Commit Graph

20326 Commits (825eb9d1ca528c8b0873041981d035463a7e91c6)

Author SHA1 Message Date
jvazquez-r7 825eb9d1ca Add module for OSVDB 96208 2013-09-11 00:11:00 -05:00
James Lee 6ba9693d5d
Land #2349 pymeterp fixes 2013-09-10 16:42:58 -05:00
Spencer McIntyre e3e2c69de1 Fix additional issues in the python meterpreter. 2013-09-10 15:06:33 -04:00
Tod Beardsley c40b68f252
Land #2347, nail down the require paths 2013-09-10 11:41:13 -05:00
jvazquez-r7 4f1db80c24 Fix requires in new post modules 2013-09-10 11:13:07 -05:00
Tod Beardsley cf8c11ca89
Land #2335, Gemfile updates (run bundle install!)
FAQ:

Q: I get an error telling me to run bundle install when I try to start
msfconsole. What do I do?

A: Type: "bundle install" (or msfupdate which runs it, too)
2013-09-10 11:08:23 -05:00
jvazquez-r7 df3aae0cae Land #2341, @todb-r7's grammar fixes 2013-09-10 09:20:29 -05:00
Tod Beardsley adddf2b188
Land #2343 protect vs int wrap on ARM/Android
[FixRM #8034]
2013-09-09 20:37:25 -05:00
HD Moore 06f7abc552 Helps to put the rand() wrapper in 2013-09-09 20:26:11 -05:00
HD Moore baff3577e5 FixRM #8034 Pick a valid certificate expiration 2013-09-09 20:24:52 -05:00
Tod Beardsley 93c0b02b3b
Land #2342, fix for smb_enumshares Array-ness 2013-09-09 16:55:01 -05:00
James Lee f73c18ccd9 Store the Array, not human-readable version
[SeeRM #8389]
2013-09-09 16:44:47 -05:00
Tod Beardsley aff35a615b Grammar fixes in descriptions 2013-09-09 15:09:53 -05:00
Tod Beardsley fd7501d729 Land #2340, fix ltype on proficy module. 2013-09-09 14:28:38 -05:00
jvazquez-r7 2252aee398 Fix ltype on store_loot 2013-09-09 14:02:28 -05:00
jvazquez-r7 791b6f69c2 Land #2337, @wchen-r7's exploit for MS13-055 2013-09-09 11:12:03 -05:00
sinn3r e9e7fe670d Land #2331 - Change rules on tabbing 2013-09-09 10:35:23 -05:00
sinn3r 0ee0168556 Retabbed
One kills a man, one is an assassin; one kills millions, one is a
conqueror; one kills a tab, one is a Metasploit dev.
2013-09-09 10:01:01 -05:00
sinn3r 6ab905e9e0 Less alignment 2013-09-09 09:39:02 -05:00
Tod Beardsley 2d9eb9e89b Be more explicit about two-space tabs 2013-09-09 09:34:48 -05:00
sinn3r 992bdcf530 Not from the future 2013-09-09 00:36:28 -05:00
sinn3r ae659507d2 Land #2336 - GE Proficy Cimplicity WebView Directory Traversal 2013-09-08 23:05:57 -05:00
jvazquez-r7 3d48ba5cda Escape dot on regex 2013-09-08 20:26:20 -05:00
sinn3r 47147444af Land #2327 HP SiteScope Remote Code Execution 2013-09-08 20:14:27 -05:00
sinn3r c3db41334b Add MS13-055 Internet Explorer Use-After-Free Vulnerability
In IE8 standards mode, it's possible to cause a use-after-free condition by first
creating an illogical table tree, where a CPhraseElement comes after CTableRow,
with the final node being a sub table element. When the CPhraseElement's outer
content is reset by using either outerText or outerHTML through an event handler,
this triggers a free of its child element (in this case, a CAnchorElement, but
some other objects apply too), but a reference is still kept in function
SRunPointer::SpanQualifier. This function will then pass on the invalid reference
to the next functions, eventually used in mshtml!CElement::Doc when it's trying to
make a call to the object's SecurityContext virtual function at offset +0x70, which
results a crash. An attacker can take advantage of this by first creating an
CAnchorElement object, let it free, and then replace the freed memory with another
fake object. Successfully doing so may allow arbitrary code execution under the
context of the user.

This bug is specific to Internet Explorer 8 only. It was originally discovered by
Orange Tsai at Hitcon 2013, but was silently patched in the July 2013 update, so
no CVE as of now.
2013-09-08 20:02:23 -05:00
jvazquez-r7 02cc53e893 Land #2298, @dzruyk's DoS aux module for CVE-2013-4124 2013-09-07 16:11:49 -05:00
jvazquez-r7 a40e0ba704 Clean up read_nttrans_ea_list 2013-09-07 16:11:00 -05:00
jvazquez-r7 be9b0da595 Update print message 2013-09-06 16:09:38 -05:00
jvazquez-r7 830bc2ae64 Update OSVDB reference 2013-09-06 13:01:39 -05:00
jvazquez-r7 4e3d4994c3 Update description 2013-09-06 12:58:54 -05:00
jvazquez-r7 45821a505b Add module for CVE-2013-0653 2013-09-06 12:42:34 -05:00
jvazquez-r7 5e16580c68 Land #2280, @jvennix-r7's exploit for CVE-2012-5519 2013-09-06 10:22:06 -05:00
jvazquez-r7 ffa600ff8b Fix really the check method 2013-09-06 10:21:18 -05:00
jvazquez-r7 9b9e1592fd Retab changes 2013-09-06 10:13:38 -05:00
jvazquez-r7 a64f960bfc Merge for retab 2013-09-06 10:12:55 -05:00
jvazquez-r7 d9fed860a5 Fix check method 2013-09-06 10:11:06 -05:00
Brandon Turner 83a827095b Older versions of rake break specs 2013-09-06 09:34:05 -05:00
Brandon Turner c1e3884e5a Update active* and other gems 2013-09-06 09:34:05 -05:00
Brandon Turner 35ec21cc97 Update test gems
This should not affect core Metasploit Framework as it only updates gems
in the test group (and dependencies of those gems).
2013-09-06 09:34:05 -05:00
Brandon Turner cf69577433 Remove rpsec should_not raise_error deprecations
Checking that a specifc error is not raised is deprecated in rspec:
https://github.com/rspec/rspec-expectations/pull/244
2013-09-06 09:34:05 -05:00
Brandon Turner 4760000bca Replace mock with double in specs
mock is deprecated - https://www.relishapp.com/rspec/rspec-mocks/docs
2013-09-06 09:34:05 -05:00
jvazquez-r7 7d4bf0c739 Retab changes for PR #2327 2013-09-05 23:25:41 -05:00
jvazquez-r7 34b499588b Merge for retab 2013-09-05 23:24:22 -05:00
jvazquez-r7 eb745af12f Land #1054, @Meatballs1 exploit for IPsec Keying and more 2013-09-05 16:53:20 -05:00
Meatballs 473f08bbb6 Register cleanup and update check 2013-09-05 22:43:26 +01:00
Meatballs 400b433267 Sort out exception handling 2013-09-05 22:21:44 +01:00
James Lee adfb31e30a Land #2316, don't modify datastore in authbrute 2013-09-05 16:04:15 -05:00
jvazquez-r7 b5a62353f9 Land @tabassassin's work on retab 2013-09-05 15:48:26 -05:00
jvazquez-r7 368a78a963 Undo post setup change 2013-09-05 15:00:58 -05:00
Meatballs d4043a6646 Spaces and change to filedropper 2013-09-05 20:41:37 +01:00