jvazquez-r7
9acccfe9ba
Fix description
2014-09-19 17:18:59 -05:00
jvazquez-r7
d826132f87
Delete CVE, add EDB
2014-09-19 17:16:03 -05:00
jvazquez-r7
7afbec9d6c
Land #2890 , @Ahmed-Elhady-Mohamed module for OSVDB 93034
2014-09-19 17:12:49 -05:00
jvazquez-r7
1fa5c8c00c
Add check method
2014-09-19 17:11:16 -05:00
jvazquez-r7
ce0b00bb0b
Change module location and filename
2014-09-19 16:59:35 -05:00
jvazquez-r7
0267e889e2
Use FileDropper
2014-09-19 16:58:21 -05:00
jvazquez-r7
6fd5027e05
Avoid UploadPath datastore option, parse from response
2014-09-19 16:55:28 -05:00
jvazquez-r7
2ce9bdf152
Use target_uri.path.to_s instead of uri
2014-09-19 16:43:40 -05:00
jvazquez-r7
eb55c7108b
Fix indentantion again
2014-09-19 16:41:07 -05:00
jvazquez-r7
cbfb7e600d
Use Rex::MIME::Message
2014-09-19 16:29:09 -05:00
jvazquez-r7
cffb28b5d3
Fix indentantion
2014-09-19 16:18:46 -05:00
sinn3r
3e09283ce5
Land #3777 - Fix struts_code_exec_classloader on windows
2014-09-16 13:09:58 -05:00
sinn3r
158d4972d9
More references and pass msftidy
2014-09-16 12:54:27 -05:00
Vincent Herbulot
7a7b6cb443
Some refactoring
...
Use EDB instead of URL for Exploit-DB.
Remove peer variable as peer comes from HttpClient.
2014-09-16 17:49:45 +02:00
us3r777
4c615ecf94
Module for CVE-2014-5519, phpwiki/ploticus RCE
2014-09-16 00:09:41 +02:00
jvazquez-r7
373eb3dda0
Make struts_code_exec_classloader to work on windows
2014-09-10 18:00:16 -05:00
Jon Hart
495e1c14a1
Land #3721 , @brandonprry's module for Railo CVE-2014-5468
2014-09-09 19:10:46 -07:00
Jon Hart
26d8432a22
Minor style and usability changes to @brandonprry's #3721
2014-09-09 19:09:45 -07:00
Brandon Perry
db6052ec6a
Update check method
2014-09-09 18:51:42 -05:00
sinn3r
0a6ce1f305
Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP
2014-09-09 17:21:03 -05:00
sinn3r
027f543bdb
Land #3732 - Eventlog Analzyer exploit
2014-09-09 11:33:20 -05:00
sinn3r
75269fd0fa
Make sure we're not doing a 'negative' timeout
2014-09-09 11:26:49 -05:00
Tod Beardsley
4abee39ab2
Fixup for release
...
Ack, a missing disclosure date on the GDB exploit. I'm deferring to the
PR itself for this as the disclosure and URL reference.
2014-09-08 14:00:34 -05:00
William Vu
ae5a8f449c
Land #3691 , gdbserver hax
2014-09-08 11:48:39 -05:00
sinn3r
85b48fd437
Land #3736 - Revert initial ff xpi prompt bypass for Firefox 22-27
2014-09-04 16:08:15 -05:00
jvazquez-r7
f063dcf0f4
Land #3741 , @pedrib's module for CVE-2014-5005 Desktop Central file upload
2014-09-04 15:44:21 -05:00
jvazquez-r7
f466b112df
Minor cleaning on check
2014-09-04 15:43:59 -05:00
jvazquez-r7
74b8e8eb40
Change module filename
2014-09-04 15:39:34 -05:00
jvazquez-r7
7563c0bd0e
Use Gem::Version
2014-09-04 14:40:13 -05:00
jvazquez-r7
2615a7a3be
Favor \&\& and || operands
2014-09-04 14:35:37 -05:00
Joe Vennix
0e18d69aab
Add extended mode to prevent service from dying.
2014-09-03 16:07:27 -05:00
Joe Vennix
4293500a5e
Implement running exe in multi.
2014-09-03 15:56:21 -05:00
Pedro Ribeiro
f0e3fa18a3
Restore the original filename
2014-09-03 21:32:05 +01:00
Joe Vennix
268d42cf07
Add PrependFork to payload options.
2014-09-03 14:56:22 -05:00
Pedro Ribeiro
ded085f5cc
Add CVE ID
2014-09-03 07:22:10 +01:00
Brandon Perry
ee3e5c9159
Add check method
2014-09-02 21:35:47 -05:00
Pedro Ribeiro
c672fad9ef
Add OSVDB ID, remove comma from Author field
2014-09-02 23:17:10 +01:00
Pedro Ribeiro
d69049008c
Refactor and rename desktopcentra_file_upload
...
- Rewrite check method
- Declare that v7 is also exploitable (tested and it works)
- Rename to dc_agentlogupload_file_upload to match the other DC module's naming convention
- Add CVE / OSVDB / Full disclosure references
2014-09-02 23:12:33 +01:00
Pedro Ribeiro
05856016c9
Add exploit for CVE-2014-5005
2014-09-02 23:09:10 +01:00
Joe Vennix
f7617183d9
Revert "Add initial firefox xpi prompt bypass."
...
This reverts commit ebcf972c08
.
2014-09-02 12:27:41 -05:00
Pedro Ribeiro
d480a5e744
Credit h0ng10 properly
2014-09-01 07:58:26 +01:00
Pedro Ribeiro
59847eb15b
Remove newline at the top
2014-09-01 07:56:53 +01:00
Pedro Ribeiro
6a370a5f69
Add exploit for eventlog analyzer file upload
2014-09-01 07:56:01 +01:00
jvazquez-r7
c05edd4b63
Delete debug print_status
2014-08-31 01:34:47 -05:00
jvazquez-r7
8b1791da22
Modify modules to keep old behavior
2014-08-31 01:18:53 -05:00
jvazquez-r7
559ec4adfe
Add module for ZDI-14-299
2014-08-31 01:11:46 -05:00
Brandon Perry
438f0e6365
typos
2014-08-30 09:22:58 -05:00
Brandon Perry
f72cce9ff2
Update railo_cfml_rfi.rb
2014-08-29 17:33:15 -05:00
Spencer McIntyre
1cdf1c2c6e
Land #3709 , @nnam's wing ftp admin console cmd exec
2014-08-29 13:46:01 -04:00
Spencer McIntyre
8095b4893c
Rename and apply rubocop style to wing_ftp_admin_exec
2014-08-29 13:42:11 -04:00