Commit Graph

691 Commits (75de792558170171ea69c86fac8307619d5dd610)

Author SHA1 Message Date
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
sinn3r d1523c59a9
Land #3965 - BMC Track-It! Arbitrary File Upload 2014-10-17 19:47:42 -05:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Tod Beardsley b1223165d4
Trivial grammar fixes 2014-10-14 12:00:50 -05:00
Pedro Ribeiro 4b7a446547 ... and restore use of the complicated socket 2014-10-09 18:30:45 +01:00
Pedro Ribeiro c78651fccc Use numbers for version tracking 2014-10-09 18:29:27 +01:00
jvazquez-r7 411f6c8b2d
Land #3793, @mfadzilr's exploit for CVE-2014-6287, HFS remote code execution 2014-10-08 12:16:09 -05:00
jvazquez-r7 98b69e095c Use %TEMP% and update ranking 2014-10-08 12:12:00 -05:00
jvazquez-r7 d90fe4f724 Improve check method 2014-10-08 12:03:16 -05:00
jvazquez-r7 25344aeb6a Change filename 2014-10-08 11:55:33 -05:00
jvazquez-r7 909f88680b Make exploit aggressive 2014-10-08 11:08:01 -05:00
jvazquez-r7 d02f0dc4b9 Make minor cleanup 2014-10-08 10:36:56 -05:00
jvazquez-r7 d913bf1c35 Fix metadata 2014-10-08 10:29:59 -05:00
Pedro Ribeiro 0a9795216a Add OSVDB id and full disclosure URL 2014-10-08 08:25:41 +01:00
Pedro Ribeiro d328b2c29d Add exploit for Track-It! file upload vuln 2014-10-07 23:50:10 +01:00
mfadzilr a2a2ca550e add test result on different windows version 2014-09-20 20:06:30 +08:00
mfadzilr dd71c666dc added osvdb reference and software download url, use FileDropper method
for cleanup
2014-09-20 15:31:28 +08:00
mfadzilr 19ed594e98 using FileDropper method for cleanup 2014-09-20 10:52:21 +08:00
mfadzilr 677d035ce8 added proper regex for check function
add comment for changed code
2014-09-19 11:30:51 +08:00
mfadzilr 978803e9d8 add proper regex 2014-09-16 21:49:02 +08:00
mfadzilr 783b03efb6 change line 84 as mubix advice, update disclosure date according to
bugtraq security list.
2014-09-15 17:21:05 +08:00
mfadzilr 9860ed340e run msftidy, make correction for CVE format and space at EOL (line 77) 2014-09-15 13:13:25 +08:00
mfadzilr f1d3c44f4f exploit module for HTTP File Server version 2.3b, exploiting HFS scripting commands 'save' and 'exec'. 2014-09-15 12:59:27 +08:00
mfadzilr 74ef83812a update module vulnerability information 2014-09-15 01:43:18 +08:00
mfadzilr 8b4b66fcaa initial test 2014-09-14 12:26:02 +08:00
sinn3r 0a6ce1f305
Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP 2014-09-09 17:21:03 -05:00
jvazquez-r7 f063dcf0f4
Land #3741, @pedrib's module for CVE-2014-5005 Desktop Central file upload 2014-09-04 15:44:21 -05:00
jvazquez-r7 f466b112df Minor cleaning on check 2014-09-04 15:43:59 -05:00
jvazquez-r7 74b8e8eb40 Change module filename 2014-09-04 15:39:34 -05:00
jvazquez-r7 7563c0bd0e Use Gem::Version 2014-09-04 14:40:13 -05:00
jvazquez-r7 2615a7a3be Favor \&\& and || operands 2014-09-04 14:35:37 -05:00
Pedro Ribeiro f0e3fa18a3 Restore the original filename 2014-09-03 21:32:05 +01:00
Pedro Ribeiro d69049008c Refactor and rename desktopcentra_file_upload
- Rewrite check method
- Declare that v7 is also exploitable (tested and it works)
- Rename to dc_agentlogupload_file_upload to match the other DC module's naming convention
- Add CVE / OSVDB / Full disclosure references
2014-09-02 23:12:33 +01:00
Pedro Ribeiro 05856016c9 Add exploit for CVE-2014-5005 2014-09-02 23:09:10 +01:00
jvazquez-r7 8b1791da22 Modify modules to keep old behavior 2014-08-31 01:18:53 -05:00
Meatballs 474ee81807
Merge remote-tracking branch 'upstream/master' into pr2075 2014-07-20 21:01:54 +01:00
sinn3r 8733dcb2f8
Land #3531 - Windows 2008 Update for HP AutoPass License 2014-07-16 15:13:05 -05:00
William Vu ff6c8bd5de
Land #3479, broken sock.get fix 2014-07-16 14:57:32 -05:00
William Vu b6ded9813a
Remove EOL whitespace 2014-07-16 14:56:34 -05:00
Meatballs 7583ed4950
Merge remote-tracking branch 'upstream/master' into pr2075 2014-07-16 20:34:34 +01:00
jvazquez-r7 6d05a24653 Add target information 2014-07-15 17:45:45 -05:00
jvazquez-r7 604a612393 Have into account differences between windows default installs 2014-07-15 15:03:07 -05:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
Tod Beardsley 9fef2ca0f3
Description/whitespace changes (minor)
Four modules updated for the weekly release with minor cosmetic fixes.

- [ ] See all affected modules still load.
- [ ] See all affected modules have expected `info`
2014-07-07 12:39:05 -05:00
sinn3r 79c433e7ea
Land #3480 - Oracle Event Processing FileUploadServlet Arbitrary File Upload 2014-07-03 14:09:12 -05:00
sinn3r c207d14d1f Update description 2014-07-03 14:08:31 -05:00
jvazquez-r7 5e0211016d Merge to solve conflicts 2014-07-03 09:16:04 -05:00
sinn3r 449fde5e7c Description update 2014-07-01 10:26:52 -05:00
sinn3r c43006f820 Update cogent module description, fix msftidy warnings 2014-07-01 10:06:33 -05:00
jvazquez-r7 1acd5e76cb Add check code for event processing 12 2014-06-29 15:47:57 -05:00