Commit Graph

2537 Commits (82eaa322fe6b0158d4e06216cf163587142ebc43)

Author SHA1 Message Date
jvazquez-r7 80bfd48535 Added module for ZDI-010-090 Opcode 0x6 2012-07-17 23:25:55 +02:00
jvazquez-r7 0514756e92 Added module for ZDI-010-090 Opcode 0x21 2012-07-17 23:25:04 +02:00
James Lee efe478f847 Merge branch 'master' into omg-post-exploits 2012-07-16 09:20:23 -06:00
HD Moore 7f3aeca501 Put lipstick on this pig for the time being 2012-07-15 21:35:29 -05:00
HD Moore 44e56c87f1 Make super sure that blank creds are not reported 2012-07-15 20:56:31 -05:00
jvazquez-r7 8cf08c6ca3 Target W7 updated 2012-07-15 17:45:58 +02:00
sinn3r e1ff6b0cef Nicer cleanup 2012-07-14 17:57:32 -05:00
jvazquez-r7 bdf009d7a8 Review of pull request #606 2012-07-15 00:20:12 +02:00
sinn3r 06974cbc43 This bug is now patched 2012-07-10 12:28:46 -05:00
HD Moore c532d4307a Use the right failure reason 2012-07-10 00:26:14 -05:00
jvazquez-r7 73fcf73419 Added module for CVE-2011-2657 2012-07-09 18:03:16 +02:00
James Lee 6d6b4bfa92 Merge remote branch 'rapid7/master' into omg-post-exploits 2012-07-08 17:32:39 -06:00
sinn3r 70c718a5ed Fix indent level 2012-07-06 12:44:03 -05:00
sinn3r 24c57b61a8 Add juan as an author too for improving the module a lot 2012-07-06 10:41:06 -05:00
jvazquez-r7 9fecc80459 User of TARGETURI plus improve of description 2012-07-06 15:47:25 +02:00
jvazquez-r7 7751c54a52 references updates 2012-07-06 11:56:03 +02:00
jvazquez-r7 f8ca5b4234 Revision of pull request #562 2012-07-06 11:52:43 +02:00
sinn3r 260cea934d Add more reference 2012-07-05 16:48:43 -05:00
jvazquez-r7 ff4a0bc3aa poisonivy_bof description updated 2012-07-05 00:18:13 +02:00
jvazquez-r7 8bdf3b56f5 tries updated 2012-07-04 15:48:32 +02:00
jvazquez-r7 d8a5af7084 last changes done by gal, added RANDHEADER to single_exploit 2012-07-04 15:25:12 +02:00
jvazquez-r7 644d5029d5 add bruteforce target as optional 2012-07-04 13:02:47 +02:00
jvazquez-r7 7214a6c969 check function updated 2012-07-04 12:16:30 +02:00
jvazquez-r7 c531bd264b brute force version of the exploit 2012-07-04 11:37:36 +02:00
jvazquez-r7 da2105787d no rop versio of the exploit, metadata used, check and description fixed 2012-07-04 10:54:35 +02:00
jvazquez-r7 8bcc0ba440 Review of pull request #559 2012-07-03 23:49:47 +02:00
jvazquez-r7 600ca5b1dd Added module for CVE-2012-0708 2012-07-03 19:03:58 +02:00
m-1-k-3 e06ca8e654 Winlog-CVE-resource 2012-07-02 20:33:15 +02:00
jvazquez-r7 9d49052c52 hp_dataprotector_new_folder: added support for hpdp 6 2012-07-02 18:32:19 +02:00
HD Moore 3bb7405b09 Only report auth if the username is not blank 2012-07-02 04:11:29 -05:00
sinn3r a3d74f5b10 Correct dead milw0rm references 2012-06-30 16:50:04 -05:00
sinn3r 2874768539 Also add juan as author. And links to the vulnerable setup. 2012-06-30 13:12:13 -05:00
jvazquez-r7 5dbfb7b9aa last cleanup 2012-06-30 14:18:25 +02:00
jvazquez-r7 19d476122b versions affected corrected 2012-06-29 20:23:17 +02:00
jvazquez-r7 533111c6da irfanview_jpeg2000_bof: review of pull req #543 2012-06-29 20:13:02 +02:00
sinn3r 196e1b7f70 Update title & description to match what ZDI has.
ZDI publishes a new advisory that's closer to what we actually
see in a debugger. So we update the reference, as well as the
description + title to better match up theirs.
2012-06-29 11:10:28 -05:00
sinn3r 19b6ebbfbf Merge branch 'apple_quicktime_texml_zdi' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-apple_quicktime_texml_zdi 2012-06-29 10:59:11 -05:00
sinn3r 0e87238e58 Space space 2012-06-29 10:56:12 -05:00
jvazquez-r7 c79312547a Added module for CVE-2012-0124 2012-06-29 17:50:21 +02:00
jvazquez-r7 5efb459616 updated zdi reference 2012-06-29 16:36:11 +02:00
sinn3r e5dd6fc672 Update milw0rm references.
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links.  Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
sinn3r 7c9a8ba699 Add OSVDB reference 2012-06-28 02:09:12 -05:00
sinn3r 869aec5e3e Update CVE/OSVDB/Milw0rm references for browser modules 2012-06-28 00:26:20 -05:00
sinn3r 7dcdd205bb Update CVEs for fileformat exploits 2012-06-28 00:21:03 -05:00
sinn3r b83c02d8e3 Update CVE reference 2012-06-28 00:06:41 -05:00
sinn3r d85ce8db5c Update CVEs for HTTP exploits 2012-06-28 00:00:53 -05:00
sinn3r e8102284ff Add missing CVEs for misc exploit modules 2012-06-27 22:17:34 -05:00
sinn3r f5faccfa07 Add missing CVEs for SCADA modules 2012-06-27 22:10:24 -05:00
sinn3r 2f733ff8b9 Add CVE-2012-0663 Apple QuickTime TeXML Exploit 2012-06-27 14:41:45 -05:00
Tod Beardsley 94e28933c8 Whitespace fixes. msftidy.rb yall 2012-06-27 10:06:15 -05:00
sinn3r 9ea6d84a7a Make it clear the exploit doesn't like certain PDF formats
If the exploit cannot fetch certain xref fields, we warn the user
we don't like their PDF, and recommend them to try a different
one.
2012-06-26 16:32:10 -05:00
sinn3r b966dda980 Update missing CVE reference 2012-06-26 01:26:09 -05:00
sinn3r 8f355554c8 Update missing CVE reference 2012-06-26 01:21:24 -05:00
sinn3r 0d7b6d4053 Update missing CVE reference 2012-06-26 01:20:28 -05:00
sinn3r c7935e0e99 Update OSVDB reference 2012-06-26 01:18:25 -05:00
sinn3r 9980c8f416 Add rh0's analysis 2012-06-25 21:32:45 -05:00
sinn3r 7698b2994d Correct OSVDB typo 2012-06-25 18:32:35 -05:00
HD Moore 807f7729f0 Merge branch 'master' into feature/vuln-info 2012-06-25 10:10:20 -05:00
Steve Tornio 5d2655b0ce add osvdb ref 2012-06-25 09:00:03 -05:00
HD Moore 348a0b8f6e Merge branch 'master' into feature/vuln-info 2012-06-24 23:00:13 -05:00
HD Moore c28d47dc70 Take into account an integer-normalized datastore 2012-06-24 23:00:02 -05:00
HD Moore e31a09203d Take into account an integer-normalized datastore 2012-06-24 22:59:14 -05:00
sinn3r e805675c1f Add Apple iTunes 10 Extended M3U Stack Buffer Overflow
New exploit against Apple iTunes. Note that this appears to be
different than liquidworm's CVE-2012-0677, because this one is
a stack-based buffer overflow, while CVE-2012-0677 is heap-based,
and a different crash/backtrace. However, according to Rh0, this
bug is patched anyway in the same update... possibly a silent
patch.

As of now, there seems to be no CVE or OSVDB addressing this
particular bug.
2012-06-24 02:01:34 -05:00
Tod Beardsley d708f2526c Adding ref for APSB12-09 to new Flash sploit 2012-06-22 17:30:52 -05:00
jvazquez-r7 72ef8c91f0 module for CVE-2012-0779 added 2012-06-23 00:21:18 +02:00
m-1-k-3 315a1707e7 also new version v2.07.16 is vulnerable 2012-06-22 13:18:45 +02:00
James Lee 815d80a2cc Merge branch 'rapid7' into omg-post-exploits 2012-06-21 17:02:55 -06:00
sinn3r 9d52ecfbb6 Fix a few mistakes (typos & reference) 2012-06-21 02:32:04 -05:00
jvazquez-r7 6be7ba98aa ezserver_http: added bid reference 2012-06-20 22:08:58 +02:00
HD Moore f7ecc98923 Merge branch 'master' into feature/vuln-info 2012-06-20 13:34:53 -05:00
sinn3r beb8e33fc4 Fix a typo 2012-06-20 09:53:09 -05:00
sinn3r efaf5cf193 Oops, I found a typo. 2012-06-19 22:57:45 -05:00
sinn3r 9a9dd53e86 Use get_resource() instead of the hard-coded path 2012-06-19 22:56:25 -05:00
sinn3r 79fc053a2e Merge branch 'module-CVE-2011-2110' of https://github.com/mrmee/metasploit-framework into mrmee-module-CVE-2011-2110 2012-06-19 22:05:07 -05:00
Steven Seeley fcf42d3e7b added adobe flashplayer array indexing exploit (CVE-2011-2110) 2012-06-20 12:52:37 +10:00
HD Moore d40e39b71b Additional exploit fail_with() changes to remove raise calls 2012-06-19 19:43:41 -05:00
jvazquez-r7 a93eeca68d msxml_get_definition_code_exec: added support for ie9 2012-06-20 00:17:50 +02:00
Tod Beardsley 3b1c434252 Remove trailing space 2012-06-19 16:44:07 -05:00
HD Moore fb7f6b49f0 This mega-diff adds better error classification to existing modules 2012-06-19 12:59:15 -05:00
HD Moore f7a85f3f9d Make it clear that this works on Vista SP2 2012-06-18 20:13:37 -05:00
HD Moore 4739affd54 Fix the comment as well 2012-06-18 19:57:56 -05:00
HD Moore bd0fd8195d Add compatibility for Vista SP2 from troulouliou 2012-06-18 19:55:52 -05:00
sinn3r 4987acc703 Correct e-mail format, description, and some commas. 2012-06-18 18:52:26 -05:00
HD Moore 29887272a9 Correct the description to mention IE8 on Windows 7 2012-06-18 18:14:59 -05:00
jvazquez-r7 2df237b066 minor fixes 2012-06-18 22:44:17 +02:00
Juan Vazquez 10bd72f3a1 Merge pull request #500 from modpr0be/module-ezserver
added ezserver <=6.4.017 bof for winxp sp3
2012-06-18 13:42:35 -07:00
modpr0be d706199a83 fix all changes suggested by jvazquez-r7 2012-06-19 02:05:25 +07:00
sinn3r 256290c206 Additional changes 2012-06-18 10:49:16 -05:00
sinn3r 50269c910a Add IE 8 targets 2012-06-18 10:44:52 -05:00
sinn3r 931f24b380 Merge branch 'php_apache_request_headers_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-php_apache_request_headers_bof 2012-06-16 14:56:45 -05:00
jvazquez-r7 a8a4594cd4 Documenting esi alignment plus using target_uri.to_s 2012-06-16 09:26:22 +02:00
sinn3r 424948a358 Fix title 2012-06-16 01:48:00 -05:00
sinn3r 38926fb97c Description and name change 2012-06-15 20:11:34 -05:00
jvazquez-r7 c676708564 BrowserAutopwn info completed 2012-06-16 02:26:33 +02:00
jvazquez-r7 ce241b7e80 BrowserAutopwn info completed 2012-06-16 02:18:01 +02:00
jvazquez-r7 495ed2e434 BrowserAutopwn info added 2012-06-16 02:14:24 +02:00
jvazquez-r7 8a89968a1d Added module for CVE-2012-1889 2012-06-16 01:50:25 +02:00
Steve Tornio 80a0b4767a add osvdb ref 2012-06-15 09:02:31 -05:00
jvazquez-r7 1d121071f3 Prepend nops to raw payload in encoder if needed 2012-06-15 09:59:10 +02:00
sinn3r 80d46580ec One last minor change for metadata format 2012-06-14 21:48:24 -05:00
sinn3r 82799f2601 Some final touchup
This commit includes the following changes:
* Description change
* Additional references
* More testing
* Format change
* Other minor stuff
2012-06-14 21:46:38 -05:00
sinn3r 75a67d7160 Merge branch 'module-tfm_mmplayer' of https://github.com/bcoles/metasploit-framework into bcoles-module-tfm_mmplayer 2012-06-14 21:14:29 -05:00
jvazquez-r7 091b3bbbd9 Added module plus encoder for CVE-2012-2329 2012-06-15 00:29:52 +02:00
sinn3r fb67fe9161 Merge branch 'mrmee-cmdsnd_ftp_exploit' 2012-06-14 14:19:56 -05:00
sinn3r cde3c48765 Change title 2012-06-14 14:18:30 -05:00
sinn3r b107025860 Correct typo. Also make use of random junks. 2012-06-14 14:17:57 -05:00
sinn3r 8e06babbba Make msftidy happy 2012-06-14 14:16:07 -05:00
sinn3r 66e92d0200 Merge branch 'cmdsnd_ftp_exploit' of https://github.com/mrmee/metasploit-framework into mrmee-cmdsnd_ftp_exploit 2012-06-14 12:17:29 -05:00
sinn3r c1685c44c3 Fix disclosure date 2012-06-14 10:03:49 -05:00
sinn3r 1cdf964719 A little change to the description 2012-06-14 10:03:15 -05:00
sinn3r 48ee81de29 Add CVE-2012-2915 2012-06-14 09:56:01 -05:00
bcoles 940f904dee Changed date format to new DisclosureDate format. Removed two redundant spaces. Now passes msftidy. 2012-06-14 12:10:03 +09:30
Steven Seeley a5fca47f56 updated windows XP SP3 pivot offset, please retest this 2012-06-14 10:31:17 +10:00
sinn3r 7dc19bba16 Merge branch 'cmdsnd_ftp_exploit' of https://github.com/mrmee/metasploit-framework into mrmee-cmdsnd_ftp_exploit 2012-06-13 14:55:44 -05:00
Tod Beardsley 15b674dab3 Language on MS12-005 2012-06-13 14:22:20 -05:00
Tod Beardsley 99b9261294 Caps in title 2012-06-13 14:19:04 -05:00
Tod Beardsley 559683f2a1 Fixing CRLFs on winlog_runtime_2 2012-06-13 13:59:39 -05:00
Tod Beardsley 3cf4f7ab44 Fixing indents on msadc module 2012-06-13 13:59:38 -05:00
sinn3r 42ee2b5c02 Add alienvault.com reference 2012-06-13 12:19:51 -05:00
jvazquez-r7 6abb7bb987 Added module for CVE-2012-1875 as exploited in the wild 2012-06-13 18:33:26 +02:00
Steven Seeley 209d6d20d1 comsnd ftp remote format string overflow exploit 2012-06-14 02:22:31 +10:00
James Lee 1fbe5742bd Axe some copy-pasta 2012-06-12 23:58:20 -06:00
James Lee 9f78a9e18e Port ms10-092 to the new Exploit::Local format 2012-06-12 23:58:20 -06:00
bcoles 9756f87517 Added TFM MMPlayer (m3u/ppl File) Buffer Overflow module 2012-06-13 13:50:12 +09:30
sinn3r 74c6eb6f78 Change the title and add a Microsoft reference.
This is a MS bug, therefore it's important to point out which
bulletin it belongs to.
2012-06-10 14:45:15 -05:00
sinn3r efcb206cdf Correct a typo 2012-06-10 14:38:14 -05:00
sinn3r 4743c9fb33 Add MS12-005 (CVE-2012-0013) exploit 2012-06-10 01:08:28 -05:00
jvazquez-r7 a9ee2b3480 Use of make_nops 2012-06-08 19:20:58 +02:00
jvazquez-r7 91f5f304cb Added module for CVE-2011-2217 2012-06-08 18:10:20 +02:00
sinn3r 3726ddddac Software name correction thanks to modpr0be 2012-06-08 07:07:19 -05:00
sinn3r 41d49ed553 Another badchar analysis. Allow shorter delay (5sec to 1) 2012-06-08 01:59:09 -05:00
sinn3r e5b451c000 Too many tabs for the beginning of the description 2012-06-07 23:08:11 -05:00
sinn3r 520c0ca660 Make msftidy happy 2012-06-07 23:07:39 -05:00
sinn3r 61f5eddf47 Move winlog file 2012-06-07 23:03:30 -05:00
sinn3r 9adec7e7e7 Merge branch 'winlog-2.07.14' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-winlog-2.07.14 2012-06-07 23:02:23 -05:00
sinn3r 1eb73dec38 Merge branch 'aushack-master' 2012-06-07 12:17:49 -05:00
sinn3r 42795fec00 Get rid of some whitespace 2012-06-07 12:17:25 -05:00
jvazquez-r7 bd714017bb samsung_neti_wiewer: add Space property for Payload 2012-06-07 16:00:36 +02:00
Patrick Webster 0e20d324b8 Added ms02_065_msadc exploit module. 2012-06-07 21:02:13 +10:00
jvazquez-r7 2f3b1effb9 Added module for OSVDB 81453 2012-06-07 12:47:09 +02:00
sinn3r 28fe4c0be5 What's this break stuff?
"break" should be "return"
2012-06-06 11:21:35 -05:00
sinn3r a54b14b192 Remove whitespace 2012-06-06 11:21:34 -05:00
Patrick Webster c36ab97d41 Updated msadc exploit with fixes. 2012-06-06 11:21:34 -05:00
Patrick Webster f25b828d31 Added exploit module msadc.rb 2012-06-06 11:21:34 -05:00
m-1-k-3 f4f023cbfb add BID 2012-06-06 09:44:16 +02:00
sinn3r 3f0431cf51 Massive whitespace destruction
Remove whitespace found at the end of the line
2012-06-06 00:36:17 -05:00
sinn3r f438e6c121 Remove the 'Rop' key because we don't really use it 2012-06-05 16:07:23 -05:00
sinn3r f9651be88e Merge branch 'ms11_093_ole32' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ms11_093_ole32 2012-06-05 15:44:13 -05:00
jvazquez-r7 a30f104ee6 Fix space on Authors 2012-06-05 18:23:57 +02:00
jvazquez-r7 93741770e2 Added module for CVE-2011-3400 2012-06-05 18:21:55 +02:00
m-1-k-3 95d949e860 sleep and at 2012-06-05 18:08:46 +02:00
0a2940 dc6b2f4205 merged unstable-modules/exploits/incomplete/linux/ids/snortdcerpc.rb with exploits/windows/ids/snort_dce_rpc.rb 2012-06-05 04:14:40 -07:00
sinn3r d9c39d3798 Fix the rest of nil res from get_once 2012-06-04 17:26:15 -05:00
sinn3r a071d2805e Fix the rest of possible nil res bugs I've found 2012-06-04 14:56:27 -05:00
m-1-k-3 0acbd99e71 targets 2012-06-04 20:08:58 +02:00
m-1-k-3 08ff6c72b1 winlog_lite_2.07.14 initial commit 2012-06-04 17:24:01 +02:00
Christian Mehlmauer 3752c10ccf Adding FireFart's RPORT(80) cleanup
This was tested by creating a resource script to load every changed
module and displaying the options, like so:

````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````

...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.

Thanks FireFart!

Squashed commit of the following:

commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date:   Fri May 25 22:09:42 2012 +0200

    Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
2012-06-02 09:53:19 -05:00
Tod Beardsley ced5b9916e Whitespace fix for script-fu module
This is really just to check the GitHub IRC bot thinger.
2012-06-01 12:24:52 -05:00
sinn3r 353d49d05b Modify the description 2012-06-01 12:04:46 -05:00
jvazquez-r7 abbd8c8cd5 Added module for CVE-2012-2763 2012-06-01 18:53:25 +02:00
James Lee 4681ed1c1e Whitespace, thanks msftidy.rb! 2012-05-31 18:18:27 -06:00
Tod Beardsley c463bd7c6d Fixing description for citrix module 2012-05-31 16:37:35 -05:00
Tod Beardsley 17e41b2e39 Fixing description for citrix module 2012-05-31 16:36:21 -05:00
Juan Vazquez a0b491355c Merge pull request #436 from jvazquez-r7/citrix_streamprocess_get_footer
Added module for Citrix Provisioning Services 5.6 SP1
2012-05-31 14:35:22 -07:00
Tod Beardsley 02a41afb2b Fixing description for juan's Citrix module 2012-05-31 16:34:13 -05:00
Juan Vazquez 00bb216927 Merge pull request #435 from jvazquez-r7/citrix_streamprocess_get_boot_record_request
Added module for Citrix Streamprocess Opcode 0x40020004 Buffer Overflow
2012-05-31 14:33:20 -07:00
jvazquez-r7 47c5745673 Fixed name module 2012-05-31 23:23:11 +02:00
jvazquez-r7 e324ed5251 Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020002 Buffer Overflow 2012-05-31 23:21:43 +02:00
jvazquez-r7 1c11b1b1b7 Added module for Citrix Streamprocess Opcode 0x40020002 Buffer Overflow 2012-05-31 23:17:38 +02:00
jvazquez-r7 b5f5804d94 description updated 2012-05-31 23:14:25 +02:00
jvazquez-r7 198070361b Added module for ZDI-12-010 2012-05-31 22:45:55 +02:00
Tod Beardsley 7e6c2f340e Minor updates; added BID, fixed grammar
Modules should not refer to themselves in the first person unless they
are looking for Sarah Connor.
2012-05-30 16:16:41 -05:00
jvazquez-r7 065d3187d3 Added module for OSVDB 74604 2012-05-29 21:10:51 +02:00
jvazquez-r7 db5b3c8259 Added module for OSVDB 82000 2012-05-28 08:51:36 +02:00
sinn3r 18c8314d79 Change unknown authors to "Unknown".
Since "Anonymous" has become a well known organization, the meaning of the
term also may cause confusion.  In order to clarify, we correct unknown
authors to simply "Unknown".
2012-05-26 15:23:09 -05:00
sinn3r 8f537653b4 Merge pull request #420 from wchen-r7/quickshare
Add OSVDB-70776 - QuickShare File Share
2012-05-26 01:04:21 -07:00
sinn3r 0b86ceb528 Add OSVDB-70776 2012-05-26 03:00:32 -05:00
sinn3r 7b0fbaed23 Merge pull request #417 from wchen-r7/rabidhamster
Add OSVDB-79007 - RabidHamster R4 Log Entry BoF
2012-05-25 01:11:17 -07:00
sinn3r d595f908fc Add OSVDB-79007 2012-05-25 03:06:28 -05:00
jvazquez-r7 f7224ab306 flexnet_lmgrd_bof rand_text fix 2012-05-24 18:02:25 +02:00
Tod Beardsley 5004515187 Resolved conflicts merging back from release
Merge branch 'release'

Conflicts:
	lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb
	modules/exploits/windows/license/flexnet_lmgrd_bof.rb
2012-05-24 00:27:41 -05:00
sinn3r 0b7b71e240 Correct run-on sentence 2012-05-23 10:27:23 -05:00
sinn3r 94f114b69a Fix typos 2012-05-23 10:22:52 -05:00
sinn3r 7a4f1a111b Merge branch 'cve-2008-0320_openoffice_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-cve-2008-0320_openoffice_bof 2012-05-23 10:20:16 -05:00
jvazquez-r7 287d68f304 added module for CVE-2008-0320 2012-05-23 17:14:11 +02:00
Tod Beardsley a37e98f159 Updating release from master. 2012-05-22 14:12:08 -05:00
Jeff Jarmoc c4b64a51f7 Added reference to vendor advisory 2012-05-22 13:22:26 -05:00
jvazquez-r7 c823e8099e randomization when possible for flexnet_lmgrd_bof 2012-05-22 08:32:10 +02:00
sinn3r cafe803217 Fix typos 2012-05-21 16:32:33 -05:00
jvazquez-r7 72b1f113ce Added module for ZDI-12-052 2012-05-21 16:32:33 -05:00
Tod Beardsley 675dfe4e14 Don't keep the weblogi return codes secret 2012-05-21 11:27:24 -05:00
Tod Beardsley 1fc7597a56 Msftidy fixes.
Fixed up activecollab_chat, batik_svg_java, and foxit_reader_launch

All whitespace fixes.
2012-05-21 10:59:52 -05:00
sinn3r 822e109b1f Merge pull request #398 from wchen-r7/foxit_reader_launch
CVE-2009-0837 by bannedit - Foxit Reader 3 Launch Action BoF
2012-05-20 07:58:29 -07:00
sinn3r f9bcb95952 Correct EDB references 2012-05-19 02:24:29 -05:00
sinn3r e4f80a1fab Francisco is the the one who found it according to advisory 2012-05-18 17:12:52 -05:00
sinn3r 41aac751e9 Add CVE-2009-0837 by bannedit - Foxit Reader 3 Launch Action Buffer Overflow
This was added last year, but yanked due to some reliability issues.
bannedit gave me the updated version recently, and the issue he was having
appears to be resolved.
There is no good P/P/R to use in XP SP3, so that system isn't supported.
2012-05-18 13:25:51 -05:00
jvazquez-r7 bedf010676 description modified 2012-05-18 01:23:09 +02:00
jvazquez-r7 e7f5bf132c trying to improve bea weblogic connector bof 2012-05-18 01:13:56 +02:00
sinn3r c0d17734ed Improve run-on sentences. 2012-05-17 15:00:00 -05:00
sinn3r 32a0596a03 Merge branch 'oracle_bea_post_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_bea_post_bof 2012-05-17 14:52:10 -05:00
jvazquez-r7 c4ab521d7b better tab indentation 2012-05-17 21:41:31 +02:00
sinn3r 0b35ab6a75 If the target isn't support, make sure we warn the user 2012-05-17 12:34:17 -05:00
jvazquez-r7 a21e832336 fingerprinting bea connector with Transfer-Encoding 2012-05-17 19:21:16 +02:00
sinn3r 952ada1742 Fix broken target (variable naming) 2012-05-17 11:37:49 -05:00
jvazquez-r7 9a5e4d6500 Added target BEA Weblogic 8.1 SP4 2012-05-17 11:07:22 +02:00
jvazquez-r7 445bd90afb Added module for CVE-2008-3257 2012-05-17 10:28:18 +02:00
sinn3r b89e77c842 Add Spanish dir path. Thanks Miguel 2012-05-15 19:27:48 -05:00
Tod Beardsley f5698f4bdc Msftidy on mozilla_attribchildremoved.rb
was executable, had bad spacing.
2012-05-15 15:45:07 -05:00
Tod Beardsley 82885cc6e5 Fixing author tags
Ensuring a space between name and email.
2012-05-15 15:45:07 -05:00
Tod Beardsley 898398fd54 Fixing author tags
Ensuring a space between name and email.
2012-05-15 15:43:53 -05:00
Tod Beardsley 9b3f602910 Msftidy on mozilla_attribchildremoved.rb
was executable, had bad spacing.
2012-05-15 15:39:30 -05:00
sinn3r d54a228f65 Correct version number 2012-05-15 01:16:41 -05:00
Steve Tornio 7690e86a89 add osvdb ref 2012-05-14 07:14:10 -05:00
Steve Tornio bcfa96ced8 add osvdb ref 2012-05-14 07:13:49 -05:00
sinn3r d2c26f989c Cleanup whitespace 2012-05-13 04:42:22 -05:00
sinn3r c1fbf1f931 Merge branch 'mozilla_attribchildremoved' of https://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-mozilla_attribchildremoved 2012-05-13 04:37:49 -05:00
Peter Van Eeckhoutte (corelanc0d3r) dd42c3096e added exploit for Firefox 8&9 AttributeChildRemoved UAF 2012-05-13 11:31:46 +02:00
sinn3r 5d8fbefc3d Merge pull request #378 from wchen-r7/distinct
Add OSVDB-80984 - Distinct TFTP Directory traversal
2012-05-11 13:14:19 -07:00
sinn3r 653d7e5923 Add OSVDB-80984 2012-05-11 15:07:31 -05:00
sinn3r 7eabce8872 Add comment for PrependEncoder 2012-05-10 12:18:50 -05:00
Tod Beardsley 65800f7c6e Whitespace on solarwinds 2012-05-09 12:47:22 -05:00
sinn3r ce16ab662c Cosmetic changes. Also lower the rank for now, because I picked up a state where it can be less stable. 2012-05-08 00:22:19 -05:00
sinn3r 22585ad935 Merge branch 'firefox_exploit' of https://github.com/lincoln-corelan/metasploit-framework into lincoln-corelan-firefox_exploit 2012-05-08 00:00:03 -05:00
lincoln-corelan b8227b8a2e Firefox Exploit 2012-05-07 19:41:03 -07:00
HD Moore f6c88377f4 Fixes #362 by changing the exitfunction arguments to be the correct type 2012-05-07 02:41:08 -05:00
Steve Tornio ba4ae384d7 add osvdb ref 2012-05-05 10:14:07 -05:00
sinn3r d5d35551ab Add EDB reference 2012-05-04 00:11:29 -05:00
sinn3r 25b11a02b5 Update the comment for check() 2012-05-03 20:37:36 -05:00
sinn3r 4bf674ece6 Pff, and of course, I had to make a typo on that one 2012-05-03 20:34:52 -05:00
sinn3r 1a4d3f849c A little change to the description 2012-05-03 20:33:28 -05:00
sinn3r 7ca69f00b0 Add Solarwinds Storage Manager 5.1.0 SQL Injection (code execution) 2012-05-03 20:24:42 -05:00
sinn3r 3e72f555ae Forgot... I don't need to print the client's IP manually anymore 2012-05-01 12:56:03 -05:00
sinn3r 3099236059 We no longer have to print the client's IP, because it's now a built-in feature. 2012-05-01 12:47:55 -05:00
juan 01b0d85526 module for cve-2012-1775 added 2012-05-01 16:39:30 +02:00
sinn3r 5fec29e6b7 Add McAfee Virtual Technician ActiveX MVTControl vulnerability 2012-04-30 16:23:52 -05:00
sinn3r fd2e4c12a2 Fix possible "can't convert Fixnum into String" error 2012-04-30 13:49:53 -05:00
sinn3r cc76438a75 Merge branch 'jlee-r7-http-print-standardization' 2012-04-25 15:38:46 -05:00
sinn3r 711fb73048 Fix more print_* 2012-04-25 15:01:50 -05:00
sinn3r 9189dea4e4 Merge branch 'http-print-standardization' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-http-print-standardization 2012-04-25 13:53:30 -05:00
sinn3r 9c9b74cae2 Small change with the description 2012-04-24 15:47:31 -05:00
sinn3r ecd7762df9 Merge branch 'shadow-exploit-module' of https://github.com/b0telh0/metasploit-framework into b0telh0-shadow-exploit-module 2012-04-24 15:30:09 -05:00
sinn3r 5bf5e8888d Minor changes 2012-04-24 13:48:45 -05:00
sinn3r e57ba79402 Merge branch 'cve-2012-0158_mscomctl_bof' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-cve-2012-0158_mscomctl_bof 2012-04-24 13:46:24 -05:00
sinn3r 4c72193922 Fix undefined method `[something]' for nil:NilClass 2012-04-24 01:46:03 -05:00
juan cca97f2989 added module for CVE-2012-0158 2012-04-23 22:59:25 +02:00
sinn3r 90a7458b56 Lower the rank a little to favor other modules in BAP 2012-04-23 15:15:08 -05:00
Leonardo Botelho 66ecf28451 Shadow stream recorder exploit. 2012-04-22 19:19:40 -03:00
James Lee 9cdd8912c5 Remove spurious cli.peerhost in output 2012-04-20 13:31:42 -06:00
sinn3r 37e75dc644 Make this description a little more sense 2012-04-20 12:25:51 -05:00
sinn3r c68a775106 Fix EDB references 2012-04-19 23:53:32 -05:00