jvazquez-r7
825eb9d1ca
Add module for OSVDB 96208
2013-09-11 00:11:00 -05:00
James Lee
6ba9693d5d
Land #2349 pymeterp fixes
2013-09-10 16:42:58 -05:00
Spencer McIntyre
e3e2c69de1
Fix additional issues in the python meterpreter.
2013-09-10 15:06:33 -04:00
Tod Beardsley
c40b68f252
Land #2347 , nail down the require paths
2013-09-10 11:41:13 -05:00
jvazquez-r7
4f1db80c24
Fix requires in new post modules
2013-09-10 11:13:07 -05:00
Tod Beardsley
cf8c11ca89
Land #2335 , Gemfile updates (run bundle install!)
...
FAQ:
Q: I get an error telling me to run bundle install when I try to start
msfconsole. What do I do?
A: Type: "bundle install" (or msfupdate which runs it, too)
2013-09-10 11:08:23 -05:00
jvazquez-r7
df3aae0cae
Land #2341 , @todb-r7's grammar fixes
2013-09-10 09:20:29 -05:00
Tod Beardsley
adddf2b188
Land #2343 protect vs int wrap on ARM/Android
...
[FixRM #8034 ]
2013-09-09 20:37:25 -05:00
HD Moore
06f7abc552
Helps to put the rand() wrapper in
2013-09-09 20:26:11 -05:00
HD Moore
baff3577e5
FixRM #8034 Pick a valid certificate expiration
2013-09-09 20:24:52 -05:00
Tod Beardsley
93c0b02b3b
Land #2342 , fix for smb_enumshares Array-ness
2013-09-09 16:55:01 -05:00
James Lee
f73c18ccd9
Store the Array, not human-readable version
...
[SeeRM #8389 ]
2013-09-09 16:44:47 -05:00
Tod Beardsley
aff35a615b
Grammar fixes in descriptions
2013-09-09 15:09:53 -05:00
Tod Beardsley
fd7501d729
Land #2340 , fix ltype on proficy module.
2013-09-09 14:28:38 -05:00
jvazquez-r7
2252aee398
Fix ltype on store_loot
2013-09-09 14:02:28 -05:00
jvazquez-r7
791b6f69c2
Land #2337 , @wchen-r7's exploit for MS13-055
2013-09-09 11:12:03 -05:00
sinn3r
e9e7fe670d
Land #2331 - Change rules on tabbing
2013-09-09 10:35:23 -05:00
sinn3r
0ee0168556
Retabbed
...
One kills a man, one is an assassin; one kills millions, one is a
conqueror; one kills a tab, one is a Metasploit dev.
2013-09-09 10:01:01 -05:00
sinn3r
6ab905e9e0
Less alignment
2013-09-09 09:39:02 -05:00
Tod Beardsley
2d9eb9e89b
Be more explicit about two-space tabs
2013-09-09 09:34:48 -05:00
sinn3r
992bdcf530
Not from the future
2013-09-09 00:36:28 -05:00
sinn3r
ae659507d2
Land #2336 - GE Proficy Cimplicity WebView Directory Traversal
2013-09-08 23:05:57 -05:00
jvazquez-r7
3d48ba5cda
Escape dot on regex
2013-09-08 20:26:20 -05:00
sinn3r
47147444af
Land #2327 HP SiteScope Remote Code Execution
2013-09-08 20:14:27 -05:00
sinn3r
c3db41334b
Add MS13-055 Internet Explorer Use-After-Free Vulnerability
...
In IE8 standards mode, it's possible to cause a use-after-free condition by first
creating an illogical table tree, where a CPhraseElement comes after CTableRow,
with the final node being a sub table element. When the CPhraseElement's outer
content is reset by using either outerText or outerHTML through an event handler,
this triggers a free of its child element (in this case, a CAnchorElement, but
some other objects apply too), but a reference is still kept in function
SRunPointer::SpanQualifier. This function will then pass on the invalid reference
to the next functions, eventually used in mshtml!CElement::Doc when it's trying to
make a call to the object's SecurityContext virtual function at offset +0x70, which
results a crash. An attacker can take advantage of this by first creating an
CAnchorElement object, let it free, and then replace the freed memory with another
fake object. Successfully doing so may allow arbitrary code execution under the
context of the user.
This bug is specific to Internet Explorer 8 only. It was originally discovered by
Orange Tsai at Hitcon 2013, but was silently patched in the July 2013 update, so
no CVE as of now.
2013-09-08 20:02:23 -05:00
jvazquez-r7
02cc53e893
Land #2298 , @dzruyk's DoS aux module for CVE-2013-4124
2013-09-07 16:11:49 -05:00
jvazquez-r7
a40e0ba704
Clean up read_nttrans_ea_list
2013-09-07 16:11:00 -05:00
jvazquez-r7
be9b0da595
Update print message
2013-09-06 16:09:38 -05:00
jvazquez-r7
830bc2ae64
Update OSVDB reference
2013-09-06 13:01:39 -05:00
jvazquez-r7
4e3d4994c3
Update description
2013-09-06 12:58:54 -05:00
jvazquez-r7
45821a505b
Add module for CVE-2013-0653
2013-09-06 12:42:34 -05:00
jvazquez-r7
5e16580c68
Land #2280 , @jvennix-r7's exploit for CVE-2012-5519
2013-09-06 10:22:06 -05:00
jvazquez-r7
ffa600ff8b
Fix really the check method
2013-09-06 10:21:18 -05:00
jvazquez-r7
9b9e1592fd
Retab changes
2013-09-06 10:13:38 -05:00
jvazquez-r7
a64f960bfc
Merge for retab
2013-09-06 10:12:55 -05:00
jvazquez-r7
d9fed860a5
Fix check method
2013-09-06 10:11:06 -05:00
Brandon Turner
83a827095b
Older versions of rake break specs
2013-09-06 09:34:05 -05:00
Brandon Turner
c1e3884e5a
Update active* and other gems
2013-09-06 09:34:05 -05:00
Brandon Turner
35ec21cc97
Update test gems
...
This should not affect core Metasploit Framework as it only updates gems
in the test group (and dependencies of those gems).
2013-09-06 09:34:05 -05:00
Brandon Turner
cf69577433
Remove rpsec should_not raise_error deprecations
...
Checking that a specifc error is not raised is deprecated in rspec:
https://github.com/rspec/rspec-expectations/pull/244
2013-09-06 09:34:05 -05:00
Brandon Turner
4760000bca
Replace mock with double in specs
...
mock is deprecated - https://www.relishapp.com/rspec/rspec-mocks/docs
2013-09-06 09:34:05 -05:00
jvazquez-r7
7d4bf0c739
Retab changes for PR #2327
2013-09-05 23:25:41 -05:00
jvazquez-r7
34b499588b
Merge for retab
2013-09-05 23:24:22 -05:00
jvazquez-r7
eb745af12f
Land #1054 , @Meatballs1 exploit for IPsec Keying and more
2013-09-05 16:53:20 -05:00
Meatballs
473f08bbb6
Register cleanup and update check
2013-09-05 22:43:26 +01:00
Meatballs
400b433267
Sort out exception handling
2013-09-05 22:21:44 +01:00
James Lee
adfb31e30a
Land #2316 , don't modify datastore in authbrute
2013-09-05 16:04:15 -05:00
jvazquez-r7
b5a62353f9
Land @tabassassin's work on retab
2013-09-05 15:48:26 -05:00
jvazquez-r7
368a78a963
Undo post setup change
2013-09-05 15:00:58 -05:00
Meatballs
d4043a6646
Spaces and change to filedropper
2013-09-05 20:41:37 +01:00