sinn3r
ae659507d2
Land #2336 - GE Proficy Cimplicity WebView Directory Traversal
2013-09-08 23:05:57 -05:00
jvazquez-r7
3d48ba5cda
Escape dot on regex
2013-09-08 20:26:20 -05:00
sinn3r
47147444af
Land #2327 HP SiteScope Remote Code Execution
2013-09-08 20:14:27 -05:00
sinn3r
c3db41334b
Add MS13-055 Internet Explorer Use-After-Free Vulnerability
...
In IE8 standards mode, it's possible to cause a use-after-free condition by first
creating an illogical table tree, where a CPhraseElement comes after CTableRow,
with the final node being a sub table element. When the CPhraseElement's outer
content is reset by using either outerText or outerHTML through an event handler,
this triggers a free of its child element (in this case, a CAnchorElement, but
some other objects apply too), but a reference is still kept in function
SRunPointer::SpanQualifier. This function will then pass on the invalid reference
to the next functions, eventually used in mshtml!CElement::Doc when it's trying to
make a call to the object's SecurityContext virtual function at offset +0x70, which
results a crash. An attacker can take advantage of this by first creating an
CAnchorElement object, let it free, and then replace the freed memory with another
fake object. Successfully doing so may allow arbitrary code execution under the
context of the user.
This bug is specific to Internet Explorer 8 only. It was originally discovered by
Orange Tsai at Hitcon 2013, but was silently patched in the July 2013 update, so
no CVE as of now.
2013-09-08 20:02:23 -05:00
jvazquez-r7
02cc53e893
Land #2298 , @dzruyk's DoS aux module for CVE-2013-4124
2013-09-07 16:11:49 -05:00
jvazquez-r7
a40e0ba704
Clean up read_nttrans_ea_list
2013-09-07 16:11:00 -05:00
jvazquez-r7
be9b0da595
Update print message
2013-09-06 16:09:38 -05:00
jvazquez-r7
830bc2ae64
Update OSVDB reference
2013-09-06 13:01:39 -05:00
jvazquez-r7
4e3d4994c3
Update description
2013-09-06 12:58:54 -05:00
jvazquez-r7
45821a505b
Add module for CVE-2013-0653
2013-09-06 12:42:34 -05:00
jvazquez-r7
5e16580c68
Land #2280 , @jvennix-r7's exploit for CVE-2012-5519
2013-09-06 10:22:06 -05:00
jvazquez-r7
ffa600ff8b
Fix really the check method
2013-09-06 10:21:18 -05:00
jvazquez-r7
9b9e1592fd
Retab changes
2013-09-06 10:13:38 -05:00
jvazquez-r7
a64f960bfc
Merge for retab
2013-09-06 10:12:55 -05:00
jvazquez-r7
d9fed860a5
Fix check method
2013-09-06 10:11:06 -05:00
Brandon Turner
83a827095b
Older versions of rake break specs
2013-09-06 09:34:05 -05:00
Brandon Turner
c1e3884e5a
Update active* and other gems
2013-09-06 09:34:05 -05:00
Brandon Turner
35ec21cc97
Update test gems
...
This should not affect core Metasploit Framework as it only updates gems
in the test group (and dependencies of those gems).
2013-09-06 09:34:05 -05:00
Brandon Turner
cf69577433
Remove rpsec should_not raise_error deprecations
...
Checking that a specifc error is not raised is deprecated in rspec:
https://github.com/rspec/rspec-expectations/pull/244
2013-09-06 09:34:05 -05:00
Brandon Turner
4760000bca
Replace mock with double in specs
...
mock is deprecated - https://www.relishapp.com/rspec/rspec-mocks/docs
2013-09-06 09:34:05 -05:00
jvazquez-r7
7d4bf0c739
Retab changes for PR #2327
2013-09-05 23:25:41 -05:00
jvazquez-r7
34b499588b
Merge for retab
2013-09-05 23:24:22 -05:00
jvazquez-r7
eb745af12f
Land #1054 , @Meatballs1 exploit for IPsec Keying and more
2013-09-05 16:53:20 -05:00
Meatballs
473f08bbb6
Register cleanup and update check
2013-09-05 22:43:26 +01:00
Meatballs
400b433267
Sort out exception handling
2013-09-05 22:21:44 +01:00
James Lee
adfb31e30a
Land #2316 , don't modify datastore in authbrute
2013-09-05 16:04:15 -05:00
jvazquez-r7
340756f7b2
Land #2248 , @tabassassin's retab work
2013-09-05 15:59:33 -05:00
jvazquez-r7
b5a62353f9
Land @tabassassin's work on retab
2013-09-05 15:48:26 -05:00
jvazquez-r7
368a78a963
Undo post setup change
2013-09-05 15:00:58 -05:00
Meatballs
d4043a6646
Spaces and change to filedropper
2013-09-05 20:41:37 +01:00
Meatballs
c5daf939d1
Stabs tabassassin
2013-09-05 20:36:52 +01:00
Tab Assassin
f780a41f87
Retab changes for PR #2248
2013-09-05 14:12:24 -05:00
Tab Assassin
554d1868ce
Merge for retab
2013-09-05 14:12:18 -05:00
James Lee
41f6ab3073
Land #2294 , fix post setup
...
Conflicts:
lib/msf/core/post.rb
2013-09-05 14:11:32 -05:00
Tab Assassin
0d884ebbab
Retab changes for PR #2278
2013-09-05 14:08:14 -05:00
Tab Assassin
63612a64e9
Merge for retab
2013-09-05 14:08:09 -05:00
Meatballs
9787bb80e7
Address @jlee-r7's feedback
2013-09-05 19:57:05 +01:00
Tab Assassin
597f337d1b
Retab changes for PR #2298
2013-09-05 13:52:10 -05:00
Tab Assassin
acfef429c2
Merge for retab
2013-09-05 13:52:05 -05:00
jvazquez-r7
206b52ea30
Land #2325 , @jlee-r7's Linux PrependFork addition
2013-09-05 13:50:59 -05:00
jlee-r7
67257868e3
Merge pull request #5 from tabassassin/retab/pr/2325
...
Retab/pr/2325
2013-09-05 11:46:27 -07:00
jvazquez-r7
523b63c41e
Land #2328 , @jgor's changes for joomla_media_upload_exec
2013-09-05 13:37:34 -05:00
jvazquez-r7
86ceadc53d
Fix target description
2013-09-05 13:37:01 -05:00
jvazquez-r7
d43326d0f4
Check 302 while checking too
2013-09-05 13:36:35 -05:00
jvazquez-r7
ab83a12354
Check 302 on anonymous access too
2013-09-05 13:35:52 -05:00
Tab Assassin
abb52a086c
Retab changes for PR #2316
2013-09-05 13:33:59 -05:00
Tab Assassin
8665de0261
Merge for retab
2013-09-05 13:33:49 -05:00
jgor
57d2550a37
Merge pull request #1 from tabassassin/retab/pr/2328
...
Retab/pr/2328
2013-09-05 11:27:31 -07:00
Tab Assassin
896bb129cd
Retab changes for PR #2325
2013-09-05 13:24:09 -05:00
Tab Assassin
5ff25d8b96
Merge for retab
2013-09-05 13:23:25 -05:00