infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
27,989 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

7250 Commits (e242bf914fab3f2afe167bfa42f93a5b2eb9413b)

Author SHA1 Message Date
William Vu e242bf914f
Land #4031, fixes for pureftpd_bash_env_exec 2014-10-16 19:55:09 -05:00
Spencer McIntyre 09069f75c2 Fix #4019, fix NameError peer and disconnect in check 2014-10-16 08:32:20 -04:00
Tod Beardsley 9f6008e275
A couple OSVDB updates for recent modules 2014-10-14 13:39:36 -05:00
Tod Beardsley 4f8801eeba
Land #3651, local Bluetooth exploit a @KoreLogic 
This started life as #3653. I'll take this out of unstable as well,
since it got there on commit b10cbe4f
 2014-10-14 13:13:34 -05:00
Tod Beardsley b1223165d4
Trivial grammar fixes 2014-10-14 12:00:50 -05:00
Christian Mehlmauer 1584c4781c Add reference 2014-10-09 06:58:15 +02:00
jvazquez-r7 4f96d88a2f
Land #3949, @us3r777's exploit for CVE-2014-6446, wordpress infusionsoft plugin php upload 2014-10-08 16:35:49 -05:00
jvazquez-r7 66a8e7481b Fix description 2014-10-08 16:35:14 -05:00
jvazquez-r7 8ba8402be3 Update timeout 2014-10-08 16:32:05 -05:00
jvazquez-r7 bbf180997a Do minor cleanup 2014-10-08 16:29:11 -05:00
Jay Smith 7dd6a4d0d9
Merge in changes from @todb-r7. 2014-10-08 13:25:44 -04:00
jvazquez-r7 411f6c8b2d
Land #3793, @mfadzilr's exploit for CVE-2014-6287, HFS remote code execution 2014-10-08 12:16:09 -05:00
jvazquez-r7 98b69e095c Use %TEMP% and update ranking 2014-10-08 12:12:00 -05:00
jvazquez-r7 d90fe4f724 Improve check method 2014-10-08 12:03:16 -05:00
jvazquez-r7 25344aeb6a Change filename 2014-10-08 11:55:33 -05:00
jvazquez-r7 909f88680b Make exploit aggressive 2014-10-08 11:08:01 -05:00
jvazquez-r7 d02f0dc4b9 Make minor cleanup 2014-10-08 10:36:56 -05:00
jvazquez-r7 d913bf1c35 Fix metadata 2014-10-08 10:29:59 -05:00
sinn3r c5494e037d
Land #3900 - Add F5 iControl Remote Root Command Execution 2014-10-08 00:30:07 -05:00
us3r777 03888bc97b Change the check function 
Use regex based detection
 2014-10-06 18:56:01 +02:00
us3r777 29111c516c Wordpress Infusionsoft Gravity Forms CVE-2014-6446 
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for
WordPress does not properly restrict access, which allows remote
attackers to upload arbitrary files and execute arbitrary PHP
code via a request to utilities/code_generator.php.
 2014-10-06 14:10:01 +02:00
James Lee a65ee6cf30
Land #3373, recog 
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
 2014-10-03 18:05:58 -05:00
William Vu f7e709dcb3
Land #3941, new WPVDB reference 2014-10-03 10:17:02 -05:00
Christian Mehlmauer f45b89503d change WPVULNDBID to WPVDB 2014-10-03 17:13:18 +02:00
Brandon Perry 2c9446e6a8 Update f5_icontrol_exec.rb 2014-10-02 17:56:24 -05:00
Christian Mehlmauer 33b37727c7 Added wpvulndb links 2014-10-02 23:03:31 +02:00
Joe Vennix 5a8eca8946
Adds a :vuln_test option to BES, just like in BAP. 
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.

This commit also does some mild refactoring of un-
useful behavior in BES.
 2014-10-01 23:34:31 -05:00
HD Moore 0380c5e887 Add CVE-2014-6278 support, lands #3932 2014-10-01 18:25:41 -05:00
William Vu c1b0acf460
Add CVE-2014-6278 support to the exploit module 
Same thing.
 2014-10-01 17:58:25 -05:00
William Vu 5df614d39b
Land #3928, release fixes 2014-10-01 17:21:08 -05:00
Spencer McIntyre 8cf718e891 Update pureftpd bash module rank and description 2014-10-01 17:19:31 -04:00
Tod Beardsley 4fbab43f27
Release fixes, all titles and descs 2014-10-01 14:26:09 -05:00
Spencer McIntyre cf6029b2cf Remove the less stable echo stager from the exploit 2014-10-01 15:15:07 -04:00
Spencer McIntyre 632edcbf89 Add CVE-2014-6271 exploit via Pure-FTPd ext-auth 2014-10-01 14:57:40 -04:00
William Vu 9bfd013e10
Land #3923, mv misc/pxexploit to local/pxeexploit 
Also renamed typo'd pxexploit -> pxeexploit.
 2014-09-30 17:48:06 -05:00
William Vu 039e544ffa
Land #3925, rm indeces_enum 
Deprecated.
 2014-09-30 17:45:38 -05:00
sinn3r b17396931f Fixes #3876 - Move pxeexploit to local directory 2014-09-30 17:16:13 -05:00
William Vu de65ab0519
Fix broken check in exploit module 
See 71d6b37088.
 2014-09-29 23:03:09 -05:00
William Vu df44dfb01a
Add OSVDB and EDB references to Shellshock modules 2014-09-29 21:39:07 -05:00
sinn3r 8f3e03d4f2
Land #3903 - ManageEngine OpManager / Social IT Arbitrary File Upload 2014-09-29 17:53:43 -05:00
Pedro Ribeiro 533b807bdc Add OSVDB id 2014-09-29 21:52:44 +01:00
HD Moore bfadfda581 Fix typo on match string for opera_configoverwrite 2014-09-29 15:34:35 -05:00
sinn3r ffe5aafb2f
Land #3905 - Update exploits/multi/http/apache_mod_cgi_bash_env_exec 2014-09-29 15:19:35 -05:00
sinn3r 9e5826c4eb
Land #3844 - Add the JSObfu mixin to Firefox exploits 2014-09-29 11:15:14 -05:00
sinn3r ababc3d8ff
Land #3869 - HP Network Node Manager I PMD Buffer Overflow 2014-09-29 11:00:12 -05:00
Meatballs d5959d6bd6
Land #2585, Refactor Bypassuac with Runas Mixin 2014-09-28 09:24:22 +01:00
Spencer McIntyre fe12ed02de Support a user defined header in the exploit too 2014-09-27 18:58:53 -04:00
Pedro Ribeiro f20610a657 Added full disclosure URL 2014-09-27 21:34:57 +01:00
Pedro Ribeiro 030aaa4723 Add exploit for CVE-2014-6034 2014-09-27 19:33:49 +01:00
Brandon Perry 161a145ec2 Create f5_icontrol_exec.rb 2014-09-27 10:40:13 -05:00