William Vu
cd448ba46c
Land #3132 , ntp_monlist improvements
2014-03-25 15:19:45 -05:00
William Vu
12bdd8bd91
Land #3142 , MIPS payloads cleanup
2014-03-25 15:16:26 -05:00
Joe Vennix
33651d0753
Fix formatting of hash options.
2014-03-25 14:43:53 -05:00
Joe Vennix
c8784168d5
Fix references and whitespace in mips payloads.
2014-03-25 14:39:27 -05:00
William Vu
1c4797337f
Clean up rapid7/metasploit-framework#3132
2014-03-25 14:04:43 -05:00
jvazquez-r7
c72c96f0e0
Land #3138 , @rcvalle's exploit for CVE-2013-2143
2014-03-25 13:36:03 -05:00
jvazquez-r7
d83f665466
Delete commas
2014-03-25 13:34:02 -05:00
joev
1ac3944627
Merge branch 'landing-pr-3095' into upstream-master
2014-03-25 10:56:42 -05:00
joev
1680f9cc5d
Land PR #3127 , @m-1-k-3's mipsbe reboot payload, into master
2014-03-25 10:44:37 -05:00
jvazquez-r7
ee4ee2fcca
Land #3139 , @wchen-r7's support to detect mshtml build
2014-03-25 09:13:44 -05:00
Ramon de C Valle
e27adf6366
Fix msftidy warnings
2014-03-25 10:39:40 -03:00
sinn3r
85c0c8bb70
Add support to detect mshtml build
...
Some IE vulns are build-specific, in that case we need a way to
detect the build version. On IE9 and newer, the build version is
the same as the one you see in WinDBG when you do lmv m mshtml.
On IE8, it returns something else I don't know.
2014-03-25 03:31:08 -05:00
Michael Messner
50efd0b5d0
change name and filename and file included
2014-03-25 09:13:04 +01:00
Michael Messner
a9952fa294
change name and filename
2014-03-25 09:11:16 +01:00
Michael Messner
fca4425f95
feedback
2014-03-25 09:09:13 +01:00
Ramon de C Valle
473f745c3c
Add katello_satellite_priv_esc.rb
...
This module exploits a missing authorization vulnerability in the
"update_roles" action of "users" controller of Katello and Red Hat
Satellite (Katello 1.5.0-14 and earlier) by changing the specified
account to an administrator account.
2014-03-24 23:44:44 -03:00
sinn3r
0c3a535434
Land #3133 - LifeSize UVC Authenticated RCE via Ping
2014-03-24 21:16:10 -05:00
sinn3r
53b25c8c93
Fix header & author e-mail format
2014-03-24 21:15:27 -05:00
Brandon Perry
d2a9a26bc8
real fix for sinn3r bug
2014-03-24 18:40:48 -05:00
Brandon Perry
ec35f4b13f
some bugs for sinn3r
2014-03-24 18:17:50 -05:00
Tod Beardsley
8082884e07
Land #3137 , un-default USER_AS_PASS and...
...
...BLANK_PASSWORDS. This is likely to affect nobody's normal work flow,
since best practice is to be explicit about your options in your RC
files.
2014-03-24 16:45:05 -05:00
William Vu
8b2ee4eb8c
Disable BLANK_PASSWORDS and USER_AS_PASS
...
They're as obnoxious as DB_ALL_* when enabled by default.
2014-03-24 15:51:35 -05:00
William Vu
f12171d1a0
Land #3136 , release fixes
2014-03-24 12:24:07 -05:00
Tod Beardsley
cfdd64d5b1
Title, description grammar and spelling
2014-03-24 12:16:59 -05:00
Tod Beardsley
cd9182c77f
Msftidy warning fix on Joomla module.
...
Pre-commit hooks people.
2014-03-24 12:03:12 -05:00
jvazquez-r7
c7ba7e4d92
Land #3131 , @xistence's exploit for CVE-2014-1903
2014-03-24 08:48:06 -05:00
jvazquez-r7
c3b753f92e
Make PHPFUNC advanced option
2014-03-24 08:47:31 -05:00
jvazquez-r7
4f333d84c9
Clean up code
2014-03-24 08:15:54 -05:00
Brandon Perry
d6f397ab6d
whoops that isn't how you EDB
2014-03-22 11:48:41 -05:00
Brandon Perry
291692d6e0
Update lifesize_uvc_ping_rce.rb
2014-03-22 11:30:00 -05:00
Brandon Perry
67a3a7227b
Create lifesize_uvc_ping_rce.rb
2014-03-21 21:33:12 -05:00
sinn3r
13f5c22536
Land #3129 - Fix 2782 with 2961 and stop stack-tracing download_exec
2014-03-21 11:36:59 -05:00
Matteo Cantoni
4b2a2d4dea
Improve NTP monlist auxiliary module
2014-03-21 16:39:53 +01:00
xistence
c4f0d8e179
FreePBX config.php RCE CVE-2014-1903
2014-03-21 10:29:15 +07:00
James Lee
0a141f1c02
Land #2810 , masked password format switcheroo
2014-03-20 15:12:12 -05:00
David Maloney
c4a9b4fda0
Land #3128 , Put loot in correct workspace
2014-03-20 14:11:17 -05:00
sinn3r
b02337d8b6
Land #3123 - Horde Framework Unserialize PHP Code Execution
2014-03-20 12:32:14 -05:00
James Lee
c453bde08b
Land #3125 , fix zip imports
2014-03-20 12:27:13 -05:00
Tod Beardsley
3d3681801a
Fix linux download_exec for #2961
...
Note! This module already seems pretty broken, in that it doesn't appear
to correctly locate curl or wget. Will open another bug on that.
[See RM #8777 ]
2014-03-20 12:09:38 -05:00
sinn3r
0c4b71c8bf
Land #3094 - Joomla weblinks-categories Unauth SQLI Arbitrary File Read
2014-03-20 12:08:18 -05:00
sinn3r
93ad818358
Fix header and e-mail format for author
2014-03-20 12:07:50 -05:00
jvazquez-r7
48c62992cb
Land #3124 , @wchen-r7's new checks for os.js
2014-03-20 11:31:29 -05:00
jvazquez-r7
a5afd929b4
Land #3120 , @wchen-r7's exploit for CVE-2014-0307
2014-03-20 11:16:40 -05:00
jvazquez-r7
8cb7bc3cbe
Fix typo
2014-03-20 11:13:57 -05:00
Tod Beardsley
4d3f871e9d
Land #2961 , get_env and get_envs Post mixin
...
This unbreaks the changes introduced by #2782 by introducing
get_env and get_envs for shell sessions (not just meterpreter sessions).
2014-03-20 10:53:50 -05:00
Trevor Rosen
dd4b16ad60
Remove some dead code
2014-03-20 09:38:14 -05:00
Trevor Rosen
dc85a99fbd
report_loot now sets proper Mdm::Workspace
...
* Uses an Mdm::Workspace when passed one in conf hash
2014-03-20 09:27:09 -05:00
Michael Messner
4f1404eecc
reboot payload for mipsbe
2014-03-20 12:37:58 +01:00
Samuel Huckins
33ca577010
Zip Workspace imports now working.
...
MSP-9531
* Was trying to delete XML file, not sure why, running into permission
error
* General clarification and cleanup
2014-03-19 22:53:15 -05:00
sinn3r
c5158a3ccc
Update CVE
2014-03-19 22:13:23 -05:00