b813e4e650
Added module for CVE-2009-1831
2012-09-10 16:46:16 +02:00
64b8696e3c
Extra condition that's not actually needed
...
Don't actually need to check nil res, because no code will
actually try to access res when it's nil anyway. And the 'return'
at the of the function will catch it when the response times out.
2012-09-09 04:06:48 -05:00
cb95a7b520
Add openfiler_networkcard_exec exploit
2012-09-09 17:28:09 +09:30
f02659184a
Add WANem v2.3 command execution
2012-09-08 16:01:45 +09:30
caae54a7ca
added osvdb reference
2012-09-07 16:56:37 +02:00
aaf7fcd5e9
Closing bracket doh
2012-09-07 08:57:27 -05:00
53e4818c2e
Humble-desser, not humble-dresser
2012-09-07 08:49:27 -05:00
c572c20831
Description updated to explain conditions
2012-09-07 11:18:54 +02:00
bd596a3f39
Merge branch 'sflog_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-sflog_upload_exec
2012-09-06 18:40:19 -05:00
86036737ca
Apparently this app has two different names
...
People may either call the app "ActiveFax", or "ActFax". Include
both names in there to allow the module to be more searchable.
2012-09-06 18:38:03 -05:00
6a484cdbc5
Merge branch 'actfax_local_exploit' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-actfax_local_exploit
2012-09-06 18:35:08 -05:00
b4270bb480
Add OSVDB-83767: SFlog Upload Exec Module
...
This module exploits multiiple flaws in SFlog!. By default, the
CMS has a default admin cred of "admin:secret", which can be
abused to access admin features such as blog management. Through
the management interface, we can upload a backdoor that's accessible
by any remote user, and then we gain code execution.
2012-09-06 18:30:45 -05:00
fc1c1c93ba
ZDI references fixed
2012-09-07 00:50:07 +02:00
4985cb0982
Added module for ActFac SYSTEM Local bof
2012-09-07 00:45:08 +02:00
65681dc3b6
added osvdb reference
2012-09-06 13:56:52 +02:00
b4113a2a38
hp_site_scope_uploadfileshandler is now multiplatform
2012-09-06 12:54:51 +02:00
270fa1b87b
updated descriptions for hp sitescope modules tested over linux
2012-09-05 23:25:08 +02:00
9531c95627
Adding BID
2012-09-05 15:04:05 -05:00
ff97b1da00
Whitespace EOL
2012-09-05 14:04:20 -05:00
43041e3a0a
Merge branch 'hp_sitescope_uploadfileshandler' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_uploadfileshandler
2012-09-05 14:03:24 -05:00
6705f5405e
Merge branch 'symantec_smg_ssh_pass' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-symantec_smg_ssh_pass
2012-09-05 14:00:55 -05:00
bed3c7bbac
Merge branch 'hp_sitescope_loadfilecontent_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_loadfilecontent_fileaccess
2012-09-05 13:59:49 -05:00
2f87af1c3a
add some checks while parsing the java serialization config file
2012-09-05 20:58:55 +02:00
598fdb5c50
Merge branch 'hp_sitescope_getsitescopeconfiguration' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_getsitescopeconfiguration
2012-09-05 13:58:39 -05:00
41904891c9
Merge branch 'hp_sitescope_getfileinternal_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_getfileinternal_fileaccess
2012-09-05 13:57:39 -05:00
b2116e2394
cleanup, test, add on_new_session handler and osvdb references
2012-09-05 20:54:25 +02:00
bbab206eac
Add CVE-2012-3579 - Symantec Messaging Gateway 9 Default SSH Pass
...
This module exploits a default misconfig flaw on Symantec Messaging
Gateway 9.5 (or older). The "support" user has a known default
password, which can be used to login to the SSH service, and then
gain privileged access from remote.
2012-09-05 13:21:10 -05:00
20655232d7
cleanup, tested and added osvdb reference
2012-09-05 20:03:46 +02:00
c6f5b1f072
cleanup, test, osvdb reference
2012-09-05 19:56:04 +02:00
ea2eb046c3
cleanup, final test, osvdb reference
2012-09-05 19:45:50 +02:00
406202fc81
Added module for ZDI-12-174
2012-09-05 12:56:09 +02:00
166f68b194
added module for ZDI-12-177
2012-09-05 12:54:30 +02:00
534ab55e5c
Added module for ZDI-12-173
2012-09-05 12:53:03 +02:00
8a50ca2f47
Added module for ZDI-12-176
2012-09-05 12:51:25 +02:00
8fce975593
Aux module raise an error because Report module is not included in the source
2012-09-05 10:38:36 +02:00
c7de73e7bf
Clean up SVN metadata
2012-09-04 19:36:10 -05:00
7b8ab53661
Use :unique_data option for dns.enum reporting
...
Otherwise, you will only report the last thing that comes through on
that host for the dns.enum note type.
2012-09-04 19:32:29 -05:00
2edf4a676a
Merge remote branch 'bonsaiviking/axfr' into bonsai-afxr
2012-09-04 16:16:41 -05:00
b8132cae5c
Add the redistribution comment splat
2012-09-04 15:58:43 -05:00
15f1dd8525
Moving greetz to Author fields
2012-09-04 15:58:43 -05:00
6e7cbe793c
Spamguard e-mail addresses, make auth name consistent
2012-09-04 15:58:43 -05:00
a925eef070
Removed meterpreter reference from desc
...
This post module relies on meterpreter as a SessionType, but the
description shouldn't call this out specifically.
2012-09-04 15:58:42 -05:00
ba0de5acd9
Retitled for consistency and accuracy
2012-09-04 15:58:42 -05:00
f80abaf0d1
Dropping trailing whitespace
2012-09-04 15:58:42 -05:00
69b2f95a6f
small update
2012-09-04 15:58:42 -05:00
cac1e0a585
small update
2012-09-04 15:58:42 -05:00
e1da14f786
access database with local os admin privs
2012-09-04 15:58:42 -05:00
a08d2359d7
access database with local os admin privs
2012-09-04 15:58:42 -05:00
114ade6bea
applied todb requested fixes, and added sql 2k support
2012-09-04 15:58:42 -05:00
6cd6f9d5d1
minor comment updates
2012-09-04 15:58:42 -05:00
jvazquez-r7
sinn3r
bcoles
Tod Beardsley
Cristiano Maruti
nullbind