Commit Graph

564 Commits (c7c1fcfa9860774c8850495d9bd09bbad9733369)

Author SHA1 Message Date
jvazquez-r7 c18c41d8ea Don't hidde exceptions 2013-09-16 09:26:13 -05:00
jvazquez-r7 86e5163cad Fix Indentation and cleanup 2013-09-16 09:19:26 -05:00
jvazquez-r7 62cf9cb07c Retab changes for PR #2188 2013-09-16 09:09:16 -05:00
jvazquez-r7 842dba20b9 Merge for retab 2013-09-16 09:08:36 -05:00
jvazquez-r7 c665f41cd6 Fix description 2013-09-13 09:09:14 -05:00
sinn3r ac90cd1263 Land #2248 - Fix dlink upnp exec noauth 2013-09-12 15:10:20 -05:00
sinn3r 5aa6a0dd6b Land #2346 - Sophos Web Protection Appliance sblistpack Arbitrary Command Execution 2013-09-12 14:19:02 -05:00
sinn3r 8db66aeb98 Yes, clearly it is. 2013-09-12 14:16:34 -05:00
jvazquez-r7 bf40dc02ce Add module for CVE-2013-4984 2013-09-09 23:27:24 -05:00
jvazquez-r7 c3ff9a03d8 Add module for CVE-2013-4983 2013-09-09 23:26:10 -05:00
Tab Assassin f780a41f87 Retab changes for PR #2248 2013-09-05 14:12:24 -05:00
Tab Assassin 554d1868ce Merge for retab 2013-09-05 14:12:18 -05:00
Tab Assassin 845bf7146b Retab changes for PR #2304 2013-09-05 13:41:25 -05:00
Tab Assassin adf9ff356c Merge for retab 2013-09-05 13:41:23 -05:00
Tab Assassin 896bb129cd Retab changes for PR #2325 2013-09-05 13:24:09 -05:00
Tab Assassin 5ff25d8b96 Merge for retab 2013-09-05 13:23:25 -05:00
James Lee 50c6f26329 Don't deregister PrependFork 2013-09-05 10:50:36 -05:00
James Lee b913fcf1a7 Add a proper PrependFork for linux
Also fixes a typo bug for AppendExit
2013-09-04 00:15:07 -05:00
Tab Assassin 84aaf2334a Retab new material 2013-09-03 11:47:26 -05:00
Tab Assassin 0c1e6546af Update from master 2013-09-03 11:45:39 -05:00
sinn3r c4aa557364 Land #2292 - Fix the way to get a session over a telnet connection 2013-08-31 00:29:25 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
James Lee 63adde2429 Fix load order in posts, hopefully forever 2013-08-29 13:37:50 -05:00
James Lee feae4a41e7 I don't like end-of-line comments 2013-08-28 12:42:26 -05:00
jvazquez-r7 0bfc12ada1 Fix the way to get a session over a telnet connection 2013-08-27 11:38:49 -05:00
jvazquez-r7 93c46c4be5 Complete the Author metadata 2013-08-26 23:29:16 -05:00
jvazquez-r7 e1e889131b Add references and comments 2013-08-26 23:26:13 -05:00
James Lee 63786f9e86 Add local exploit for taviso's vmware privesc 2013-08-26 21:06:40 -05:00
jvazquez-r7 7b555679e6 Really delete the telnet target 2013-08-19 15:06:47 -05:00
jvazquez-r7 d64c8748e8 Fix descriptions and names 2013-08-19 15:05:27 -05:00
jvazquez-r7 232289d500 Add new module to exploit to through telnet dlink_upnp_exec_noauth 2013-08-19 15:01:29 -05:00
jvazquez-r7 846925e3ba Delete telnet target from dlink_upnp_exec_noauth 2013-08-19 14:56:12 -05:00
m-1-k-3 c902b0ea4b removed user and pass option 2013-08-19 18:07:11 +02:00
m-1-k-3 5fc806e3e0 little fixes 2013-08-18 16:18:27 +02:00
m-1-k-3 9ae977ec80 Merge branch 'raidsonic_telnet' of https://github.com/jvazquez-r7/metasploit-framework into raidsonic-ib5220-exec
Conflicts:
	modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb
2013-08-18 15:56:39 +02:00
sinn3r 462ccc3d36 Missed these little devils 2013-08-15 16:50:13 -05:00
HD Moore 6c1ba9c9c9 Switch to Failure vs Exploit::Failure 2013-08-15 14:14:46 -05:00
jvazquez-r7 7a8bafd82c Beautify 2013-08-14 13:50:08 -05:00
jvazquez-r7 90aec6cff5 Fix telnet negotiation for the raidsonic case 2013-08-14 13:38:51 -05:00
jvazquez-r7 178a7b0dbb Fix author's email format 2013-08-14 11:56:47 -05:00
jvazquez-r7 2a4b8e4a64 Add useful comment 2013-08-14 11:49:32 -05:00
jvazquez-r7 e6c36864c4 Fix telnet related stuff 2013-08-14 11:47:57 -05:00
m-1-k-3 6b87240323 thx to juan ... session stuff looks better 2013-08-14 16:51:09 +02:00
jvazquez-r7 f2e5092fd5 Add module for ZDI-13-179 2013-08-10 18:44:33 -05:00
sinn3r 5436ec7dd3 Title change for dlink_dir300_exec_telnet
Title change for dlink_dir300_exec_telnet. Also correct the email
format.
2013-08-09 15:41:50 -05:00
jvazquez-r7 74eeacf9f2 Fix regex 2013-08-08 08:40:45 -05:00
jvazquez-r7 821673c4d2 Try to fix a little description 2013-08-07 10:26:39 -05:00
jvazquez-r7 33ac0c5c3f Make exploit more print friendly 2013-08-07 10:21:14 -05:00
jvazquez-r7 32436973e4 Land #2192, @m-1-k-3's exploit for OSVDB-89861 2013-08-07 10:16:49 -05:00
jvazquez-r7 ae685ac41d Beautify description 2013-08-07 09:52:29 -05:00
jvazquez-r7 afb8a95f0a Land #2179, @m-1-k-3's exploit for OSVDB-92698 2013-08-07 09:00:41 -05:00
m-1-k-3 885417c9d9 removing config file from target 2013-08-06 15:11:54 +02:00
m-1-k-3 dd35495fb8 dir 300 and 600 auxiliary module replacement 2013-08-05 22:28:59 +02:00
m-1-k-3 786f16fc91 feedback included 2013-08-05 21:55:30 +02:00
m-1-k-3 2efc2a79bf fail with 2013-08-05 21:41:28 +02:00
Tod Beardsley e7206af5b5 OSVDB and comment doc fixes 2013-08-05 09:08:17 -05:00
m-1-k-3 34134b2e11 feedback included 2013-08-04 14:45:55 +02:00
m-1-k-3 b8ed364cb8 telnet user working 2013-08-03 15:07:10 +02:00
m-1-k-3 62e3c01190 raidsonic nas - command execution 2013-08-02 21:04:19 +02:00
m-1-k-3 a19afd163a feedback included 2013-08-02 17:30:39 +02:00
m-1-k-3 15906b76db dir300 and 615 command injection 2013-07-31 14:36:51 +02:00
m-1-k-3 6b514bb44a dir300 and 615 command injection telnet session 2013-07-31 14:34:03 +02:00
sinn3r 5efcbbd474 Land #2167 - PineApp Mail-SeCure livelog.html Exec 2013-07-29 13:18:18 -05:00
sinn3r 7967426db1 Land #2166 - PineApp Mail-SeCure ldapsyncnow.php EXEC 2013-07-29 13:16:42 -05:00
jvazquez-r7 a1d9ed300e Add module for ZDI-13-184 2013-07-28 09:57:41 -05:00
jvazquez-r7 f4e35b62ac Add module for ZDI-13-185 2013-07-27 12:12:06 -05:00
jvazquez-r7 fab9d33092 Fix disclosure date 2013-07-27 12:10:21 -05:00
jvazquez-r7 ac7bb1b07f Add module for ZDI-13-188 2013-07-27 03:25:39 -05:00
Tod Beardsley 147d432b1d Move from DLink to D-Link 2013-07-23 14:11:16 -05:00
jvazquez-r7 af1bd01b62 Change datastore options names for consistency 2013-07-22 16:57:32 -05:00
Tod Beardsley 5e55c506cd Land #2140, add CWS as a first-class reference. 2013-07-22 13:50:38 -05:00
Tod Beardsley 164153f1e6 Minor updates to titles and descriptions 2013-07-22 13:04:54 -05:00
jvazquez-r7 77e8250349 Add support for CWE 2013-07-22 12:13:56 -05:00
jvazquez-r7 6158415bd3 Clean CWE reference, will ad in new pr 2013-07-22 12:03:55 -05:00
jvazquez-r7 da4fda6cb1 Land #2110, @rcvalle's exploit for Foreman Ruby Injection 2013-07-22 12:02:43 -05:00
Ramon de C Valle 04e9398ddd Fix CSRF regular expressions as per review 2013-07-22 13:10:56 -03:00
jvazquez-r7 de6e2ef6f4 Final cleanup for dlink_upnp_exec_noauth 2013-07-22 10:53:09 -05:00
jvazquez-r7 c1c72dea38 Land @2127, @m-1-k-3's exploit for DLink UPNP SOAP Injection 2013-07-22 10:52:13 -05:00
Ramon de C Valle 11ef4263a4 Remove call to handler as per review 2013-07-22 12:49:42 -03:00
jvazquez-r7 4beea52449 Use instance variables 2013-07-19 14:46:17 -05:00
Ramon de C Valle 6761f95892 Change print_error/ret to fail_with as per review 2013-07-19 12:19:29 -03:00
m-1-k-3 e93eef4534 fixing server header check 2013-07-19 08:00:02 +02:00
m-1-k-3 f26b60a082 functions and some tweaking 2013-07-19 07:57:27 +02:00
jvazquez-r7 a1a6aac229 Delete debug code from mutiny_frontend_upload 2013-07-18 14:03:19 -05:00
Ramon de C Valle 8fd6dd50de Check session and CSRF variables as per review 2013-07-16 14:30:55 -03:00
Ramon de C Valle dc51c8a3a6 Change URIPATH option to TARGETURI as per review 2013-07-16 14:27:47 -03:00
Ramon de C Valle 3dbe8fab2c Add foreman_openstack_satellite_code_exec.rb
This module exploits a code injection vulnerability in the 'create'
action of 'bookmarks' controller of Foreman and Red Hat
OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier).
2013-07-16 12:07:31 -03:00
m-1-k-3 f594c4b128 small cleanup 2013-07-15 08:48:18 +02:00
m-1-k-3 393c1b2a99 session stuff 2013-07-15 07:57:30 +02:00
m-1-k-3 a6b48f3082 HTTP GET 2013-07-14 19:02:53 +02:00
m-1-k-3 9f65264af4 make msftidy happy 2013-07-14 15:45:14 +02:00
m-1-k-3 47ca4fd48f session now working 2013-07-14 15:42:41 +02:00
m-1-k-3 9133dbac4a some feedback included and some playing 2013-07-14 14:14:06 +02:00
m-1-k-3 49c70911be dlink upnp command injection 2013-07-09 13:24:12 +02:00
sinn3r 4df943d1a2 CVE and OSVDB update 2013-06-25 02:06:20 -05:00
jvazquez-r7 b86b4d955a Make random strings also length random 2013-06-24 12:01:30 -05:00
jvazquez-r7 6672679530 Add local privilege escalation for ZPanel zsudo abuse 2013-06-23 11:00:39 -05:00
James Lee 81b4efcdb8 Fix requires for PhpEXE
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
Tod Beardsley f58e279066 Cleanup on module names, descriptions. 2013-06-10 10:52:22 -05:00
sinn3r f55edac0ca Title and description update 2013-06-07 22:38:53 -05:00