705cf41858
Add firefox_xpi_bootstrapped_addon exploit
...
This is similar to java_signed_applet as it does not exploit a vulnerability, but
hope that the user will trust the addon.
2012-04-10 13:39:54 +02:00
2de0c801d9
Add vulnerable version numbers to the description
2012-04-09 14:41:42 -06:00
246ebca940
added module for CVE-2012-0198
2012-04-09 20:45:27 +02:00
bef12478fc
Merge branch 'bap-refactor' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-bap-refactor
2012-04-09 09:58:22 -05:00
037fbf655e
Standardize the print format for modules used by browser autopwn
2012-04-09 01:57:50 -06:00
3ca440089e
Add checks for .NET requisites
...
Also standardizes print_status format to look nicer with lots of cilents
2012-04-09 01:23:44 -06:00
a6b106e867
Remove autopwn support for enjoysapgui_comp_download
...
No automatic targeting, the payload doesn't execute immediately, and
requires the browser be running as Admin. Bascially just not a great
candidate for being run automatically.
2012-04-09 01:05:37 -06:00
409ba3139b
Add bap checks for blackice exploit
2012-04-09 00:50:04 -06:00
5fefb47b7f
Some cosmetic changes
2012-04-09 01:43:20 -05:00
95dbb8a818
Merge branch 'snort-dce-rpc' of https://github.com/carmaa/metasploit-framework into carmaa-snort-dce-rpc
2012-04-09 00:17:44 -05:00
da1cb2b81d
ActiveX controls require IE
2012-04-08 22:07:09 -06:00
ce0de02a2a
Modified for 8-space tabs
2012-04-08 16:09:28 -04:00
89c1894e07
Minor formatting changes, tabs etc. and comments for clarity
2012-04-08 15:45:23 -04:00
51bdfe14fd
2012, not 2011, oops
2012-04-08 13:21:37 -05:00
24478e9eb5
Add Dolibarr ERP & CRM Command Injection Exploit
2012-04-08 13:20:22 -05:00
05eba0ab4c
Cosmetic changes, mostly :-)
2012-04-07 14:47:23 -05:00
938d5d0a75
added references for cve-2012-1196
2012-04-07 20:22:59 +02:00
ee7bce5995
deletion of the ASP script
2012-04-07 20:19:45 +02:00
8761d39190
exploit module added for CVE-2012-1195
2012-04-07 19:04:17 +02:00
b2e0acd92a
Tidied up the exploit
2012-04-06 20:41:54 -04:00
4e955e5870
replace spaces with tabs
2012-04-06 10:45:10 -05:00
67e6c7b850
tomcat_mgr_deploy may report successful creds
...
Using following code for 'check' as 'exploit':
report_auth_info(
:host => rhost,
:port => rport,
:sname => (ssl ? "https" : "http"),
:user => datastore['BasicAuthUser'],
:pass => datastore['BasicAuthPass'],
:proof => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
:active => true
)
Resulting in:
Credentials
===========
host port user pass type active?
---- ---- ---- ---- ---- -------
192.168.x.xxx 8080 tomcat s3cret password true
2012-04-06 10:45:10 -05:00
56b10d4d23
Merge branch 'CVE-2012-0270_csound_getnum_bof' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2012-0270_csound_getnum_bof
2012-04-06 02:28:26 -05:00
68c81e3ae0
Add OSVDB-80661 TRENDnet SecurView ActiveX BoF
2012-04-06 02:26:04 -05:00
b184a6dc5c
Exploit for Snort CVE-2006-5276 on Windows
2012-04-05 19:46:56 -04:00
14e3cd75dc
Revert "tomcat_mgr_deploy may report successful creds"
...
This reverts commit 937f8f035a
2012-04-05 16:17:06 -05:00
5c6856539e
.idea dir deleted
2012-04-05 22:46:43 +02:00
955de5a68c
comment fixed
2012-04-05 22:46:13 +02:00
c5f73d3d7a
added module for CVE-2012-0270_csound_getnum_bof
2012-04-05 22:35:42 +02:00
eb39b5f6aa
Msftidy on netop
2012-04-05 10:33:57 -05:00
8628991b1d
Merge pull request #305 from jlee-r7/bap-refactor
...
Bap refactor
2012-04-05 08:02:43 -07:00
937f8f035a
tomcat_mgr_deploy may report successful creds
2012-04-05 11:09:56 +02:00
974d95b175
Both of these are obsoleted by java_atomicreferencearray
2012-04-03 18:23:42 -06:00
c79060915a
Add Chap0's netop exploit
2012-04-03 11:51:58 -05:00
48d6157d6e
New NetOp Guest msf module http://www.netop.com/
2012-04-02 16:53:51 -07:00
bd5f43c918
Add another good reference by @mihi42
2012-04-01 01:30:50 -05:00
bab4cddd83
Add Jeroen Frijters for finding/reporting the bug
2012-03-31 03:01:09 -05:00
cc54a260f5
Merge remote branch 'upstream/master'
2012-03-30 14:31:12 -06:00
0547369966
Add bap support for flash mp4 and new java bug
...
Also fixes a silly issue where adobe_flash_mp4_cprt was adding the
/test.mp4 resource after every request instead of just once at startup.
2012-03-30 12:59:07 -06:00
ae21c05e69
add osvdb ref
2012-03-30 07:26:07 -05:00
e018c6604f
Modify CVE-2012-0507
2012-03-30 02:06:56 -05:00
f069a32223
Merge pull request #288 from wchen-r7/cve_2012_0507
...
Adding sinn3r and juan's exploit for CVE-2012-0507. Blog post coming soon.
2012-03-29 08:46:49 -07:00
791ebdb679
Add CVE-2012-0507 (Java)
2012-03-29 10:31:14 -05:00
5248ec87b5
Fixing EDB reference
2012-03-27 16:49:47 -05:00
e2606764cb
forgot to add renamed module
2012-03-25 09:08:38 -07:00
7ea37253a0
modifications recommended by sinn3r
2012-03-25 09:04:35 -07:00
d8ddb19b56
cve-2008-0610 windows exploit module
2012-03-25 00:14:19 -07:00
e1783acd6f
Adding newline to end of ricoh_dl_bof.rb
2012-03-23 16:31:11 -05:00
2bcf259301
Setting correct LFs on freepbx_callmenum.rb
2012-03-23 16:29:42 -05:00
71462bc73d
Merging in freepbx_callmenum.rb and ricoh_dl_bof.rb
...
[Closes #266 ]
2012-03-23 16:23:36 -05:00
fbfd308d79
This actually shouldn't go it now because it's still being code reviewed
2012-03-23 15:32:24 -05:00
47493af103
Merge pull request #259 from todb-r7/edb-2
...
Convert Exploit-DB references to first-tier "EDB-12345" references
2012-03-23 12:09:07 -07:00
fef1e31e2a
Merge branch 'olliwolli-3cdaemonsp3'
2012-03-23 08:52:19 -05:00
e30623a2c9
Merge pull request #264 from wchen-r7/ricoh_dc_exploit
...
Add Ricoh DC DL-10 FTP Buffer Overflow
2012-03-23 06:45:02 -07:00
20f0a58c6a
Minor fixes
2012-03-23 08:23:30 -05:00
30a3d8bb96
Add Windows SP3 to targets.
2012-03-23 13:52:18 +01:00
17a044db89
Print the full URI
...
Makes everything obvious from output alone, don't need to show options
to see what RHOST is.
2012-03-22 18:44:55 -06:00
6625d97599
Add Ricoh DC DL-10 FTP Buffer Overflow
2012-03-22 15:30:00 -05:00
0a24c354db
Update ms10-002 with dyphens
2012-03-21 19:19:20 -05:00
7d12a3ad3a
Manual fixup on remaining exploit-db references
2012-03-21 16:43:21 -05:00
2f3bbdc00c
Sed replacement of exploit-db links with EDB refs
...
This is the result of:
find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/ \([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
2c16eb29b6
Add CVE-2010-0248 Internet Explorer Object Handling Use After Free exploit
2012-03-21 16:11:26 -05:00
23c9c51014
Fixing CVE format on sit_file_upload.
2012-03-21 09:59:20 -05:00
da963fc8b2
Adding OSVDB for dell_webcam_crazytalk.rb
2012-03-20 07:52:50 -05:00
e325469f6e
Grammar fix for dell_webcam_crazytalk module
2012-03-20 07:43:02 -05:00
f4dac59894
Add Dell Webcam CrazyTalk component BackImage overflow exploit
2012-03-20 03:46:37 -05:00
cdd7a16603
Apply egypt's fix for "\n"
2012-03-19 10:19:10 -05:00
aeb691bbee
Massive whitespace cleanup
2012-03-18 00:07:27 -05:00
7c77fe20cc
Some variables don't need to be in a double-quote.
2012-03-17 20:37:42 -05:00
e3f2610985
Msftidy run through on the easy stuff.
...
Still have some hits, but that requires a little more code contortion to
fix.
2012-03-15 17:06:20 -05:00
9144c33345
MSFTidy check for capitalization in modules
...
And also fixes up a dozen or so failing modules.
2012-03-15 16:38:12 -05:00
5250b179c8
Add CVE and OSVDB ref
2012-03-15 04:40:27 -05:00
ecb1fda682
Add OSVDB-79651: NetDecision 4.5 HTTP Server Buffer Overflow
2012-03-14 05:13:22 -05:00
1cf25e58d5
merge description change
2012-03-12 17:22:01 -05:00
7d95132eab
Use a cleaner way to calculate JRE ROP's NEG value
2012-03-11 17:27:47 -05:00
6c19466de8
Change output style
2012-03-11 13:59:18 -05:00
25a1552fbd
Dynamic VirtualProtect dwSize. Change output style.
2012-03-11 13:49:46 -05:00
b0e7c048c9
This module fits the GoodRanking description
2012-03-10 00:50:41 -06:00
1d5bad469c
Add Windows 7 SP1 target
2012-03-10 00:11:25 -06:00
1ae779157d
Disable Nops so we don't get an ugly crash after getting a shell
2012-03-08 18:56:58 -06:00
1e4d4a5ba0
Removing EncoderType from flash module
...
Also not very useful
2012-03-08 16:57:41 -06:00
302a42a495
Fixing up print statements
...
Dropping the ROP prints since they're not all that useful.
2012-03-08 16:56:44 -06:00
1396fc19bd
Fixup bad merge on flash mp4
2012-03-08 16:52:53 -06:00
cb04e47304
Attempt #2 : there's no cli in get_payload
2012-03-08 16:47:49 -06:00
3563fe1b36
The encoder "issue" was just a misconfig on my side. Also there's no cli in get_payload.
2012-03-08 16:41:32 -06:00
fee2e1eff9
Minor spray size change
2012-03-08 16:19:51 -06:00
12395c719f
Remove debugging code
2012-03-08 16:16:42 -06:00
87274987c1
Remove the now obsolete text about SWF_PLAYER
2012-03-08 16:16:13 -06:00
181fdb7365
A small title change
2012-03-08 16:10:16 -06:00
1271368b6f
Redirect to a trailing slash to make sure relative resources load
...
properly
2012-03-08 15:37:06 -06:00
b0db18674c
Test out new player code
2012-03-08 15:05:12 -06:00
eb847a3dfb
Add a nicer prefix to the target selection message
2012-03-08 13:46:14 -06:00
5b566b43b4
Catching an update from @hdmoore-r7
...
wrt the nuclear option.
2012-03-08 12:08:39 -06:00
edb3f19c12
A little more padding for Win Vista target
2012-03-08 12:04:04 -06:00
18962e1180
Checking in the new Flash exploit to the release
...
Using the checkout master directly:
git checkout master external/source/exploits/CVE-2012-0754/Exploit.as
git checkout master
modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb
2012-03-08 11:55:01 -06:00
86fc45810b
Remove the resource during cleanup
2012-03-07 23:04:53 -06:00
b4e0daf3ca
Small tweaks to the adobe mp4 exploit
2012-03-07 22:53:47 -06:00
8d93e3ad44
Actually use the password we were given...
2012-03-08 10:17:39 -07:00
9ece7b08fc
Add vendor's advisory as a reference
2012-03-08 00:46:34 -06:00
5f92bff697
Make sure no encoder will break the exploit again
2012-03-08 00:44:57 -06:00
2e94b97c82
Fix description
2012-03-07 23:59:51 -06:00
57376a976d
Fixes descriptions on new modules.
...
Fixing up grammar and removing some editorial verbiage.
2012-03-07 09:18:47 -06:00
0550b77522
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-03-07 20:04:04 -06:00
3b4ed13aee
Fix typo
2012-03-07 20:03:46 -06:00
33460b6bf4
Fixups on the Adobe Flash exploit description
...
Massaged the lines about the phishing campagin use in the wild.
2012-03-07 19:37:49 -06:00
c76f43c066
Add CVE-2012-0754: Adobe Flash Player MP4 cprt overflow
2012-03-07 19:24:00 -06:00
f97dc8dee7
Fix spelling of the IBM product iSeries
...
Was I-Series.
2012-03-07 15:24:15 -06:00
7dfba9c00d
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-03-07 14:51:39 -06:00
0ee7788028
Add a check to detect the vulnerable version of Sysax SSH
2012-03-07 14:51:21 -06:00
ba2bf194fd
Fixes descriptions on new modules.
...
Fixing up grammar and removing some editorial verbiage.
2012-03-07 09:17:22 -06:00
02ea38516f
Add a check method for tomcat_mgr_deploy
2012-03-06 23:22:44 -07:00
2b9acb61ad
Clean up some incosistent verbosity
...
Modules should use `vprint_*` instead of `print... if
datastore["VERBOSE"]` or similar constructs
2012-03-06 12:01:20 -07:00
22a12a6dfc
Add Lotus CMS exploit (OSVDB-75095)
2012-03-06 11:36:28 -06:00
99177e9d5e
Small commit to fix bad reference and old comment
2012-03-06 01:44:26 -06:00
70162fde73
A few more author typos
2012-03-05 13:28:46 -07:00
4b1e67f94f
Add ROP target for Win2k3 SP1 and SP2
2012-03-04 17:18:34 -06:00
8f93a5abbb
add osvdb ref
2012-03-03 12:28:30 -06:00
fa916d863d
Add Sysax SSH buffer overflow exploit
2012-03-03 10:11:51 -06:00
67f788768d
Fix tabs
2012-03-01 22:31:08 -06:00
fd2d9ae0ea
Add MP4 file generating function. Update the description regarding exploit usage.
2012-03-01 22:24:35 -06:00
b1b2ec2c7d
Merge branch 'CVE-2008-5036_vlc_realtext' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2008-5036_vlc_realtext
2012-03-01 21:13:33 -06:00
8bad0033d3
Update description
2012-03-01 19:16:29 -06:00
0bc26c1665
Add CVE-2009-4656: DJ Studio .pls buffer overflow
2012-03-01 19:09:25 -06:00
f1a6d8f535
Added exploit module for CVE-2008-5036
2012-03-01 23:06:40 +01:00
5a5e5eab95
Add msvcrt ROP target for IE8
2012-03-01 15:23:41 -06:00
2d802750e3
fix osvdb ref
2012-03-01 08:07:11 -06:00
256fee3626
add osvdb ref
2012-03-01 08:06:53 -06:00
4369f73c7a
Msftidy fixes on new modules
...
Dropped a cryptic year reference from jducks' java module, found a
spurious space in thelightcosine's telnet module.
2012-02-29 10:42:43 -06:00
74cdb5dabc
It's a two-space tab, not one space. OMG.
2012-02-29 10:13:29 -06:00
986807e525
Add CVE-2012-0201 IBM Personal Communications .ws buffer overflow
2012-02-28 19:01:54 -06:00
5560087006
Add OSVDB 79438 Asus Net4Switch ActiveX Buffer Overflow
2012-02-28 18:58:28 -06:00
ef4cdb516d
add osvdb ref
2012-02-26 07:13:13 -06:00
7281a0ebdd
Add CVE-2011-0923: HP Data Protector CMD_EXEC module (submitted by wireghoul)
2012-02-24 12:06:47 -06:00
339fb8d266
eh, I mean Win2k3 SP0 to SP1
2012-02-23 17:33:49 -06:00
e262d7a7ff
Add CVE-2012-0500 Sun Java Web Start exploit
2012-02-23 13:30:45 -06:00
08fb03276f
add osvdb ref
2012-02-23 07:39:31 -06:00
144fa0dc0e
Comment what \x0b\x04 is for
2012-02-22 22:59:43 -06:00
291e083d65
Add CVE-2011-5001: TrendMicro Control Manager 5.5 CmdProcessor Stack Bof
2012-02-22 19:44:47 -06:00
4ee1f989a6
Merge branch 'CVE-2008-1602_orbit_download_failed_bof' of https://github.com/juanvazquez/metasploit-framework
2012-02-22 19:40:56 -06:00
5e6c40edfd
Remove unnecessary space restrictions.
...
This allows using the full range of PHP payloads
2012-02-21 23:21:07 -07:00
464cf7f65f
Normalize service names
...
Downcases lots and standardizes a few. Notably, modules that reported a
service name of "TNS" are now "oracle". Modules that report http
now check for SSL and report https instead.
[Fixes #6437 ]
2012-02-21 22:59:20 -07:00
7ca573a1b4
Give these two old modules a chance to work by setting a proper arch
...
These must have been broken for quite some time. =/ They should
probably both be ARCH_PHP but I'm reluctant to make that big of a change
without having the target software to test.
2012-02-21 22:59:20 -07:00
4932a9ca25
Dont dump an HTML document to the console
2012-02-21 23:45:25 -06:00
d6310829ea
Added module for CVE-2008-1602
2012-02-21 22:36:57 +01:00
4a631e463c
Module title normalization
...
Module titles should read like titles. For
capitalization rules in English, see:
http://owl.english.purdue.edu/owl/resource/592/01/
The only exceptions are function names (like 'thisFunc()') and specific
filenames (like thisfile.ocx).
2012-02-21 11:07:44 -06:00
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
ab92e38628
Small cosmetic change to module descriptions
2012-02-20 19:29:51 -06:00
af56807668
Cleanup the titles of many exploit modules
2012-02-20 19:25:55 -06:00
dc4bade78c
Use OptEnum to validate delivery method
2012-02-17 21:03:05 -06:00
5bb9afe789
Correct disclosure date format
2012-02-16 18:15:51 -06:00
01a6b02c3e
Add exploit for CVE-2012-0209, thx eromang!
2012-02-16 03:10:55 -06:00
d2444e1cf6
fix a few typos
2012-02-16 03:10:22 -06:00
e69037959f
Added CVE-2010-0842
2012-02-15 23:32:31 +01:00
829040d527
A bunch of msftidy fixes, no functional changes.
2012-02-10 19:44:03 -06:00
daca3e93a5
add osvdb ref
2012-02-10 07:05:42 -06:00
782fcb040d
add osvdb ref
2012-02-10 07:05:26 -06:00
1a240648fa
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-02-10 06:51:02 -06:00
5ea20a332b
Clearly I had the wrong disclosure date. This one is based on Adobe's security bulletin.
2012-02-10 00:13:39 -06:00
e5ea2961f5
Add CVE-2011-2140 Adobe Flash SequenceParameterSetNALUnit (mp4) bof
2012-02-10 00:10:28 -06:00
2bd330da33
Add ZDI-12-009 Citrix Provisioning Services 5.6 streamprocess buffer overflow exploit
2012-02-10 00:06:48 -06:00
1b7fffbf8a
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-02-05 07:30:08 -06:00
ed34fd70fd
Modified (and tested) to work on Lion 10.7.2 and 10.7.3
2012-02-03 12:39:22 +02:00
d90fe9b9b7
add osvdb ref
2012-02-02 13:43:03 -06:00
aa44eb955e
Correct author e-mail format
2012-02-02 11:27:43 -06:00
6b29af5c23
Add user-agent check. Auto-migrate.
2012-02-02 03:11:10 -06:00
6be65acfe2
Merge branch 'CVE-2008-2551_c6_DownloaderActiveX' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2008-2551_c6_DownloaderActiveX
2012-02-02 02:54:02 -06:00
de675c349a
Upgrade exploit rank, because it fits the description
2012-02-02 02:49:06 -06:00
28b4f4b60d
Add Sunway ForceControl NetDBServer.exe Buffer Overflow (Feature #6331 )
2012-02-02 02:43:32 -06:00
82eacbe2fd
Added module for CVE-2008-2551
2012-02-01 23:26:28 +01:00
e371f0f64c
MSFTidy commits
...
Whitespace fixes, grammar fixes, and breaking up a multiline SOAP
request.
Squashed commit of the following:
commit 2dfd2472f7afc1a05d3647c7ace0d031797c03d9
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:58:53 2012 -0600
Break up the multiline SOAP thing
commit 747e62c5be2e6ba99f70c03ecd436fc444fda99e
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:48:16 2012 -0600
More whitespace and indent
commit 12c42aa1efdbf633773096418172e60277162e22
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:39:36 2012 -0600
Whitespace fixes
commit 32d57444132fef3306ba2bc42743bfa063e498df
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:35:37 2012 -0600
Grammar fixes for new modules.
2012-02-01 10:59:58 -06:00
c3bd151197
add a ranking
2012-01-31 20:43:32 -06:00
47c7f47f4e
Merge branch 'master' of r7.github.com:rapid7/metasploit-framework
2012-01-31 20:38:30 -06:00
d9ee43d3dc
add disclosure date
2012-01-31 20:38:05 -06:00
a814a9dce7
add disclosure date
2012-01-31 20:35:58 -06:00
0ba7557865
Fix typo in seattlelab_pass.rb exploit.
...
Also remove the $ from the end of the regex which stopped
the exploit from being executed.
2012-01-31 21:09:51 +01:00
e392958d90
add osvdb ref
2012-01-31 07:06:33 -06:00
bfd4734cbf
Forgot to add CMD as a datastore option, here it is
2012-01-30 17:34:58 -06:00
08134ad600
Add Exploit-DB reference
2012-01-30 16:17:25 -06:00
f3c340a9ab
Add vBSEO proc_deutf() Remote Code Execution (Feature #6307 )
2012-01-30 16:15:27 -06:00
1dec4c0c45
These modules should use vprint_xxx() instead of print_xxx() ... if datastore['VERBOSE']
2012-01-30 13:08:35 -06:00
fbac9a7239
Forgot to remove this comment
2012-01-28 13:18:15 -06:00
7b866eee86
Use the proper function for verbose prints
2012-01-27 12:50:01 -06:00
64651e52a8
Credit Shane of X-Force for the discovery
2012-01-27 11:18:34 -06:00
b4e2228404
Fix exitfunc option name
2012-01-27 09:15:31 -06:00
298b94d397
Add MS12-004 MIDI Heap Overflow Remote Code Execution Exploit (CVE-2012-003)
2012-01-27 03:48:39 -06:00
3952a06292
Minor changes
2012-01-26 11:35:43 -06:00
1af6740b24
Initial checking of hp_magentservice module
2012-01-25 13:04:30 -05:00
f6a6963726
Msftidy run over the recent changed+added modules
2012-01-24 15:52:41 -06:00
9e5d2ff60e
Improve URI, plus some other minor changes.
2012-01-19 13:26:25 -06:00
ca51492079
Merge branch 'master' of https://github.com/joernchen/metasploit-framework into joernchen-master
2012-01-19 13:17:06 -06:00
292332d355
Add some error handling for tns_version method
2012-01-19 13:03:19 -06:00
2199cd18d7
fine tuning thx to sinn3r
2012-01-19 19:50:30 +01:00
df9380500a
disclosure date added
2012-01-19 19:19:53 +01:00
8ce47ab832
Changing license for KillBill module
...
Talked with Solar Eclipse, and he's consented to change his module
license from GPL to BSD, thus striking a blow for freedom. Thanks!
2012-01-19 11:39:56 -06:00
197eb16f72
gitorious remote command exec exploit
2012-01-19 11:36:08 +01:00
ad6f8257e1
MSFTidy fixes.
2012-01-18 15:01:32 -06:00
d6e8f0b54d
Add Felipe as an author (plus a reference) because looks like the PoC originally came from him.
2012-01-18 13:33:27 -06:00
064a71fb1d
Add CVE-2011-3167 HP OpenView NNM exploit (Feature #6245 )
2012-01-18 12:05:18 -06:00
e4ed3c968d
Add OSVDB and BID references
2012-01-17 18:16:47 -06:00
75f543f3eb
Hilarious, I forgot to change the disclosure date.
2012-01-17 18:11:18 -06:00
2e8122dc88
Better MSF style compliance
2012-01-17 14:54:50 -06:00
a682e68073
Add CVE-2011-4786 HP Easy Printer Care XMLCacheMgr exploit (Feature #6246 )
2012-01-17 12:28:47 -06:00
4f16caed0f
Change naming style for MS type bug
2012-01-17 03:00:07 -06:00
eb5641820f
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-01-16 19:56:10 -06:00
618097ba3d
Whitespace and keyword cleanup
2012-01-16 19:55:27 -06:00
c15e7da0b8
Add ZDI-12-012 McAfee SaaS ShowReport code execution
2012-01-16 18:44:11 -06:00
4689421201
Correct variable naming style
2012-01-16 16:03:48 -06:00
11fc423339
Merge pull request #102 from cbgabriel/bsplayer-m3u
...
modules/exploits/windows/fileformat/bsplayer_m3u.rb
2012-01-16 11:24:48 -08:00
bd31f3f480
add osvdb ref
2012-01-13 13:21:33 -06:00
2eb35728f6
Randomize nops
2012-01-12 18:37:25 -06:00
ffe81584d1
updated author
2012-01-12 19:02:34 -05:00
e42e0004a9
Merge branch 'ms05_054_onload' of https://github.com/SamSharps/metasploit-framework into SamSharps-ms05_054_onload
2012-01-12 17:46:50 -06:00
a8ef3417b5
Fixed the date
2012-01-12 20:54:55 -06:00
e75e23b963
Removed more unused variables and fixed some formatting
2012-01-12 18:13:28 -06:00
f22f54034a
Removed unused variables
2012-01-12 18:05:54 -06:00
87ee6905df
Modified exploit to not need egg hunter shellcode
2012-01-12 18:01:22 -06:00
ad0b745b31
new file: modules/exploits/windows/fileformat/bsplayer_m3u.rb
2012-01-12 16:12:43 -05:00
500cfa6dd1
Removing telnet_encrypt_keyid_bruteforce.rb to unstable
...
can't ship for a few problems, will be fixed up soonish but
about to release a build.
2012-01-11 14:00:42 -06:00
092b226cce
Updating tns_auth_sesskey to use a user-supplied SID
...
Applying the patch suggested by Lukas, here: http://mail.metasploit.com/pipermail/framework/2012-January/008374.html
2012-01-11 07:31:36 -06:00
7e25f9a6cc
Death to unicode
...
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.
Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
bc9014e912
Add new v3.4 target by Michael Coppola (Feature #6207 )
2012-01-09 23:51:11 -06:00
90eb2b9a75
Add CVE-2011-4862 encrypt_key_id using the brute-force method (Feature #6202 )
2012-01-09 19:35:06 -06:00
8eee54d1d0
Add e-mail addr for corelanc0d3r (found it in auxiliary/fuzzers/ftp/client_ftp.rb)
2012-01-09 14:23:37 -06:00
e7d7302644
Dropping the umlaut, sacrificing accuracy for usability. Can't guarantee a viewer has a Unicode-capable terminal.
2012-01-09 11:22:44 -06:00
5d359785ae
Firefox 3.6.16 mChannel exploit for Mac OS X 10.6.8, 10.6.7 and 10.6.6
2012-01-09 12:10:25 +02:00
03a39f7fe8
Whitespace cleanup, also change print_status usage when verbose
2012-01-09 02:21:39 -06:00
2f9d563067
Update reference
2012-01-09 02:14:29 -06:00
243dbe50f0
Correct author name. Unfortunately not all editors can print unicode correctly.
2012-01-07 15:18:25 -06:00
4e858aba89
Add CVE-2012-0262 Op5 welcome.php Remote Code Execution
2012-01-07 15:13:45 -06:00
4645c1c2b9
Add CVE-2012-0261 Op5 license.php Remote Code Execution
2012-01-07 15:12:49 -06:00
9cf2af6a94
Adds exploit/windows/htt/xampp_webdav_upload_php
...
This exploit abuses weak default passwords on XAMPP
for windows to uplaod a php payload and execute it.
Fixes #2170
2012-01-06 12:00:14 -08:00
06414c2413
changed author to my actual name
2012-01-06 01:03:20 -06:00
b26ed37467
Added description, urls, and another author
2012-01-06 00:47:01 -06:00
5c05cebaf7
Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790
2012-01-06 00:16:45 -06:00
f3a9bc2dad
Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790
2012-01-06 00:12:28 -06:00
8315709fb6
Correct typo and set the disclosure date
2012-01-04 19:46:56 -06:00
8cced0a91e
Add CVE-2011-2462 Adobe Reader U3D exploit
2012-01-04 03:49:49 -06:00
958ffe6e1d
Fix stack trace from unknown agents
2012-01-02 03:41:49 -06:00
7bfdc9eff4
add osvdb ref
2012-01-01 09:10:10 -06:00
d9db03dba6
Add CoCSoft StreamDown buffer overflow (Feature #6168 ; no CVE or OSVDB ref)
2011-12-30 10:16:29 -06:00
b202c29153
Correct e-mail format
2011-12-29 11:27:10 -06:00
d484e18300
Add e-mail for tecr0c
2011-12-29 11:14:15 -06:00
9972f42953
Add e-mail for mr_me for consistency
2011-12-29 11:01:38 -06:00
b5b2c57b9f
Correct e-mail format
2011-12-29 10:57:00 -06:00
a330a5c63a
Add e-mail for Brandon
2011-12-29 10:53:39 -06:00
778d396bc6
add osvdb ref
2011-12-29 07:54:15 -06:00
6d72dbb609
add osvdb ref
2011-12-29 07:54:01 -06:00
a00dad32fe
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2011-12-29 07:50:33 -06:00
27d1601028
add osvdb ref
2011-12-29 07:49:16 -06:00
0e3370f1fe
Grammar and spelling on splunk and oracle exploits
2011-12-28 13:42:56 -06:00
Michael Schierl
James Lee
juan
sinn3r
Carsten Maartmann-Moe
andurin
Tod Beardsley
sinn3r
chap0
Steve Tornio
Tod Beardsley
Kurtis Miller
Oliver-Tobias Ripka
Jonathan Cran
HD Moore
Joshua J. Drake
Patroklos Argyroudis
Oliver-Tobias Ripka
Christopher McBee
joernchen of Phenoelit
root
root
Sam Sharps
David Maloney
sam