ipfire shellshock
2016-05-29 20:40:12 -04:00
Brent Cook
cf0176e68b
Land #6867 , Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection
2016-05-16 19:00:10 -05:00
Brent Cook
21d74a64fe
Land #6874 , Improve exploit for CVE-2016-0854
2016-05-14 11:08:17 -05:00
wchen-r7
9114e01ed9
update doc
2016-05-13 23:31:38 -05:00
Brent Cook
a940481f62
Land #6834 , Authorized FTP JCL exploit for z/OS
2016-05-13 21:29:45 -05:00
wchen-r7
3b5db26ff5
Fix #6872 , change upload action for CVE-2016-0854 exploit
...
This patch includes the following changes:
* Instead of the uploadFile action, this patch uses uploadImageCommon
to be able to support both Advantech WebAccess builds: 2014 and
2015.
* It uses an explicit check instead of the passive version check.
* It cleans up the malicious file after getting a session.
* Added module documentation to explain the differences between
different builds of Advantech WebAccess 8.0s, and 8.1.
Fix #6872
2016-05-13 19:47:18 -05:00
Bigendian Smalls
2d5cf6cfe4
Authorized FTP JCL exploit for z/OS
...
This exploit module allows a user with credentials to execute JCL on a
vulnerable mainframe system running z/OS and an appropriately configured
FTP server.
2016-05-12 14:46:31 -05:00
wchen-r7
756673fcd7
Fix another typo
2016-05-12 00:13:53 -05:00
wchen-r7
9d128cfd9f
Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection
2016-05-11 22:27:18 -05:00
wchen-r7
027855def4
Add module documentation for struts_dmi_exec
2016-05-02 15:43:34 -05:00
tdoan-r7
7e5fced46b
MS-1196 Minor edits to the kb for the web_delivery module
2016-03-22 12:26:55 -05:00
tdoan-r7
4c42a74d48
MS-1195 minor grammatical edits to psexec kb
2016-03-21 14:18:16 -05:00
wchen-r7
698f425821
Auto <hr>
2016-03-08 11:25:15 -06:00
wchen-r7
03eb568af7
Add --- to make sections to stand out more
2016-03-05 15:17:19 -06:00
wchen-r7
f4866fd5f0
Update template and web_delivery doc
2016-03-03 01:27:14 -06:00
wchen-r7
11964c5c1a
Add remote exploit demo and web_delivery doc
2016-03-02 19:52:11 -06:00
wchen-r7
eede7c9193
Link to WbemExec writeup
2016-03-02 11:05:33 -06:00
wchen-r7
e615e1072e
Update information about SMBv1
2016-03-02 10:51:45 -06:00
wchen-r7
d4c433e29f
Update psexec.md
2016-03-01 19:29:25 -06:00
wchen-r7
876a5b55f9
Update psexec.md
2016-03-01 19:06:40 -06:00
wchen-r7
f27d24fd60
Add module documentation for psexec
2016-03-01 18:52:47 -06:00
wchen-r7
99d593e9a0
missing an of
2016-03-01 15:11:29 -06:00
wchen-r7
552f2a148b
Add documentation for ms08_067_netapi
2016-03-01 15:09:30 -06:00
wchen-r7
3125c99e45
Remove this fake doc
2016-02-24 15:17:18 -06:00
wchen-r7
509a1e8de1
Add manual for demo purposes
2016-02-16 23:18:29 -06:00