Commit Graph

44301 Commits (7b386ea2c8a4e2de94f5aa99f996800bdb925fe6)

Author SHA1 Message Date
Jon Hart 7b386ea2c8
Fix msftidy warnings wrt Set-Cookie 2017-12-19 06:58:23 -08:00
Tod Beardsley 85350a9645
Add Rapid7 blog references 2017-12-18 17:11:47 -06:00
Tod Beardsley ae4edd65e1
Hard wrap descriptions 2017-12-18 17:03:13 -06:00
Tod Beardsley c2b8d23854
Kill trailing whitespace 2017-12-18 16:56:09 -06:00
Tod Beardsley 65da14c165
Adding docs for modules 2017-12-18 16:47:43 -06:00
Tod Beardsley 72d3592b9c
New requires for Cambium mixins 2017-12-18 16:38:18 -06:00
Tod Beardsley 27a324237b
Initial commit for Cambium issues from @juushya
Note, these will trigger a bunch of WARNING msftidy messages for setting
cookies directly. This is on purpose.
2017-12-18 16:32:55 -06:00
Tod Beardsley f18f90e7e4 Merge remote-tracking branch 'upstream/master' 2017-12-12 14:48:58 -06:00
Wei Chen 6149f51273
Land #9256, Add aux module to discover WSDD enabled devices
Land #9256
2017-12-12 11:55:42 -06:00
Wei Chen fdd4fc1c41
Land #9292, fix variable name to store the username
Land #9292
2017-12-12 11:21:33 -06:00
securekomodo b335cacfc1
Update wp_slideshowgallery_upload.rb
Variable on line 67 needs to be changed to "user" from "username" which was undefined and causing error during exploit execution.

[-] Exploit failed: NameError undefined local variable or method `username' for #<Msf::Modules::Mod6578706c6f69742f756e69782f7765626170702f77705f736c69646573686f7767616c6c6572795f75706c6f6164::MetasploitModule:0x0055c61ab093f8>

After changing the incorrect variable name from "username" to "user", the exploit completes.
2017-12-12 00:33:28 -05:00
Matthew Kienow d79b0ad981
Land #9286, Advantech WebAccess webvrpcs BOF RCE 2017-12-12 00:25:56 -05:00
mr_me e7a2dd2e71 fixed email 2017-12-11 23:20:46 -06:00
mr_me 26e2eb8f1a Changed to good ranking 2017-12-11 23:14:36 -06:00
Pearce Barry 7f93cca446
Land #9288, Add Dup Scout Enterprise login buffer overflow 2017-12-11 17:12:20 -06:00
Pearce Barry 9a6c54840b
Minor tweak to use vprint... 2017-12-11 16:48:47 -06:00
mr_me f8977ed72c added some fixes 2017-12-11 11:34:17 -06:00
Brent Cook 63b5bb3dea
Land #9126, Add android advanced options 2017-12-11 04:11:44 -06:00
Brent Cook 602335abf1 bump payloads 2017-12-11 04:11:21 -06:00
Brent Cook 1653e31f71 Merge branch 'upstream-master' into land-9126- 2017-12-11 03:57:00 -06:00
William Vu bbbe48efbb
Land #9289, typo fix for sysgauge_client_bof.md 2017-12-09 19:37:13 -06:00
Chris Higgins 3a14ac3b37 Fixed a spelling error in documentation 2017-12-09 02:30:42 -06:00
Chris Higgins e91830efe7 Add Dup Scout Enterprise login buffer overflow 2017-12-09 02:20:05 -06:00
Metasploit 348cbe54b6
Bump version of framework to 4.16.23 2017-12-08 10:01:55 -08:00
Tod Beardsley 61a8c2456d Merge remote-tracking branch 'upstream/master' 2017-12-08 11:42:24 -06:00
Brent Cook 378f11d859
Land #9279, add docker pull badge to readme 2017-12-07 21:53:35 -06:00
mr_me 34ef650b0d fixed up msftidy, opps. 2017-12-07 17:03:39 -06:00
mr_me 073ffcb3bc added some docs 2017-12-07 16:58:14 -06:00
mr_me 75a82b3fe7 Advantech WebAccess webvrpcs ViewDll1 Stack-based Buffer Overflow Remote Code Execution Vulnerability 2017-12-07 16:34:26 -06:00
Adam Cammack 5b5ac878cc
Land #9285, Handle IPv6 addresses in `full_uri` 2017-12-07 13:25:05 -06:00
William Vu 2565ad6a27 Handle IPv6 addresses in full_uri (add brackets) 2017-12-07 12:56:55 -06:00
William Vu 0a0d24d8f8
Land #9276, cleanup of crufty code 2017-12-07 00:43:27 -06:00
Christian Mehlmauer 912fbc3b8c
add docker pull badge to readme 2017-12-06 20:34:40 +01:00
Brent Cook ce2db3cd87
Land #9275, CVE-2017-11882 (docs fix) 2017-12-05 10:16:54 -06:00
Brent Cook c15f379343 remove some unneeded backward-compat code 2017-12-04 22:27:21 -06:00
Austin 14226c5f33
missing docs on options
Missed fixes on documentation
2017-12-04 20:58:36 -05:00
William Webb 04b57f82e8
Land #9274, Remove spaces from EOL 2017-12-04 17:11:06 -08:00
William Webb adba277be0
axe errant spaces at EOL 2017-12-04 16:57:48 -08:00
William Webb 69b01d26bb
Land #9226, Microsoft Office OLE object memory corruption 2017-12-04 16:50:27 -08:00
William Vu 19b37c7070
Land #9263, drb_remote_codeexec fixes
See pull requests #7531 and #7749 for hysterical raisins.
2017-12-04 18:45:03 -06:00
Brent Cook 3cf1ffeb5f
Land #9273, add authors to osx local root exploit 2017-12-04 18:42:23 -06:00
Brent Cook b13f4e25e1 thanks for making this well-known 2017-12-04 18:32:31 -06:00
Brent Cook a27bb38d51 add authors 2017-12-04 18:25:18 -06:00
Austin b96dac28d5
fix info segment 2017-12-04 16:42:41 -05:00
Austin b7f17f5519
fix documentation 2017-12-04 16:41:27 -05:00
Brent Cook f83e9815dd
Land #9210, Add a Polycom HDX RCE 2017-12-04 12:49:35 -06:00
Brent Cook 7edab268f5 handle case-insensitive password, fix received 2017-12-04 12:47:40 -06:00
Austin 06334aa2bd
Update polycom_hdx_traceroute_exec.rb 2017-12-04 11:05:01 -05:00
Metasploit fd1681edd9
Bump version of framework to 4.16.22 2017-12-01 10:04:07 -08:00
Austin c788e4e540
Update office_ms17_11882.rb 2017-12-01 11:36:03 -05:00