David Maloney
f75ff8987c
updated all my authour refs to use an alias
2012-09-19 21:46:14 -05:00
jvazquez-r7
9a83c7c338
changes according to egypt review
2012-09-14 18:47:50 +02:00
jvazquez-r7
eae571592c
Added rgod email
2012-09-14 17:45:16 +02:00
jvazquez-r7
a2649dc8d1
fix typo
2012-09-14 17:10:41 +02:00
jvazquez-r7
e27d5e2eb7
Description improved
2012-09-14 17:08:59 +02:00
jvazquez-r7
9c77c15cf5
Added module for osvdb 85087
2012-09-14 16:54:28 +02:00
jvazquez-r7
b4113a2a38
hp_site_scope_uploadfileshandler is now multiplatform
2012-09-06 12:54:51 +02:00
jvazquez-r7
2f87af1c3a
add some checks while parsing the java serialization config file
2012-09-05 20:58:55 +02:00
jvazquez-r7
b2116e2394
cleanup, test, add on_new_session handler and osvdb references
2012-09-05 20:54:25 +02:00
jvazquez-r7
406202fc81
Added module for ZDI-12-174
2012-09-05 12:56:09 +02:00
jvazquez-r7
f439f256b5
Debug line deleted on
2012-08-30 00:18:07 +02:00
sinn3r
c3159e369a
A lot gotcha
...
When res is nil, that condition can fall into the 'else' clause.
If that happens, we can trigger a bug when we try to read res.code.
2012-08-29 14:46:35 -05:00
jvazquez-r7
6a24e042f9
fixing indentation
2012-08-29 16:17:56 +02:00
jvazquez-r7
2ed712949e
Added check function
2012-08-29 16:12:11 +02:00
jvazquez-r7
72cb39925a
Added exploit for OSVDB 84821
2012-08-29 12:17:44 +02:00
sinn3r
1b6fe22359
Give proper credit to Craig plus additional references
...
Craig first found the buffer overflow. But Matt found a more
reliable way to exploit the flaw.
2012-08-21 22:48:15 -05:00
jvazquez-r7
3da8a59cf0
a little cleanup plus complete metadata
2012-08-20 22:42:54 +02:00
Matt Andreko
d226135986
Code Review Feedback
...
Removed trailing spaces and fixed indenting.
2012-08-20 10:41:42 -04:00
Matt Andreko
d82493a658
Code Review Feedback
...
Added 'Space' payload option, which in turn also required 'DisableNops'
Added/Corrected documentation for return addresses
2012-08-19 22:09:08 -04:00
Matt Andreko
bd249d1f28
Fixed exploit and made code review changes
...
The exploit was not working due to the user's root path causing
the EIP offset to change. To correct this, I was able to get
the server to disclose the root path in an error message (fixed in
5.67). I also radically refactored the exploit due to the feedback
I received from Juan Vazquez.
2012-08-19 10:01:03 -04:00
Matt Andreko
6dfe706860
Merge remote-tracking branch 'upstream/master' into sysax_create_folder
2012-08-19 09:58:04 -04:00
sinn3r
6059bb5710
Merge branch 'cyclope' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-cyclope
2012-08-13 11:40:46 -05:00
sinn3r
f9b5f321cb
ADD OSVDB-84517
2012-08-12 17:56:18 -05:00
jvazquez-r7
bf04e2dded
Added module for CVE-2011-2653
2012-08-12 18:27:56 +02:00
sinn3r
b46fb260a6
Comply with msftidy
...
*Knock, knock!* Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
sinn3r
57c32c9c7b
Slip Plixer's name in there, because it's their product.
2012-08-07 12:20:44 -05:00
jvazquez-r7
c2cc4b3b15
juan author name updated
2012-08-06 18:59:16 +02:00
Steve Tornio
eb963ae52a
add osvdb ref
2012-08-05 09:01:46 -05:00
Tod Beardsley
d5b165abbb
Msftidy.rb cleanup on recent modules.
...
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
2012-08-04 12:18:00 -05:00
sinn3r
6ae863cdff
Forgot two extra spaces, how dare me!
2012-08-01 15:11:33 -05:00
sinn3r
92d1d26288
Add CVE-2012-2962 : Dell SonicWall Scrutinizer exploit
2012-08-01 15:00:24 -05:00
Matt Andreko
2f7b5f35af
Added Sysax 5.64 Create Folder exploit
2012-07-29 10:40:02 -04:00
sinn3r
b527356e00
This check can be handy
2012-07-22 03:34:16 -05:00
jvazquez-r7
beb1fbb55d
Added module for Simple Web Server Connection header bof
2012-07-21 12:07:36 +02:00
HD Moore
7f3aeca501
Put lipstick on this pig for the time being
2012-07-15 21:35:29 -05:00
sinn3r
24c57b61a8
Add juan as an author too for improving the module a lot
2012-07-06 10:41:06 -05:00
jvazquez-r7
9fecc80459
User of TARGETURI plus improve of description
2012-07-06 15:47:25 +02:00
jvazquez-r7
7751c54a52
references updates
2012-07-06 11:56:03 +02:00
jvazquez-r7
f8ca5b4234
Revision of pull request #562
2012-07-06 11:52:43 +02:00
sinn3r
a3d74f5b10
Correct dead milw0rm references
2012-06-30 16:50:04 -05:00
sinn3r
e5dd6fc672
Update milw0rm references.
...
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links. Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
sinn3r
7c9a8ba699
Add OSVDB reference
2012-06-28 02:09:12 -05:00
sinn3r
d85ce8db5c
Update CVEs for HTTP exploits
2012-06-28 00:00:53 -05:00
HD Moore
348a0b8f6e
Merge branch 'master' into feature/vuln-info
2012-06-24 23:00:13 -05:00
jvazquez-r7
6be7ba98aa
ezserver_http: added bid reference
2012-06-20 22:08:58 +02:00
HD Moore
f7ecc98923
Merge branch 'master' into feature/vuln-info
2012-06-20 13:34:53 -05:00
HD Moore
d40e39b71b
Additional exploit fail_with() changes to remove raise calls
2012-06-19 19:43:41 -05:00
Tod Beardsley
3b1c434252
Remove trailing space
2012-06-19 16:44:07 -05:00
HD Moore
fb7f6b49f0
This mega-diff adds better error classification to existing modules
2012-06-19 12:59:15 -05:00
sinn3r
4987acc703
Correct e-mail format, description, and some commas.
2012-06-18 18:52:26 -05:00