Commit Graph

47469 Commits (b4792e08a468524b865bcae0ba737b0593796b72)

Author SHA1 Message Date
Wei Chen f02c05e530 This one is the same as cve_2018_8897_exe.rb 2018-07-12 22:09:44 -05:00
Metasploit 63fb0d744a
automatic module_metadata_base.json update 2018-07-12 20:08:32 -07:00
William Vu c9001699cd
Land #10027, Hadoop unauthed command execution 2018-07-12 21:58:49 -05:00
William Vu 50252c75d6 Clean up module
With a little rubocop -a.
2018-07-12 21:58:00 -05:00
Metasploit c62fc5e976
automatic module_metadata_base.json update 2018-07-12 17:13:23 -07:00
William Vu 2f37482535
Land #10278, gitlist_arg_injection fixes 2018-07-12 19:03:52 -05:00
Metasploit ab05c1a810
automatic module_metadata_base.json update 2018-07-12 16:35:55 -07:00
Wei Chen e613b2570a
Land #10299, Add 88 CVEs to various auxiliary and exploit modules 2018-07-12 18:26:07 -05:00
William Vu 88bbc50104 Utilize uniq to make char array more readable
Hat tip @bcoles.
2018-07-12 17:59:12 -05:00
Metasploit e3be355c25
automatic module_metadata_base.json update 2018-07-12 15:59:01 -07:00
William Vu 3ab2f6a569
Land #10298, bug fix for #10219 2018-07-12 17:49:18 -05:00
bwatters-r7 cfcb77afd0
Rename to please msftidy 2018-07-12 17:41:06 -05:00
William Vu 3546286049 Add missed ARCH_CMD to top-level Arch array
It's not necessary because of targets, but it's required for printing.
2018-07-12 17:37:06 -05:00
asoto-r7 1a3a4ef5e4
Revised 88 aux and exploit modules to add CVEs / references 2018-07-12 17:34:52 -05:00
bwatters-r7 156b822401
First stab at cve-2018-8897 2018-07-12 17:31:53 -05:00
h00die 6751d48564 A few aux module docs 2018-07-12 17:50:47 -04:00
Brendan Coles 4b62f41369 Add QNAP Q'Center change_passwd Command Execution exploit 2018-07-12 20:00:17 +00:00
William Vu 3dda19f3c6 Update documentation in cmd/unix/reverse_bash
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=146464
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/215034
2018-07-12 13:29:33 -05:00
William Vu 1f0535618d Document bareword string deprecation in php/base64 2018-07-12 13:29:33 -05:00
William Vu 378930e5f4 Prefer %w array over quoted array in php/base64
irb(main):001:0> ["(",")",".","_","c","h","r","e","v","a","l","b","s","6","4","d","o"] == %w{( ) . _ c h r e v a l b s 6 4 d o}
=> true
irb(main):002:0>
2018-07-12 13:29:33 -05:00
Metasploit 4114d5e8fa
Weekly dependency update 2018-07-12 10:05:32 -07:00
Brendan Coles 104e4cee2e
Merge branch 'master' into soundtrack_logo_module_refs 2018-07-13 03:01:33 +10:00
Brendan Coles 4df7853fd3
Merge pull request #7 from wvu-r7/pr/10283
Fuel the hype machine
2018-07-13 02:57:40 +10:00
William Vu 147f59836a Fuel the hype machine 2018-07-12 11:34:09 -05:00
Jacob Robles f30c4e0465
Land #10226, Add code randomization capabilities to Metasploit::Framework::Compiler 2018-07-12 11:20:04 -05:00
Metasploit a9728d1bf1
automatic module_metadata_base.json update 2018-07-12 09:14:02 -07:00
Brendan Coles 904de2dd09
Land #10238, Add ManageEngine Exchange Reporter Plus RCE exploit 2018-07-12 16:07:32 +00:00
William Vu e72b873f56 Fire off bind handlers when session_created? runs
Also refactor because bind handlers don't use setup_handler.
2018-07-12 10:45:59 -05:00
Wei Chen faf3adaee2 Update 2018-07-12 10:11:45 -05:00
Kacper Szurek 486225c2a8
Code review changes
Use target_uri, split url inside normalize function, replace print with vprint, return CheckCode::Appears
2018-07-12 14:27:28 +02:00
Metasploit 9c2777c6b9
automatic module_metadata_base.json update 2018-07-12 01:56:07 -07:00
William Vu aae98cb12a
Land #9780, once more with feeling
Missed the merge, lol.
2018-07-12 03:42:27 -05:00
William Vu acb20e5a29
Land #9780, CouchDB auth bypass and RCE 2018-07-12 03:36:17 -05:00
Metasploit 048c1ee7b7
automatic module_metadata_base.json update 2018-07-12 01:18:45 -07:00
Green-m 2652971c5d
Merge pull request #1 from wvu-r7/pr/9780
exploit/linux/http/apache_couchdb_cmd_exec fixes some problems.
2018-07-12 16:16:06 +08:00
William Vu a08420e0d0
Land #10286, Docker server version scanner 2018-07-12 03:08:41 -05:00
William Vu e62dbecbef Add module doc 2018-07-12 03:06:16 -05:00
William Vu cce3b6f369 Clean up module 2018-07-12 02:57:14 -05:00
William Vu f53080ee60 Fix exploit and do final cleanup 2018-07-12 02:13:30 -05:00
William Vu 167745c124 Selectively add RuboCop fixes 2018-07-11 22:49:46 -05:00
William Vu ccc3267166 Correct rubocop -a
We'll update .rubocop.yml later.
2018-07-11 22:49:46 -05:00
William Vu ca5e496b8f Run rubocop -a 2018-07-11 21:40:19 -05:00
Agora Security 7d8b9a90d7 Add more reporting 2018-07-11 17:22:48 -04:00
Agora Security 30c43e22d9 Fix typo 2018-07-11 17:04:31 -04:00
Agora Security bb8ac4a7ab Add info & update_info 2018-07-11 16:52:16 -04:00
Adam Cammack adff986908
Land #10287, Add advanced option to skip WP checks 2018-07-11 14:25:19 -05:00
Shelby Pace f855a5ab51
Land #10284, Inform the user about lack of CVE 2018-07-11 11:47:43 -05:00
Shelby Pace 70837deeb1
Land #10268, Ensure module_reference loads rb modules 2018-07-11 11:33:26 -05:00
Metasploit 147511dc66
automatic module_metadata_base.json update 2018-07-11 09:22:09 -07:00
Shelby Pace 1ded8ffb29
Land #10260, Add phpMyAdmin v4.8.1/4.8.0 LFI RCE 2018-07-11 11:10:52 -05:00