7c9a8ba699
Add OSVDB reference
2012-06-28 02:09:12 -05:00
869aec5e3e
Update CVE/OSVDB/Milw0rm references for browser modules
2012-06-28 00:26:20 -05:00
7dcdd205bb
Update CVEs for fileformat exploits
2012-06-28 00:21:03 -05:00
b83c02d8e3
Update CVE reference
2012-06-28 00:06:41 -05:00
d85ce8db5c
Update CVEs for HTTP exploits
2012-06-28 00:00:53 -05:00
e8102284ff
Add missing CVEs for misc exploit modules
2012-06-27 22:17:34 -05:00
f5faccfa07
Add missing CVEs for SCADA modules
2012-06-27 22:10:24 -05:00
2f733ff8b9
Add CVE-2012-0663 Apple QuickTime TeXML Exploit
2012-06-27 14:41:45 -05:00
94e28933c8
Whitespace fixes. msftidy.rb yall
2012-06-27 10:06:15 -05:00
9ea6d84a7a
Make it clear the exploit doesn't like certain PDF formats
...
If the exploit cannot fetch certain xref fields, we warn the user
we don't like their PDF, and recommend them to try a different
one.
2012-06-26 16:32:10 -05:00
b966dda980
Update missing CVE reference
2012-06-26 01:26:09 -05:00
8f355554c8
Update missing CVE reference
2012-06-26 01:21:24 -05:00
0d7b6d4053
Update missing CVE reference
2012-06-26 01:20:28 -05:00
c7935e0e99
Update OSVDB reference
2012-06-26 01:18:25 -05:00
9980c8f416
Add rh0's analysis
2012-06-25 21:32:45 -05:00
7698b2994d
Correct OSVDB typo
2012-06-25 18:32:35 -05:00
807f7729f0
Merge branch 'master' into feature/vuln-info
2012-06-25 10:10:20 -05:00
5d2655b0ce
add osvdb ref
2012-06-25 09:00:03 -05:00
348a0b8f6e
Merge branch 'master' into feature/vuln-info
2012-06-24 23:00:13 -05:00
c28d47dc70
Take into account an integer-normalized datastore
2012-06-24 23:00:02 -05:00
e31a09203d
Take into account an integer-normalized datastore
2012-06-24 22:59:14 -05:00
e805675c1f
Add Apple iTunes 10 Extended M3U Stack Buffer Overflow
...
New exploit against Apple iTunes. Note that this appears to be
different than liquidworm's CVE-2012-0677, because this one is
a stack-based buffer overflow, while CVE-2012-0677 is heap-based,
and a different crash/backtrace. However, according to Rh0, this
bug is patched anyway in the same update... possibly a silent
patch.
As of now, there seems to be no CVE or OSVDB addressing this
particular bug.
2012-06-24 02:01:34 -05:00
d708f2526c
Adding ref for APSB12-09 to new Flash sploit
2012-06-22 17:30:52 -05:00
72ef8c91f0
module for CVE-2012-0779 added
2012-06-23 00:21:18 +02:00
315a1707e7
also new version v2.07.16 is vulnerable
2012-06-22 13:18:45 +02:00
815d80a2cc
Merge branch 'rapid7' into omg-post-exploits
2012-06-21 17:02:55 -06:00
9d52ecfbb6
Fix a few mistakes (typos & reference)
2012-06-21 02:32:04 -05:00
6be7ba98aa
ezserver_http: added bid reference
2012-06-20 22:08:58 +02:00
f7ecc98923
Merge branch 'master' into feature/vuln-info
2012-06-20 13:34:53 -05:00
beb8e33fc4
Fix a typo
2012-06-20 09:53:09 -05:00
efaf5cf193
Oops, I found a typo.
2012-06-19 22:57:45 -05:00
9a9dd53e86
Use get_resource() instead of the hard-coded path
2012-06-19 22:56:25 -05:00
79fc053a2e
Merge branch 'module-CVE-2011-2110' of https://github.com/mrmee/metasploit-framework into mrmee-module-CVE-2011-2110
2012-06-19 22:05:07 -05:00
fcf42d3e7b
added adobe flashplayer array indexing exploit (CVE-2011-2110)
2012-06-20 12:52:37 +10:00
d40e39b71b
Additional exploit fail_with() changes to remove raise calls
2012-06-19 19:43:41 -05:00
a93eeca68d
msxml_get_definition_code_exec: added support for ie9
2012-06-20 00:17:50 +02:00
3b1c434252
Remove trailing space
2012-06-19 16:44:07 -05:00
fb7f6b49f0
This mega-diff adds better error classification to existing modules
2012-06-19 12:59:15 -05:00
f7a85f3f9d
Make it clear that this works on Vista SP2
2012-06-18 20:13:37 -05:00
4739affd54
Fix the comment as well
2012-06-18 19:57:56 -05:00
bd0fd8195d
Add compatibility for Vista SP2 from troulouliou
2012-06-18 19:55:52 -05:00
4987acc703
Correct e-mail format, description, and some commas.
2012-06-18 18:52:26 -05:00
29887272a9
Correct the description to mention IE8 on Windows 7
2012-06-18 18:14:59 -05:00
2df237b066
minor fixes
2012-06-18 22:44:17 +02:00
10bd72f3a1
Merge pull request #500 from modpr0be/module-ezserver
...
added ezserver <=6.4.017 bof for winxp sp3
2012-06-18 13:42:35 -07:00
d706199a83
fix all changes suggested by jvazquez-r7
2012-06-19 02:05:25 +07:00
256290c206
Additional changes
2012-06-18 10:49:16 -05:00
50269c910a
Add IE 8 targets
2012-06-18 10:44:52 -05:00
931f24b380
Merge branch 'php_apache_request_headers_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-php_apache_request_headers_bof
2012-06-16 14:56:45 -05:00
a8a4594cd4
Documenting esi alignment plus using target_uri.to_s
2012-06-16 09:26:22 +02:00
424948a358
Fix title
2012-06-16 01:48:00 -05:00
38926fb97c
Description and name change
2012-06-15 20:11:34 -05:00
c676708564
BrowserAutopwn info completed
2012-06-16 02:26:33 +02:00
ce241b7e80
BrowserAutopwn info completed
2012-06-16 02:18:01 +02:00
495ed2e434
BrowserAutopwn info added
2012-06-16 02:14:24 +02:00
8a89968a1d
Added module for CVE-2012-1889
2012-06-16 01:50:25 +02:00
80a0b4767a
add osvdb ref
2012-06-15 09:02:31 -05:00
1d121071f3
Prepend nops to raw payload in encoder if needed
2012-06-15 09:59:10 +02:00
80d46580ec
One last minor change for metadata format
2012-06-14 21:48:24 -05:00
82799f2601
Some final touchup
...
This commit includes the following changes:
* Description change
* Additional references
* More testing
* Format change
* Other minor stuff
2012-06-14 21:46:38 -05:00
75a67d7160
Merge branch 'module-tfm_mmplayer' of https://github.com/bcoles/metasploit-framework into bcoles-module-tfm_mmplayer
2012-06-14 21:14:29 -05:00
091b3bbbd9
Added module plus encoder for CVE-2012-2329
2012-06-15 00:29:52 +02:00
fb67fe9161
Merge branch 'mrmee-cmdsnd_ftp_exploit'
2012-06-14 14:19:56 -05:00
cde3c48765
Change title
2012-06-14 14:18:30 -05:00
b107025860
Correct typo. Also make use of random junks.
2012-06-14 14:17:57 -05:00
8e06babbba
Make msftidy happy
2012-06-14 14:16:07 -05:00
66e92d0200
Merge branch 'cmdsnd_ftp_exploit' of https://github.com/mrmee/metasploit-framework into mrmee-cmdsnd_ftp_exploit
2012-06-14 12:17:29 -05:00
c1685c44c3
Fix disclosure date
2012-06-14 10:03:49 -05:00
1cdf964719
A little change to the description
2012-06-14 10:03:15 -05:00
48ee81de29
Add CVE-2012-2915
2012-06-14 09:56:01 -05:00
940f904dee
Changed date format to new DisclosureDate format. Removed two redundant spaces. Now passes msftidy.
2012-06-14 12:10:03 +09:30
a5fca47f56
updated windows XP SP3 pivot offset, please retest this
2012-06-14 10:31:17 +10:00
7dc19bba16
Merge branch 'cmdsnd_ftp_exploit' of https://github.com/mrmee/metasploit-framework into mrmee-cmdsnd_ftp_exploit
2012-06-13 14:55:44 -05:00
15b674dab3
Language on MS12-005
2012-06-13 14:22:20 -05:00
99b9261294
Caps in title
2012-06-13 14:19:04 -05:00
559683f2a1
Fixing CRLFs on winlog_runtime_2
2012-06-13 13:59:39 -05:00
3cf4f7ab44
Fixing indents on msadc module
2012-06-13 13:59:38 -05:00
42ee2b5c02
Add alienvault.com reference
2012-06-13 12:19:51 -05:00
6abb7bb987
Added module for CVE-2012-1875 as exploited in the wild
2012-06-13 18:33:26 +02:00
209d6d20d1
comsnd ftp remote format string overflow exploit
2012-06-14 02:22:31 +10:00
1fbe5742bd
Axe some copy-pasta
2012-06-12 23:58:20 -06:00
9f78a9e18e
Port ms10-092 to the new Exploit::Local format
2012-06-12 23:58:20 -06:00
9756f87517
Added TFM MMPlayer (m3u/ppl File) Buffer Overflow module
2012-06-13 13:50:12 +09:30
74c6eb6f78
Change the title and add a Microsoft reference.
...
This is a MS bug, therefore it's important to point out which
bulletin it belongs to.
2012-06-10 14:45:15 -05:00
efcb206cdf
Correct a typo
2012-06-10 14:38:14 -05:00
4743c9fb33
Add MS12-005 (CVE-2012-0013) exploit
2012-06-10 01:08:28 -05:00
a9ee2b3480
Use of make_nops
2012-06-08 19:20:58 +02:00
91f5f304cb
Added module for CVE-2011-2217
2012-06-08 18:10:20 +02:00
3726ddddac
Software name correction thanks to modpr0be
2012-06-08 07:07:19 -05:00
41d49ed553
Another badchar analysis. Allow shorter delay (5sec to 1)
2012-06-08 01:59:09 -05:00
e5b451c000
Too many tabs for the beginning of the description
2012-06-07 23:08:11 -05:00
520c0ca660
Make msftidy happy
2012-06-07 23:07:39 -05:00
61f5eddf47
Move winlog file
2012-06-07 23:03:30 -05:00
9adec7e7e7
Merge branch 'winlog-2.07.14' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-winlog-2.07.14
2012-06-07 23:02:23 -05:00
1eb73dec38
Merge branch 'aushack-master'
2012-06-07 12:17:49 -05:00
42795fec00
Get rid of some whitespace
2012-06-07 12:17:25 -05:00
bd714017bb
samsung_neti_wiewer: add Space property for Payload
2012-06-07 16:00:36 +02:00
0e20d324b8
Added ms02_065_msadc exploit module.
2012-06-07 21:02:13 +10:00
2f3b1effb9
Added module for OSVDB 81453
2012-06-07 12:47:09 +02:00
28fe4c0be5
What's this break stuff?
...
"break" should be "return"
2012-06-06 11:21:35 -05:00
a54b14b192
Remove whitespace
2012-06-06 11:21:34 -05:00
c36ab97d41
Updated msadc exploit with fixes.
2012-06-06 11:21:34 -05:00
f25b828d31
Added exploit module msadc.rb
2012-06-06 11:21:34 -05:00
f4f023cbfb
add BID
2012-06-06 09:44:16 +02:00
3f0431cf51
Massive whitespace destruction
...
Remove whitespace found at the end of the line
2012-06-06 00:36:17 -05:00
f438e6c121
Remove the 'Rop' key because we don't really use it
2012-06-05 16:07:23 -05:00
f9651be88e
Merge branch 'ms11_093_ole32' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ms11_093_ole32
2012-06-05 15:44:13 -05:00
a30f104ee6
Fix space on Authors
2012-06-05 18:23:57 +02:00
93741770e2
Added module for CVE-2011-3400
2012-06-05 18:21:55 +02:00
95d949e860
sleep and at
2012-06-05 18:08:46 +02:00
dc6b2f4205
merged unstable-modules/exploits/incomplete/linux/ids/snortdcerpc.rb with exploits/windows/ids/snort_dce_rpc.rb
2012-06-05 04:14:40 -07:00
d9c39d3798
Fix the rest of nil res from get_once
2012-06-04 17:26:15 -05:00
a071d2805e
Fix the rest of possible nil res bugs I've found
2012-06-04 14:56:27 -05:00
0acbd99e71
targets
2012-06-04 20:08:58 +02:00
08ff6c72b1
winlog_lite_2.07.14 initial commit
2012-06-04 17:24:01 +02:00
3752c10ccf
Adding FireFart's RPORT(80) cleanup
...
This was tested by creating a resource script to load every changed
module and displaying the options, like so:
````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````
...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.
Thanks FireFart!
Squashed commit of the following:
commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date: Fri May 25 22:09:42 2012 +0200
Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
2012-06-02 09:53:19 -05:00
ced5b9916e
Whitespace fix for script-fu module
...
This is really just to check the GitHub IRC bot thinger.
2012-06-01 12:24:52 -05:00
353d49d05b
Modify the description
2012-06-01 12:04:46 -05:00
abbd8c8cd5
Added module for CVE-2012-2763
2012-06-01 18:53:25 +02:00
4681ed1c1e
Whitespace, thanks msftidy.rb!
2012-05-31 18:18:27 -06:00
c463bd7c6d
Fixing description for citrix module
2012-05-31 16:37:35 -05:00
17e41b2e39
Fixing description for citrix module
2012-05-31 16:36:21 -05:00
a0b491355c
Merge pull request #436 from jvazquez-r7/citrix_streamprocess_get_footer
...
Added module for Citrix Provisioning Services 5.6 SP1
2012-05-31 14:35:22 -07:00
02a41afb2b
Fixing description for juan's Citrix module
2012-05-31 16:34:13 -05:00
00bb216927
Merge pull request #435 from jvazquez-r7/citrix_streamprocess_get_boot_record_request
...
Added module for Citrix Streamprocess Opcode 0x40020004 Buffer Overflow
2012-05-31 14:33:20 -07:00
47c5745673
Fixed name module
2012-05-31 23:23:11 +02:00
e324ed5251
Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020002 Buffer Overflow
2012-05-31 23:21:43 +02:00
1c11b1b1b7
Added module for Citrix Streamprocess Opcode 0x40020002 Buffer Overflow
2012-05-31 23:17:38 +02:00
b5f5804d94
description updated
2012-05-31 23:14:25 +02:00
198070361b
Added module for ZDI-12-010
2012-05-31 22:45:55 +02:00
7e6c2f340e
Minor updates; added BID, fixed grammar
...
Modules should not refer to themselves in the first person unless they
are looking for Sarah Connor.
2012-05-30 16:16:41 -05:00
065d3187d3
Added module for OSVDB 74604
2012-05-29 21:10:51 +02:00
db5b3c8259
Added module for OSVDB 82000
2012-05-28 08:51:36 +02:00
18c8314d79
Change unknown authors to "Unknown".
...
Since "Anonymous" has become a well known organization, the meaning of the
term also may cause confusion. In order to clarify, we correct unknown
authors to simply "Unknown".
2012-05-26 15:23:09 -05:00
8f537653b4
Merge pull request #420 from wchen-r7/quickshare
...
Add OSVDB-70776 - QuickShare File Share
2012-05-26 01:04:21 -07:00
0b86ceb528
Add OSVDB-70776
2012-05-26 03:00:32 -05:00
7b0fbaed23
Merge pull request #417 from wchen-r7/rabidhamster
...
Add OSVDB-79007 - RabidHamster R4 Log Entry BoF
2012-05-25 01:11:17 -07:00
d595f908fc
Add OSVDB-79007
2012-05-25 03:06:28 -05:00
f7224ab306
flexnet_lmgrd_bof rand_text fix
2012-05-24 18:02:25 +02:00
5004515187
Resolved conflicts merging back from release
...
Merge branch 'release'
Conflicts:
lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb
modules/exploits/windows/license/flexnet_lmgrd_bof.rb
2012-05-24 00:27:41 -05:00
0b7b71e240
Correct run-on sentence
2012-05-23 10:27:23 -05:00
94f114b69a
Fix typos
2012-05-23 10:22:52 -05:00
7a4f1a111b
Merge branch 'cve-2008-0320_openoffice_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-cve-2008-0320_openoffice_bof
2012-05-23 10:20:16 -05:00
287d68f304
added module for CVE-2008-0320
2012-05-23 17:14:11 +02:00
a37e98f159
Updating release from master.
2012-05-22 14:12:08 -05:00
c4b64a51f7
Added reference to vendor advisory
2012-05-22 13:22:26 -05:00
c823e8099e
randomization when possible for flexnet_lmgrd_bof
2012-05-22 08:32:10 +02:00
cafe803217
Fix typos
2012-05-21 16:32:33 -05:00
72b1f113ce
Added module for ZDI-12-052
2012-05-21 16:32:33 -05:00
675dfe4e14
Don't keep the weblogi return codes secret
2012-05-21 11:27:24 -05:00
1fc7597a56
Msftidy fixes.
...
Fixed up activecollab_chat, batik_svg_java, and foxit_reader_launch
All whitespace fixes.
2012-05-21 10:59:52 -05:00
822e109b1f
Merge pull request #398 from wchen-r7/foxit_reader_launch
...
CVE-2009-0837 by bannedit - Foxit Reader 3 Launch Action BoF
2012-05-20 07:58:29 -07:00
f9bcb95952
Correct EDB references
2012-05-19 02:24:29 -05:00
e4f80a1fab
Francisco is the the one who found it according to advisory
2012-05-18 17:12:52 -05:00
41aac751e9
Add CVE-2009-0837 by bannedit - Foxit Reader 3 Launch Action Buffer Overflow
...
This was added last year, but yanked due to some reliability issues.
bannedit gave me the updated version recently, and the issue he was having
appears to be resolved.
There is no good P/P/R to use in XP SP3, so that system isn't supported.
2012-05-18 13:25:51 -05:00
bedf010676
description modified
2012-05-18 01:23:09 +02:00
e7f5bf132c
trying to improve bea weblogic connector bof
2012-05-18 01:13:56 +02:00
c0d17734ed
Improve run-on sentences.
2012-05-17 15:00:00 -05:00
32a0596a03
Merge branch 'oracle_bea_post_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_bea_post_bof
2012-05-17 14:52:10 -05:00
c4ab521d7b
better tab indentation
2012-05-17 21:41:31 +02:00
0b35ab6a75
If the target isn't support, make sure we warn the user
2012-05-17 12:34:17 -05:00
a21e832336
fingerprinting bea connector with Transfer-Encoding
2012-05-17 19:21:16 +02:00
952ada1742
Fix broken target (variable naming)
2012-05-17 11:37:49 -05:00
9a5e4d6500
Added target BEA Weblogic 8.1 SP4
2012-05-17 11:07:22 +02:00
445bd90afb
Added module for CVE-2008-3257
2012-05-17 10:28:18 +02:00
b89e77c842
Add Spanish dir path. Thanks Miguel
2012-05-15 19:27:48 -05:00
f5698f4bdc
Msftidy on mozilla_attribchildremoved.rb
...
was executable, had bad spacing.
2012-05-15 15:45:07 -05:00
82885cc6e5
Fixing author tags
...
Ensuring a space between name and email.
2012-05-15 15:45:07 -05:00
898398fd54
Fixing author tags
...
Ensuring a space between name and email.
2012-05-15 15:43:53 -05:00
9b3f602910
Msftidy on mozilla_attribchildremoved.rb
...
was executable, had bad spacing.
2012-05-15 15:39:30 -05:00
d54a228f65
Correct version number
2012-05-15 01:16:41 -05:00
7690e86a89
add osvdb ref
2012-05-14 07:14:10 -05:00
bcfa96ced8
add osvdb ref
2012-05-14 07:13:49 -05:00
d2c26f989c
Cleanup whitespace
2012-05-13 04:42:22 -05:00
c1fbf1f931
Merge branch 'mozilla_attribchildremoved' of https://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-mozilla_attribchildremoved
2012-05-13 04:37:49 -05:00
dd42c3096e
added exploit for Firefox 8&9 AttributeChildRemoved UAF
2012-05-13 11:31:46 +02:00
5d8fbefc3d
Merge pull request #378 from wchen-r7/distinct
...
Add OSVDB-80984 - Distinct TFTP Directory traversal
2012-05-11 13:14:19 -07:00
653d7e5923
Add OSVDB-80984
2012-05-11 15:07:31 -05:00
7eabce8872
Add comment for PrependEncoder
2012-05-10 12:18:50 -05:00
65800f7c6e
Whitespace on solarwinds
2012-05-09 12:47:22 -05:00
ce16ab662c
Cosmetic changes. Also lower the rank for now, because I picked up a state where it can be less stable.
2012-05-08 00:22:19 -05:00
22585ad935
Merge branch 'firefox_exploit' of https://github.com/lincoln-corelan/metasploit-framework into lincoln-corelan-firefox_exploit
2012-05-08 00:00:03 -05:00
b8227b8a2e
Firefox Exploit
2012-05-07 19:41:03 -07:00
f6c88377f4
Fixes #362 by changing the exitfunction arguments to be the correct type
2012-05-07 02:41:08 -05:00
ba4ae384d7
add osvdb ref
2012-05-05 10:14:07 -05:00
d5d35551ab
Add EDB reference
2012-05-04 00:11:29 -05:00
25b11a02b5
Update the comment for check()
2012-05-03 20:37:36 -05:00
4bf674ece6
Pff, and of course, I had to make a typo on that one
2012-05-03 20:34:52 -05:00
1a4d3f849c
A little change to the description
2012-05-03 20:33:28 -05:00
7ca69f00b0
Add Solarwinds Storage Manager 5.1.0 SQL Injection (code execution)
2012-05-03 20:24:42 -05:00
3e72f555ae
Forgot... I don't need to print the client's IP manually anymore
2012-05-01 12:56:03 -05:00
3099236059
We no longer have to print the client's IP, because it's now a built-in feature.
2012-05-01 12:47:55 -05:00
01b0d85526
module for cve-2012-1775 added
2012-05-01 16:39:30 +02:00
5fec29e6b7
Add McAfee Virtual Technician ActiveX MVTControl vulnerability
2012-04-30 16:23:52 -05:00
fd2e4c12a2
Fix possible "can't convert Fixnum into String" error
2012-04-30 13:49:53 -05:00
cc76438a75
Merge branch 'jlee-r7-http-print-standardization'
2012-04-25 15:38:46 -05:00
711fb73048
Fix more print_*
2012-04-25 15:01:50 -05:00
9189dea4e4
Merge branch 'http-print-standardization' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-http-print-standardization
2012-04-25 13:53:30 -05:00
9c9b74cae2
Small change with the description
2012-04-24 15:47:31 -05:00
ecd7762df9
Merge branch 'shadow-exploit-module' of https://github.com/b0telh0/metasploit-framework into b0telh0-shadow-exploit-module
2012-04-24 15:30:09 -05:00
sinn3r
Tod Beardsley
HD Moore
Steve Tornio
jvazquez-r7
m-1-k-3
James Lee
Steven Seeley
Juan Vazquez
modpr0be
bcoles
Patrick Webster
0a2940
Christian Mehlmauer
sinn3r
Jeff Jarmoc
Peter Van Eeckhoutte (corelanc0d3r)
lincoln-corelan
juan