67cd62f306
Land #2366 - HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload
2013-09-16 01:44:23 -05:00
b993a4bda9
Land #2367 - HP ProCurve Manager SNAC UpdateDomainControllerServlet File Upload
2013-09-16 01:43:07 -05:00
2741983158
Update description
2013-09-13 18:31:11 -05:00
40aeaf445b
Add auxiliary module for HP SNAC Auth Bypass
2013-09-13 18:29:57 -05:00
54e9cd81f3
Add module for ZDI-13-226
2013-09-13 17:31:51 -05:00
10303a8c2a
Delete debug print_status
2013-09-13 17:05:23 -05:00
dca4351303
Add check function
2013-09-13 16:51:14 -05:00
f7c4e081bb
Add module for ZDI-13-225
2013-09-13 16:40:28 -05:00
813290cd68
Land #2357
2013-09-13 14:26:30 -05:00
b2ba4b445f
Land #2362 , update description
2013-09-13 12:56:04 -05:00
4847976995
Update information about original discovery
...
Update info about original discovoery. See #2337 too.
2013-09-13 10:42:11 -05:00
c665f41cd6
Fix description
2013-09-13 09:09:14 -05:00
84f015320a
Probably helps to use the right alternate exploit name.
2013-09-12 16:16:49 -05:00
14577441ca
Deprecates windows persistence post module.
2013-09-12 16:10:48 -05:00
ac90cd1263
Land #2248 - Fix dlink upnp exec noauth
2013-09-12 15:10:20 -05:00
149312a4c0
Correct wordpress_login_enum for #2301
...
tabassassin created a mess and I failed to resolve it properly.
Attempt #2 . See #2301 .
2013-09-12 14:56:46 -05:00
91b8ca8f22
Merge branch 'pr2301' into upstream-master
...
Conflicts:
modules/auxiliary/scanner/http/wordpress_login_enum.rb
2013-09-12 14:52:34 -05:00
34383661cb
Land #2351 - Agnitum Outpost Internet Security Local Privilege Escalation
2013-09-12 14:21:05 -05:00
5aa6a0dd6b
Land #2346 - Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
2013-09-12 14:19:02 -05:00
f42e6e8bca
Land #2345 - Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
2013-09-12 14:17:24 -05:00
8db66aeb98
Yes, clearly it is.
2013-09-12 14:16:34 -05:00
d781f447db
Merge branch 'pr2345' into upstream-master
2013-09-12 14:15:18 -05:00
d006ee52b1
Land #2344 - Sophos Web Protection Appliance patience.cgi Directory Traversal
2013-09-12 14:13:32 -05:00
9ad1be7318
Make junk easier
2013-09-11 09:33:01 -05:00
825eb9d1ca
Add module for OSVDB 96208
2013-09-11 00:11:00 -05:00
4f1db80c24
Fix requires in new post modules
2013-09-10 11:13:07 -05:00
df3aae0cae
Land #2341 , @todb-r7's grammar fixes
2013-09-10 09:20:29 -05:00
02a073a8fe
Change module filename
2013-09-09 23:30:37 -05:00
64348dc020
Update information
2013-09-09 23:29:48 -05:00
bf40dc02ce
Add module for CVE-2013-4984
2013-09-09 23:27:24 -05:00
c3ff9a03d8
Add module for CVE-2013-4983
2013-09-09 23:26:10 -05:00
06f7abc552
Helps to put the rand() wrapper in
2013-09-09 20:26:11 -05:00
baff3577e5
FixRM #8034 Pick a valid certificate expiration
2013-09-09 20:24:52 -05:00
93c0b02b3b
Land #2342 , fix for smb_enumshares Array-ness
2013-09-09 16:55:01 -05:00
f73c18ccd9
Store the Array, not human-readable version
...
[SeeRM #8389 ]
2013-09-09 16:44:47 -05:00
aff35a615b
Grammar fixes in descriptions
2013-09-09 15:09:53 -05:00
2252aee398
Fix ltype on store_loot
2013-09-09 14:02:28 -05:00
ce769b0c78
Add module for CVE-2013-2641
2013-09-09 13:56:45 -05:00
791b6f69c2
Land #2337 , @wchen-r7's exploit for MS13-055
2013-09-09 11:12:03 -05:00
0ee0168556
Retabbed
...
One kills a man, one is an assassin; one kills millions, one is a
conqueror; one kills a tab, one is a Metasploit dev.
2013-09-09 10:01:01 -05:00
6ab905e9e0
Less alignment
2013-09-09 09:39:02 -05:00
992bdcf530
Not from the future
2013-09-09 00:36:28 -05:00
ae659507d2
Land #2336 - GE Proficy Cimplicity WebView Directory Traversal
2013-09-08 23:05:57 -05:00
3d48ba5cda
Escape dot on regex
2013-09-08 20:26:20 -05:00
47147444af
Land #2327 HP SiteScope Remote Code Execution
2013-09-08 20:14:27 -05:00
c3db41334b
Add MS13-055 Internet Explorer Use-After-Free Vulnerability
...
In IE8 standards mode, it's possible to cause a use-after-free condition by first
creating an illogical table tree, where a CPhraseElement comes after CTableRow,
with the final node being a sub table element. When the CPhraseElement's outer
content is reset by using either outerText or outerHTML through an event handler,
this triggers a free of its child element (in this case, a CAnchorElement, but
some other objects apply too), but a reference is still kept in function
SRunPointer::SpanQualifier. This function will then pass on the invalid reference
to the next functions, eventually used in mshtml!CElement::Doc when it's trying to
make a call to the object's SecurityContext virtual function at offset +0x70, which
results a crash. An attacker can take advantage of this by first creating an
CAnchorElement object, let it free, and then replace the freed memory with another
fake object. Successfully doing so may allow arbitrary code execution under the
context of the user.
This bug is specific to Internet Explorer 8 only. It was originally discovered by
Orange Tsai at Hitcon 2013, but was silently patched in the July 2013 update, so
no CVE as of now.
2013-09-08 20:02:23 -05:00
02cc53e893
Land #2298 , @dzruyk's DoS aux module for CVE-2013-4124
2013-09-07 16:11:49 -05:00
a40e0ba704
Clean up read_nttrans_ea_list
2013-09-07 16:11:00 -05:00
be9b0da595
Update print message
2013-09-06 16:09:38 -05:00
830bc2ae64
Update OSVDB reference
2013-09-06 13:01:39 -05:00
sinn3r
jvazquez-r7
Tod Beardsley
Joe Vennix
HD Moore
James Lee