sinn3r
59468846e3
Change filename
2012-06-02 01:51:20 -05:00
sinn3r
522991f351
Correct name
2012-06-02 01:49:43 -05:00
sinn3r
7fd3644b8b
Add CVE-2011-4825 module
2012-06-01 18:45:44 -05:00
sinn3r
bd5f43c918
Add another good reference by @mihi42
2012-04-01 01:30:50 -05:00
sinn3r
bab4cddd83
Add Jeroen Frijters for finding/reporting the bug
2012-03-31 03:01:09 -05:00
James Lee
cc54a260f5
Merge remote branch 'upstream/master'
2012-03-30 14:31:12 -06:00
James Lee
0547369966
Add bap support for flash mp4 and new java bug
...
Also fixes a silly issue where adobe_flash_mp4_cprt was adding the
/test.mp4 resource after every request instead of just once at startup.
2012-03-30 12:59:07 -06:00
Steve Tornio
ae21c05e69
add osvdb ref
2012-03-30 07:26:07 -05:00
sinn3r
e018c6604f
Modify CVE-2012-0507
2012-03-30 02:06:56 -05:00
Tod Beardsley
f069a32223
Merge pull request #288 from wchen-r7/cve_2012_0507
...
Adding sinn3r and juan's exploit for CVE-2012-0507. Blog post coming soon.
2012-03-29 08:46:49 -07:00
sinn3r
791ebdb679
Add CVE-2012-0507 (Java)
2012-03-29 10:31:14 -05:00
Tod Beardsley
2f3bbdc00c
Sed replacement of exploit-db links with EDB refs
...
This is the result of:
find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/ \([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
Tod Beardsley
23c9c51014
Fixing CVE format on sit_file_upload.
2012-03-21 09:59:20 -05:00
sinn3r
aeb691bbee
Massive whitespace cleanup
2012-03-18 00:07:27 -05:00
sinn3r
7c77fe20cc
Some variables don't need to be in a double-quote.
2012-03-17 20:37:42 -05:00
Tod Beardsley
e3f2610985
Msftidy run through on the easy stuff.
...
Still have some hits, but that requires a little more code contortion to
fix.
2012-03-15 17:06:20 -05:00
Tod Beardsley
9144c33345
MSFTidy check for capitalization in modules
...
And also fixes up a dozen or so failing modules.
2012-03-15 16:38:12 -05:00
sinn3r
5250b179c8
Add CVE and OSVDB ref
2012-03-15 04:40:27 -05:00
James Lee
8d93e3ad44
Actually use the password we were given...
2012-03-08 10:17:39 -07:00
James Lee
02ea38516f
Add a check method for tomcat_mgr_deploy
2012-03-06 23:22:44 -07:00
sinn3r
22a12a6dfc
Add Lotus CMS exploit (OSVDB-75095)
2012-03-06 11:36:28 -06:00
James Lee
464cf7f65f
Normalize service names
...
Downcases lots and standardizes a few. Notably, modules that reported a
service name of "TNS" are now "oracle". Modules that report http
now check for SSL and report https instead.
[Fixes #6437 ]
2012-02-21 22:59:20 -07:00
HD Moore
4932a9ca25
Dont dump an HTML document to the console
2012-02-21 23:45:25 -06:00
Tod Beardsley
4a631e463c
Module title normalization
...
Module titles should read like titles. For
capitalization rules in English, see:
http://owl.english.purdue.edu/owl/resource/592/01/
The only exceptions are function names (like 'thisFunc()') and specific
filenames (like thisfile.ocx).
2012-02-21 11:07:44 -06:00
HD Moore
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
HD Moore
af56807668
Cleanup the titles of many exploit modules
2012-02-20 19:25:55 -06:00
sinn3r
5bb9afe789
Correct disclosure date format
2012-02-16 18:15:51 -06:00
Joshua J. Drake
01a6b02c3e
Add exploit for CVE-2012-0209, thx eromang!
2012-02-16 03:10:55 -06:00
Joshua J. Drake
d2444e1cf6
fix a few typos
2012-02-16 03:10:22 -06:00
Tod Beardsley
829040d527
A bunch of msftidy fixes, no functional changes.
2012-02-10 19:44:03 -06:00
Jonathan Cran
c3bd151197
add a ranking
2012-01-31 20:43:32 -06:00
Steve Tornio
e392958d90
add osvdb ref
2012-01-31 07:06:33 -06:00
sinn3r
bfd4734cbf
Forgot to add CMD as a datastore option, here it is
2012-01-30 17:34:58 -06:00
sinn3r
08134ad600
Add Exploit-DB reference
2012-01-30 16:17:25 -06:00
sinn3r
f3c340a9ab
Add vBSEO proc_deutf() Remote Code Execution (Feature #6307 )
2012-01-30 16:15:27 -06:00
sinn3r
9e5d2ff60e
Improve URI, plus some other minor changes.
2012-01-19 13:26:25 -06:00
joernchen of Phenoelit
2199cd18d7
fine tuning thx to sinn3r
2012-01-19 19:50:30 +01:00
joernchen of Phenoelit
df9380500a
disclosure date added
2012-01-19 19:19:53 +01:00
joernchen of Phenoelit
197eb16f72
gitorious remote command exec exploit
2012-01-19 11:36:08 +01:00
Tod Beardsley
7e25f9a6cc
Death to unicode
...
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.
Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
Tod Beardsley
e7d7302644
Dropping the umlaut, sacrificing accuracy for usability. Can't guarantee a viewer has a Unicode-capable terminal.
2012-01-09 11:22:44 -06:00
sinn3r
243dbe50f0
Correct author name. Unfortunately not all editors can print unicode correctly.
2012-01-07 15:18:25 -06:00
sinn3r
4e858aba89
Add CVE-2012-0262 Op5 welcome.php Remote Code Execution
2012-01-07 15:13:45 -06:00
sinn3r
4645c1c2b9
Add CVE-2012-0261 Op5 license.php Remote Code Execution
2012-01-07 15:12:49 -06:00
sinn3r
d484e18300
Add e-mail for tecr0c
2011-12-29 11:14:15 -06:00
sinn3r
b5b2c57b9f
Correct e-mail format
2011-12-29 10:57:00 -06:00
Steve Tornio
a00dad32fe
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2011-12-29 07:50:33 -06:00
Steve Tornio
27d1601028
add osvdb ref
2011-12-29 07:49:16 -06:00
Tod Beardsley
0e3370f1fe
Grammar and spelling on splunk and oracle exploits
2011-12-28 13:42:56 -06:00
sinn3r
101eba6aa5
Add CVE-2011-3587 Plone/Zope Remote CMD Injection (Feature #6151 )
2011-12-27 00:59:26 -06:00