Christian Mehlmauer
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
sinn3r
d1523c59a9
Land #3965 - BMC Track-It! Arbitrary File Upload
2014-10-17 19:47:42 -05:00
URI Assassin
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Tod Beardsley
b1223165d4
Trivial grammar fixes
2014-10-14 12:00:50 -05:00
Pedro Ribeiro
4b7a446547
... and restore use of the complicated socket
2014-10-09 18:30:45 +01:00
Pedro Ribeiro
c78651fccc
Use numbers for version tracking
2014-10-09 18:29:27 +01:00
jvazquez-r7
411f6c8b2d
Land #3793 , @mfadzilr's exploit for CVE-2014-6287, HFS remote code execution
2014-10-08 12:16:09 -05:00
jvazquez-r7
98b69e095c
Use %TEMP% and update ranking
2014-10-08 12:12:00 -05:00
jvazquez-r7
d90fe4f724
Improve check method
2014-10-08 12:03:16 -05:00
jvazquez-r7
25344aeb6a
Change filename
2014-10-08 11:55:33 -05:00
jvazquez-r7
909f88680b
Make exploit aggressive
2014-10-08 11:08:01 -05:00
jvazquez-r7
d02f0dc4b9
Make minor cleanup
2014-10-08 10:36:56 -05:00
jvazquez-r7
d913bf1c35
Fix metadata
2014-10-08 10:29:59 -05:00
Pedro Ribeiro
0a9795216a
Add OSVDB id and full disclosure URL
2014-10-08 08:25:41 +01:00
Pedro Ribeiro
d328b2c29d
Add exploit for Track-It! file upload vuln
2014-10-07 23:50:10 +01:00
mfadzilr
a2a2ca550e
add test result on different windows version
2014-09-20 20:06:30 +08:00
mfadzilr
dd71c666dc
added osvdb reference and software download url, use FileDropper method
...
for cleanup
2014-09-20 15:31:28 +08:00
mfadzilr
19ed594e98
using FileDropper method for cleanup
2014-09-20 10:52:21 +08:00
mfadzilr
677d035ce8
added proper regex for check function
...
add comment for changed code
2014-09-19 11:30:51 +08:00
mfadzilr
978803e9d8
add proper regex
2014-09-16 21:49:02 +08:00
mfadzilr
783b03efb6
change line 84 as mubix advice, update disclosure date according to
...
bugtraq security list.
2014-09-15 17:21:05 +08:00
mfadzilr
9860ed340e
run msftidy, make correction for CVE format and space at EOL (line 77)
2014-09-15 13:13:25 +08:00
mfadzilr
f1d3c44f4f
exploit module for HTTP File Server version 2.3b, exploiting HFS scripting commands 'save' and 'exec'.
2014-09-15 12:59:27 +08:00
mfadzilr
74ef83812a
update module vulnerability information
2014-09-15 01:43:18 +08:00
mfadzilr
8b4b66fcaa
initial test
2014-09-14 12:26:02 +08:00
sinn3r
0a6ce1f305
Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP
2014-09-09 17:21:03 -05:00
jvazquez-r7
f063dcf0f4
Land #3741 , @pedrib's module for CVE-2014-5005 Desktop Central file upload
2014-09-04 15:44:21 -05:00
jvazquez-r7
f466b112df
Minor cleaning on check
2014-09-04 15:43:59 -05:00
jvazquez-r7
74b8e8eb40
Change module filename
2014-09-04 15:39:34 -05:00
jvazquez-r7
7563c0bd0e
Use Gem::Version
2014-09-04 14:40:13 -05:00
jvazquez-r7
2615a7a3be
Favor \&\& and || operands
2014-09-04 14:35:37 -05:00
Pedro Ribeiro
f0e3fa18a3
Restore the original filename
2014-09-03 21:32:05 +01:00
Pedro Ribeiro
d69049008c
Refactor and rename desktopcentra_file_upload
...
- Rewrite check method
- Declare that v7 is also exploitable (tested and it works)
- Rename to dc_agentlogupload_file_upload to match the other DC module's naming convention
- Add CVE / OSVDB / Full disclosure references
2014-09-02 23:12:33 +01:00
Pedro Ribeiro
05856016c9
Add exploit for CVE-2014-5005
2014-09-02 23:09:10 +01:00
jvazquez-r7
8b1791da22
Modify modules to keep old behavior
2014-08-31 01:18:53 -05:00
Meatballs
474ee81807
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-20 21:01:54 +01:00
sinn3r
8733dcb2f8
Land #3531 - Windows 2008 Update for HP AutoPass License
2014-07-16 15:13:05 -05:00
William Vu
ff6c8bd5de
Land #3479 , broken sock.get fix
2014-07-16 14:57:32 -05:00
William Vu
b6ded9813a
Remove EOL whitespace
2014-07-16 14:56:34 -05:00
Meatballs
7583ed4950
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-16 20:34:34 +01:00
jvazquez-r7
6d05a24653
Add target information
2014-07-15 17:45:45 -05:00
jvazquez-r7
604a612393
Have into account differences between windows default installs
2014-07-15 15:03:07 -05:00
jvazquez-r7
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
Tod Beardsley
9fef2ca0f3
Description/whitespace changes (minor)
...
Four modules updated for the weekly release with minor cosmetic fixes.
- [ ] See all affected modules still load.
- [ ] See all affected modules have expected `info`
2014-07-07 12:39:05 -05:00
sinn3r
79c433e7ea
Land #3480 - Oracle Event Processing FileUploadServlet Arbitrary File Upload
2014-07-03 14:09:12 -05:00
sinn3r
c207d14d1f
Update description
2014-07-03 14:08:31 -05:00
jvazquez-r7
5e0211016d
Merge to solve conflicts
2014-07-03 09:16:04 -05:00
sinn3r
449fde5e7c
Description update
2014-07-01 10:26:52 -05:00
sinn3r
c43006f820
Update cogent module description, fix msftidy warnings
2014-07-01 10:06:33 -05:00
jvazquez-r7
1acd5e76cb
Add check code for event processing 12
2014-06-29 15:47:57 -05:00