3cd287ddd6
Update the MS17-010 scanner to use dcerpc_getarch
2017-12-14 02:08:30 -06:00
8e4b007edc
Move verify_arch to dcerpc_getarch
...
We can use this code elsewhere, such as the MS17-010 scanner.
2017-12-14 02:08:25 -06:00
c6a2ae2551
Land #9248 , Add wd_mycloud_multiupload_upload exploit
2017-12-13 18:51:02 -06:00
125a079fa9
add cve reference
2017-12-13 18:50:21 -06:00
d7ad443be1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into upstream-master
2017-12-13 19:33:05 -05:00
c0a534140d
Land #9284 a regex dos for ua_parser_js npm module
2017-12-13 19:31:49 -05:00
deacebc46b
Land #9264 , Add private type when storing SSH password
...
Land #9264
2017-12-13 18:24:31 -06:00
dd5532c5de
Addressing Formatting Issues
...
There were several formatting and layout issues
that are fixed in this commit. Also changing
`RHOSTS` to `RHOST`.
2017-12-13 14:26:27 -06:00
b99663fb6c
Bring #9282 up to date with upstream-master
2017-12-13 13:16:30 -06:00
37514eec17
Land #9234 , Add exploit for ClickJacking vuln for pfSense
...
Land #9234
2017-12-12 14:56:21 -06:00
c7019e5aee
Only load files once
2017-12-12 14:54:49 -06:00
6149f51273
Land #9256 , Add aux module to discover WSDD enabled devices
...
Land #9256
2017-12-12 11:55:42 -06:00
b335cacfc1
Update wp_slideshowgallery_upload.rb
...
Variable on line 67 needs to be changed to "user" from "username" which was undefined and causing error during exploit execution.
[-] Exploit failed: NameError undefined local variable or method `username' for #<Msf::Modules::Mod6578706c6f69742f756e69782f7765626170702f77705f736c69646573686f7767616c6c6572795f75706c6f6164::MetasploitModule:0x0055c61ab093f8>
After changing the incorrect variable name from "username" to "user", the exploit completes.
2017-12-12 00:33:28 -05:00
d79b0ad981
Land #9286 , Advantech WebAccess webvrpcs BOF RCE
2017-12-12 00:25:56 -05:00
e7a2dd2e71
fixed email
2017-12-11 23:20:46 -06:00
26e2eb8f1a
Changed to good ranking
2017-12-11 23:14:36 -06:00
9a6c54840b
Minor tweak to use vprint...
2017-12-11 16:48:47 -06:00
2d23054a1f
Changes as per comments
...
A few things were changed as per the PR comments:
1) The module title was reworded
2) The module description was multi-lined
3) Negative logic was rewritten to use 'unless'
4) Strings which did not require interpolation were rewritten
5) Documentation markdown was added.
2017-12-11 14:11:40 -06:00
f8977ed72c
added some fixes
2017-12-11 11:34:17 -06:00
e91830efe7
Add Dup Scout Enterprise login buffer overflow
2017-12-09 02:20:05 -06:00
34ef650b0d
fixed up msftidy, opps.
2017-12-07 17:03:39 -06:00
75a82b3fe7
Advantech WebAccess webvrpcs ViewDll1 Stack-based Buffer Overflow Remote Code Execution Vulnerability
2017-12-07 16:34:26 -06:00
5a81f8091d
change some options for somethinf for sensible
2017-12-07 14:44:36 -05:00
335cc13cab
remove option, advanced Message seems to break it.
2017-12-07 14:17:14 -05:00
7bdc99a153
Fix HANDLER + some default options!
2017-12-07 13:53:39 -05:00
306c5d20d9
Adding ua_parser_js ReDoS Module
...
"ua-parser-js" is an npm module for parsing browser
user-agent strings. Vulnerable version of this module
have a problematic regular expression that can be exploited
to cause the entire application processing thread to "pause"
as it tries to apply the regular expression to the input.
This is problematic for single-threaded application environments
such as nodejs. The end result is a denial of service
condition for vulnerable applications, where no further
requests can be processed.
2017-12-07 10:25:29 -06:00
09aa433fdc
Add MESSAGE field for "obfuscation"
2017-12-07 08:04:31 -05:00
8bb6a8f47c
Rename office_dde_delivery to office_dde_delivery.rb
2017-12-06 22:40:37 -05:00
9d11c60d88
Office DDE Payload Delivery
...
Generate / Inject existing RTF files with DDE Payloads!
2017-12-06 21:41:00 -05:00
adba277be0
axe errant spaces at EOL
2017-12-04 16:57:48 -08:00
69b01d26bb
Land #9226 , Microsoft Office OLE object memory corruption
2017-12-04 16:50:27 -08:00
19b37c7070
Land #9263 , drb_remote_codeexec fixes
...
See pull requests #7531 and #7749 for hysterical raisins.
2017-12-04 18:45:03 -06:00
b13f4e25e1
thanks for making this well-known
2017-12-04 18:32:31 -06:00
a27bb38d51
add authors
2017-12-04 18:25:18 -06:00
b96dac28d5
fix info segment
2017-12-04 16:42:41 -05:00
f83e9815dd
Land #9210 , Add a Polycom HDX RCE
2017-12-04 12:49:35 -06:00
7edab268f5
handle case-insensitive password, fix received
2017-12-04 12:47:40 -06:00
06334aa2bd
Update polycom_hdx_traceroute_exec.rb
2017-12-04 11:05:01 -05:00
942e44ceae
Added local copies of the static content
2017-12-02 10:14:14 +01:00
c788e4e540
Update office_ms17_11882.rb
2017-12-01 11:36:03 -05:00
7df46b33e8
disassembly ASM
2017-12-01 08:03:56 -05:00
1ced3994b0
Added more reference urls to wd_mycloud_multiupload_upload module.
2017-11-30 12:53:33 -06:00
b24f70c7c6
Update ssh_login.rb
...
Added credential data type so password is stored in creds.
2017-11-30 11:02:06 -06:00
c288dab338
fixup RHOST/RPORT expectations if only URI is set
2017-11-30 10:51:02 -06:00
d689b33d7e
more error handling, deal with user error
2017-11-30 08:31:13 -06:00
87e683c763
add back kill syscall for trap method
2017-11-30 08:12:15 -06:00
a0e0e1db15
allow manual targeting, handle errors better
2017-11-30 07:51:12 -06:00
eea72663b3
warn on method failure instead of error
2017-11-30 06:37:21 -06:00
9f12b794da
cleanup comments
2017-11-30 06:37:04 -06:00
5da34e8f2b
support RHOST/RPORT
2017-11-30 06:36:42 -06:00
William Vu
Brent Cook
h00die
Wei Chen
Nicholas Starke
securekomodo
Matthew Kienow
mr_me
Pearce Barry
Chris Higgins
Austin
William Webb
Yorick Koster
Zenofex
nromsdahl