Sam Sharps
|
b26ed37467
|
Added description, urls, and another author
|
2012-01-06 00:47:01 -06:00 |
Sam Sharps
|
5c05cebaf7
|
Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790
|
2012-01-06 00:16:45 -06:00 |
sam
|
f3a9bc2dad
|
Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790
|
2012-01-06 00:12:28 -06:00 |
HD Moore
|
8315709fb6
|
Correct typo and set the disclosure date
|
2012-01-04 19:46:56 -06:00 |
sinn3r
|
8cced0a91e
|
Add CVE-2011-2462 Adobe Reader U3D exploit
|
2012-01-04 03:49:49 -06:00 |
Joshua J. Drake
|
958ffe6e1d
|
Fix stack trace from unknown agents
|
2012-01-02 03:41:49 -06:00 |
Steve Tornio
|
7bfdc9eff4
|
add osvdb ref
|
2012-01-01 09:10:10 -06:00 |
sinn3r
|
d9db03dba6
|
Add CoCSoft StreamDown buffer overflow (Feature #6168; no CVE or OSVDB ref)
|
2011-12-30 10:16:29 -06:00 |
sinn3r
|
b202c29153
|
Correct e-mail format
|
2011-12-29 11:27:10 -06:00 |
sinn3r
|
d484e18300
|
Add e-mail for tecr0c
|
2011-12-29 11:14:15 -06:00 |
sinn3r
|
9972f42953
|
Add e-mail for mr_me for consistency
|
2011-12-29 11:01:38 -06:00 |
sinn3r
|
b5b2c57b9f
|
Correct e-mail format
|
2011-12-29 10:57:00 -06:00 |
sinn3r
|
a330a5c63a
|
Add e-mail for Brandon
|
2011-12-29 10:53:39 -06:00 |
Steve Tornio
|
778d396bc6
|
add osvdb ref
|
2011-12-29 07:54:15 -06:00 |
Steve Tornio
|
6d72dbb609
|
add osvdb ref
|
2011-12-29 07:54:01 -06:00 |
Steve Tornio
|
a00dad32fe
|
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
|
2011-12-29 07:50:33 -06:00 |
Steve Tornio
|
27d1601028
|
add osvdb ref
|
2011-12-29 07:49:16 -06:00 |
Tod Beardsley
|
0e3370f1fe
|
Grammar and spelling on splunk and oracle exploits
|
2011-12-28 13:42:56 -06:00 |
HD Moore
|
5dc647a125
|
Make it clear that this exploit is for RHEL 3 (White Box 3 uses the same
packages)
|
2011-12-28 02:02:03 -06:00 |
HD Moore
|
5d67bd2a5e
|
Phew. Exhaustive test of all i386 FreeBSD versions complete
|
2011-12-28 01:38:55 -06:00 |
HD Moore
|
1ff0cb2eef
|
More testing - looks like 5.5 is not exploitable, at least not the same
way
|
2011-12-28 01:30:25 -06:00 |
HD Moore
|
e071944a1a
|
Allow ff in payloads but double them back up
|
2011-12-28 00:04:24 -06:00 |
HD Moore
|
edb9843ef9
|
Add Linux exploit with one sample target (Whitebox Linux 3)
|
2011-12-28 00:00:10 -06:00 |
HD Moore
|
79103074cb
|
Add credit for Dan's advice
|
2011-12-27 23:39:02 -06:00 |
HD Moore
|
f9224d6010
|
Adds basic coverage for CVE-2011-4862. Ported from Jaime Penalba
Estebanez's code, mostly written by Brandon Perry, exploit method (jmp
edx) by Dan Rosenberg, and general mangling/targets by hdm.
|
2011-12-27 23:37:30 -06:00 |
sinn3r
|
101eba6aa5
|
Add CVE-2011-3587 Plone/Zope Remote CMD Injection (Feature #6151)
|
2011-12-27 00:59:26 -06:00 |
Steve Tornio
|
4215ef3ae1
|
add osvdb ref
|
2011-12-24 06:54:39 -06:00 |
steponequit
|
69570dada6
|
Add CVE-2008-2161 OpenTFTP SP 1.4 Buffer Overflow by steponequit
|
2011-12-23 16:28:36 -06:00 |
steponequit
|
84c6739921
|
added initial opentftp 1.4 windows exploit
|
2011-12-23 11:27:11 -06:00 |
sinn3r
|
41697440c7
|
Add Oracle Job Scheduler Command Execution (CreateProcessA) - Feature #6079
|
2011-12-23 01:22:39 -06:00 |
sinn3r
|
b5b24a1fbf
|
Add a check. I decided not to try to login in the check function in order to remain non-malicious.
However, this decision doesn't represent how modules should write their own check.
|
2011-12-22 13:16:54 -06:00 |
sinn3r
|
262fe75e0a
|
Add CVE-2011-4642 - Splunk Remote Code Execution (Feature #6129)
|
2011-12-22 13:04:37 -06:00 |
sinn3r
|
baaa1f6c82
|
Add US-Cert references to all these SCADA modules. The refers are based on this list:
http://www.scadahacker.com/resources/msf-scada.html
|
2011-12-20 14:07:29 -06:00 |
sinn3r
|
b58097a2a7
|
Remove junk() because it's never used
|
2011-12-17 01:28:07 -06:00 |
sinn3r
|
fae80f8d49
|
typo
|
2011-12-16 11:10:46 -06:00 |
Steve Tornio
|
1712f2aa22
|
add osvdb ref
|
2011-12-14 07:23:11 -06:00 |
Steve Tornio
|
85caabbf5d
|
add osvdb ref
|
2011-12-14 07:19:34 -06:00 |
HD Moore
|
86b3409d47
|
Actually return
|
2011-12-13 20:01:13 -06:00 |
HD Moore
|
cb456337a0
|
Handle invalid http responses better, see #6113
|
2011-12-13 19:54:10 -06:00 |
sinn3r
|
fea4bfb85c
|
Repair dead milw0rm link to exploit-db
|
2011-12-13 16:13:53 -06:00 |
sinn3r
|
c1a4c4e584
|
Repair dead milw0rm link to exploit-db
|
2011-12-13 16:13:34 -06:00 |
sinn3r
|
acef9de711
|
Repair dead milw0rm link to exploit-db
|
2011-12-13 16:13:15 -06:00 |
sinn3r
|
e7ab48693c
|
Repair dead milw0rm link to exploit-db
|
2011-12-13 16:12:57 -06:00 |
sinn3r
|
94b736c76c
|
Repair dead milw0rm link to exploit-db
|
2011-12-13 16:12:38 -06:00 |
sinn3r
|
97b74101fb
|
Repair dead milw0rm link to exploit-db
|
2011-12-13 16:12:11 -06:00 |
sinn3r
|
d246bfa4da
|
Credit Luigi Auriemma for the original discovery/poc, not Celil
|
2011-12-13 15:20:26 -06:00 |
sinn3r
|
d87d8d5799
|
Add CVE-2011-4453 (PmWiki Remote code exeuction - Feature #6103)
|
2011-12-13 11:45:24 -06:00 |
Tod Beardsley
|
a8fad72fce
|
Merge branch 'msftidy_fixup'
Merging a local msftidy cleanup branch, adding a new optional msftidy
test to check for 1.8 compat and cleaning up some whitespace /
file.open()'s.
|
2011-12-12 17:55:21 -06:00 |
Tod Beardsley
|
f402b8598b
|
Whitespace and File.open binary mode cleanups.
Fixes some recent modules: dns_fuzzer, shodan_search,
avidphoneticindexer, and win_privs.
|
2011-12-12 17:31:28 -06:00 |
sinn3r
|
32c8301c19
|
Add feature #6082 (Traq 2.3 Auth bypass remote code execution)
|
2011-12-12 15:45:19 -06:00 |
sinn3r
|
bacdbb90d7
|
ugh, stack overflow != stack buffer overflow. Also, metadata format fix.
|
2011-12-12 15:23:32 -06:00 |
sinn3r
|
5af5137241
|
Add CoDeSys SCADA bof module (#6083)
|
2011-12-12 15:21:15 -06:00 |
HD Moore
|
4736cb1cbe
|
Merge pull request #48 from swtornio/master
add osvdb ref
|
2011-12-11 20:37:43 -08:00 |
HD Moore
|
1ae12e3a23
|
Remove the default target, since module doesn't fingerprint the service
pack, this can only end in tears.
|
2011-12-10 13:31:05 -06:00 |
Steve Tornio
|
b521602d82
|
add osvdb ref
|
2011-12-10 07:49:50 -06:00 |
sinn3r
|
e043fb52c2
|
Incrase timeout
|
2011-12-08 11:21:03 -06:00 |
sinn3r
|
5afba20c21
|
Merge pull request #43 from jduck/master
Clear up how to use native payloads for tomcat_mgr_deploy
|
2011-12-06 23:01:53 -08:00 |
sinn3r
|
0e2101e4c1
|
Correct author name
|
2011-12-07 00:24:16 -06:00 |
sinn3r
|
edec6b98ee
|
Add feature #6067 Family Connections CMS 2.7.1 exploit
|
2011-12-07 00:00:56 -06:00 |
sinn3r
|
92c1065508
|
Add CVE-2004-1626 (Ability FTP Server). OSCP l337-fu :-)
|
2011-12-06 18:52:42 -06:00 |
Joshua J. Drake
|
ac7edc268a
|
Add some more clear documentation for selecting payloads for this module.
|
2011-12-05 00:35:11 -06:00 |
sinn3r
|
e524215b55
|
WTH, the date format is wrong
|
2011-12-04 15:23:31 -06:00 |
Steve Tornio
|
b75799d18d
|
=add osvdb ref
|
2011-12-02 16:50:42 -06:00 |
Steve Tornio
|
83f12c6fe0
|
=add osvdb ref
|
2011-12-02 16:46:01 -06:00 |
sinn3r
|
c8634390b7
|
Add CCMPlayer m3u exploit (Feature #6029)
|
2011-12-02 16:27:59 -06:00 |
sinn3r
|
f4b755c319
|
Add License comment (author already put 'MSF_LICENSE' in there). Also drop rank, because it doesn't cover so many targets
|
2011-12-02 15:00:39 -06:00 |
sinn3r
|
cd2bb027bf
|
Merge branch 'master' of github.com:rapid7/metasploit-framework
|
2011-12-02 14:54:53 -06:00 |
sinn3r
|
895a509bd3
|
Add Avid Media Composer 5.5 (Feature #6035)
|
2011-12-02 14:53:26 -06:00 |
Steve Tornio
|
2bb97791f7
|
Update OSVDF refs for servu module.
* Added osvdb ref to servu module.
* Fixed rhino entry in osvdb, removed comment from module.
Squashed commit of the following:
commit 80ce65253f51e07a0bcb8900402a1b3d59eaeaa1
Author: Steve Tornio <swtornio@gmail.com>
Date: Fri Dec 2 07:44:28 2011 -0600
add osvdb ref
commit 558f20d84dd705b57b7f807a5ea3815e17b6f9f5
Author: Steve Tornio <swtornio@gmail.com>
Date: Wed Nov 30 08:15:20 2011 -0600
fixed in osvdb
[Closes #39]
|
2011-12-02 13:21:41 -05:00 |
David Maloney
|
57f12cb2d8
|
Merge branch 'servu_sploit'
|
2011-12-01 11:21:32 -08:00 |
sinn3r
|
93a419c76b
|
Having nothing on the webpage may probably confuse some novice users. But I do like stealth.
|
2011-12-01 03:02:35 -06:00 |
David Maloney
|
2858cae296
|
Some quick corrections to tidy things up
|
2011-11-29 19:57:08 -08:00 |
David Maloney
|
be88f483a3
|
More Accurate Vulnerability Check
|
2011-11-29 18:38:00 -08:00 |
David Maloney
|
0dda948265
|
New Exploit for the Serv-U FTP Buffer overflow
from CVE 2004-2111
|
2011-11-29 17:34:01 -08:00 |
sinn3r
|
f26f6da74b
|
Add CVE-2011-3544 (feature #6023) Java Rhino exploit
|
2011-11-29 18:05:20 -06:00 |
sinn3r
|
6f5d64f6de
|
Merge branch 'master' of github.com:rapid7/metasploit-framework
|
2011-11-29 03:31:15 -06:00 |
sinn3r
|
34a933d499
|
Feature #5610
|
2011-11-29 03:30:49 -06:00 |
Tod Beardsley
|
f503bd9488
|
Fixes #5749 by converting to unix-style linefeeds and forcing jtr modules to read files as binary, and updating msftidy to allow for r+b as a ghetto append.
|
2011-11-28 17:52:34 -06:00 |
Rob Fuller
|
c411c216c0
|
Solved most of msftidy issues with the /modules directory
|
2011-11-28 17:10:29 -06:00 |
David Maloney
|
4a22df4014
|
Fix to the axis2 Deployer exploit to add Default Target
|
2011-11-22 10:27:38 -08:00 |
David Maloney
|
30d1451159
|
Consolidation of the Axis2 Deployer Exploits
Fixes #5276
|
2011-11-22 08:47:53 -08:00 |
sinn3r
|
e11ca43c37
|
Add feature #5680
|
2011-11-21 12:39:45 -06:00 |
sinn3r
|
76846aa578
|
Add MS10-038 (CVE-2010-0822) exploit
|
2011-11-21 11:36:47 -06:00 |
sinn3r
|
28a079f308
|
Add credit to the appropriate researcher
|
2011-11-20 02:32:45 -06:00 |
sinn3r
|
95d639ccf7
|
Change target index and names. Also retested on XP all the way to Win 7, IE 6 to IE8.
|
2011-11-20 01:44:52 -06:00 |
sinn3r
|
9c2fab0921
|
Add CVE-2010-0356 (Viscom Movie Player Pro) by tecr0c
|
2011-11-19 20:40:04 -06:00 |
sinn3r
|
30f13984ea
|
Add wireshark console.lua exploit (CVE-2011-3360)
|
2011-11-18 21:24:48 -06:00 |
sinn3r
|
fea42dbdee
|
Add feature #5872
|
2011-11-16 12:26:54 -06:00 |
David Maloney
|
c8142043e9
|
Fixes to credential handling to downcase usernames whenever they are not case sensitive.
Also report_auth_info now checks to see if a non-case sensitive version of the cred
may already exist.
|
2011-11-14 22:50:52 -08:00 |
sinn3r
|
2536cf0308
|
Add feature #5779
|
2011-11-14 01:49:26 -06:00 |
HD Moore
|
4f177acf88
|
Merge pull request #9 from swtornio/master
Add osvdb ref
|
2011-11-12 11:35:24 -08:00 |
sinn3r
|
41d746a07a
|
Add Support Incident Tracker (Feature #5964) by Juan
|
2011-11-12 12:36:21 -06:00 |
Steve Tornio
|
a0c9297500
|
add osvdb ref
|
2011-11-12 06:01:41 -06:00 |
sinn3r
|
170c4f5451
|
Fix author email format
|
2011-11-12 01:53:25 -06:00 |
sinn3r
|
b8b8732d85
|
Correct disclosure date
|
2011-11-12 01:12:28 -06:00 |
sinn3r
|
ed5bae6441
|
oops, I don't need that extra comment
|
2011-11-12 01:04:00 -06:00 |
sinn3r
|
84c5268ab4
|
Add Aviosoft DTV exploit
|
2011-11-12 01:02:40 -06:00 |
Patrick Webster
|
f54b622ad3
|
Added BID ref for amlibweb module.
|
2011-11-11 12:04:40 +11:00 |
wchen-r7
|
c569ec4a33
|
Don't really need a revision # in source
|
2011-11-09 22:10:52 -06:00 |
Wei Chen
|
32bb3af298
|
Add feature #5946
|
2011-11-09 21:49:34 -06:00 |