4ca4d82d89
Land #2939 , @Meatballs1 exploit for Wikimedia RCE and a lot more...
2014-02-18 17:48:02 -06:00
721e153c7f
Land #3005 to the fixup-release branch
...
Prefer the intel on #3005 over my own made up 0day guess. Thanks @wvu!
Conflicts:
modules/exploits/windows/fileformat/audiotran_pls_1424.rb
2014-02-18 14:08:54 -06:00
a863d0a526
Pre-release fixes, including msftidy errors.
2014-02-18 14:02:37 -06:00
3a8de6e124
replaced rhost by peer
2014-02-18 21:01:50 +01:00
28dc742bcf
Fix references and disclosure date
2014-02-18 13:59:58 -06:00
c216357815
Land #3000 , audiotran_pls_1424 SEH exploit
2014-02-18 13:27:14 -06:00
66e2148197
linksys themoon command execution exploit
2014-02-18 19:43:47 +01:00
4dda7e6bad
linksys themoon command execution exploit
2014-02-18 19:42:50 +01:00
57449ac719
Adds working shellcode exec local exploit.
2014-02-17 15:31:45 -06:00
98958bc7bc
Making audiotran_pls_1424 more readable and adding comments
2014-02-17 13:40:03 -05:00
52ac85be11
Land #2931 - Oracle Forms and Reports RCE
2014-02-17 08:54:23 -06:00
110ffbf342
Indent looks off for this line
2014-02-17 08:53:29 -06:00
632ea05688
100 columns
2014-02-17 08:52:56 -06:00
8da7ba131b
In case people actually don't know what RCE means
2014-02-17 08:51:48 -06:00
73459baefd
Add OSVDB references
2014-02-17 08:50:34 -06:00
fb7b938f8e
check func fixed
2014-02-17 15:11:56 +01:00
c60ea58257
added audiotran_pls_1424 fileformat for Windows
2014-02-16 16:20:50 -05:00
e27d98368e
fixed local server issues
2014-02-16 18:26:08 +01:00
e40b9e5f37
updated and improved
2014-02-16 16:24:39 +01:00
74344d6c7e
vtigerolservice.php to vtigerservice.php
...
using direct soap/vtigerolservice.php not work..php need require('config.php');
2014-02-15 20:36:36 -05:00
b7d69c168c
bugfix and user supplied local path support
2014-02-15 16:24:59 +01:00
9daffbd484
Land #2973 - Dexter panel (CasinoLoader) SQLi to file upload code exec
2014-02-14 17:16:27 -06:00
48199fec27
Change URL identifier, and make the user choose a target
2014-02-14 17:15:00 -06:00
745f313413
Remove @nmonkee as author per twitter convo
2014-02-13 14:41:10 -06:00
371f23b265
Unbreak the URL refs add nmonkee as ref and author
...
While @nmonkee didn't actually contribute to #2942 , he did publish a
python exploit that leverages WebView, so given our policy of being
loose with author credit, I added him.
Also added a ref to @nmonkee's thing.
@jduck @jvennix-r7 if you have a problem with this, please do say so, I
don't think adding @nmonkee in any way diminishes your work, and I don't
want to appear like we're secretly ripping off people's work. I know you
aren't on this or any other module, and I know @nmonkee doesn't think
that either.
2014-02-13 14:19:59 -06:00
ff267a64b1
Have into account the Content-Transfer-Encoding header
2014-02-12 12:40:11 -06:00
45d4b1e1fd
Land #2958 - Add options: Applicaiton-Name, Permissions for jar.rb
2014-02-12 11:14:25 -06:00
a59ce95901
Land #2970 , @sgabe exploit for CVE-2010-2343
2014-02-12 08:10:53 -06:00
9845970e12
Use pop#ret to jump over the overwritten seh
2014-02-12 08:10:14 -06:00
11513d94f5
Add Juan as author
2014-02-12 12:17:02 +01:00
3283880d65
Partially revert "Replace unnecessary NOP sled with random text" to improve reliability.
...
This partially reverts commit 12471660e9
2014-02-12 12:09:16 +01:00
7195416a04
Increase the size of the NOP sled
2014-02-12 02:35:53 +01:00
3f09456ce8
Minor code formatting
2014-02-11 23:53:04 +01:00
7fc3511ba9
Remove unnecessary NOPs
2014-02-11 23:48:54 +01:00
12471660e9
Replace unnecessary NOP sled with random text
2014-02-11 23:48:04 +01:00
184ccb9e1e
Fix payload size
2014-02-11 23:42:58 +01:00
783e62ea85
Applied changes from @wchen-r7's comments
2014-02-11 10:14:52 -08:00
3717374896
Fix and improve reliability
2014-02-11 10:44:58 -06:00
51df2d8b51
Use the fixed API on the mediawiki exploit
2014-02-11 08:28:58 -06:00
79d559a0c9
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
e8a3984c85
Fix ROP NOP address and reduce/remove NOPs
2014-02-11 00:29:37 +01:00
e6905837eb
Land #2960 , rand_text_alpha for amaya_bdo
2014-02-10 16:44:11 -06:00
13fadffe7e
Dexter panel (CasinoLoader) SQLi to PHP code exec - Initial
2014-02-10 13:44:30 -08:00
a87f604c98
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-10 21:43:56 +00:00
1236a4eb07
Fixup on description and some option descrips
2014-02-10 14:41:59 -06:00
3d4d5a84b6
Land #2957 , @zeroSteiner's exploit for CVE-2013-3881
2014-02-10 13:59:45 -06:00
502dbb1370
Add references
2014-02-10 13:55:02 -06:00
08b6f74fb4
Add module for CVE-2010-2343
2014-02-10 20:46:09 +01:00
abb03d0bbe
Fixing messages
2014-02-10 13:10:42 -06:00
541bb6134e
Change exploit filename
2014-02-10 13:06:23 -06:00
2e130ce843
Make it work with Reader Sandbox
2014-02-10 13:04:13 -06:00
7c43565ea8
Include missing require for powershell
2014-02-10 11:02:53 -06:00
8ece4a7750
Delete debug print
2014-02-10 08:57:45 -06:00
57320a59f1
Do small clean up for mediawiki_thumb pr
2014-02-10 08:57:09 -06:00
0ac1acda70
Upgrade toolchain to Visual Studio 2013 v120.
2014-02-10 09:35:07 -05:00
c96116b193
Land #2949 - Add module Kloxo SQLi
2014-02-08 13:45:11 -06:00
32c02dd56a
Added some randomness
2014-02-08 11:27:25 +08:00
dcff06eba1
More verbose failure messages
2014-02-07 23:59:28 +00:00
66cb97305c
Land #2953 - KingScada kxClientDownload.ocx ActiveX Remote Code Exec
2014-02-07 17:41:35 -06:00
bd23fcf4b7
Land #2936 - Windows Command Shell Upgrade (Powershell)
2014-02-07 17:39:06 -06:00
783a986a19
Windows and auto target up and running
2014-02-07 23:26:57 +00:00
a0f47f6b2b
Correct error check logic
2014-02-07 22:06:53 +00:00
443a51bbf5
Undo revert from merge
2014-02-07 21:28:04 +00:00
56359aa99f
Merge changes from other dev machine
2014-02-07 21:22:44 +00:00
a4cc75bf98
Potential .pdf support
2014-02-07 20:37:44 +00:00
e13520d7fb
Handle a blank filename
2014-02-07 20:15:32 +00:00
103780c3da
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-07 20:07:04 +00:00
c679b1001b
Make pring_warning verbose
2014-02-07 10:23:07 -06:00
2d93b38e2a
Fixed java_signed_applet for Java 7u51
2014-02-07 16:29:50 +01:00
f686385349
Remove an unnecessary VS file and modify version check.
2014-02-07 08:45:51 -05:00
a18de35fa7
Add module for ZDI-14-011
2014-02-06 18:25:36 -06:00
cc32c877a9
Add CVE-2013-3881 win32k Null Page exploit
2014-02-06 17:23:38 -05:00
4b37cc7243
Land #2927 , PandoraFMS anyterm exploit
2014-02-06 15:22:23 -06:00
4236abe282
Better SIGHUP handling
2014-02-06 15:21:54 -06:00
19fff3c33e
Land #2942 , @jvennix-r7's Android awesomesauce
...
Also, thanks to @jduck for testing!
2014-02-06 11:53:11 -06:00
362e937c8d
Forgot to push local changes.
2014-02-06 11:47:35 -06:00
0dc2ec5c4d
Use BrowserExploitServer mixin.
...
This prevents drive-by users on other browsers from ever receiving
the exploit contents.
2014-02-06 11:32:42 -06:00
fdb954fdfb
Report credentials
2014-02-05 14:37:33 -06:00
631559a2e8
Add module for Kloco SQLi
2014-02-05 14:18:56 -06:00
553616b6cc
Add URL for browser exploit.
2014-02-04 17:04:06 -06:00
89e1bcc0ca
Deprecate modules with date 2013-something
...
These modules had an expiration date of 2013.
2014-02-04 14:49:18 -06:00
23fc73924e
Msftidy it up.
2014-02-04 14:24:36 -06:00
a58698c177
Land #2922 , multithreaded check command
2014-02-04 11:21:05 -06:00
0a3cb3377f
AppendEncoder
2014-02-04 15:41:10 +00:00
26c506da42
Naming of follow method
2014-02-04 15:25:51 +00:00
f5fa3fb5ce
Windows compat, fixed PHP-CLI
2014-02-04 14:27:10 +00:00
64d11e58c2
Use semicolon for win compat
2014-02-04 13:53:33 +00:00
700e09f386
Wording tweak.
2014-02-04 02:55:10 -06:00
bbabd72b0e
Whitespace tweaks.
2014-02-04 02:52:52 -06:00
eb6a5a4c19
Tweak checks.
2014-02-04 02:49:44 -06:00
4923a93974
Tweak description.
2014-02-04 02:47:49 -06:00
37479884a5
Add browserautopwn support.
2014-02-04 02:32:12 -06:00
eba3a5aab0
More accurate description.
2014-02-04 01:44:39 -06:00
177bd35552
Add webview HTTP exploit.
2014-02-04 01:37:09 -06:00
2fd8257c7e
Use bperry's trigger
2014-02-04 00:51:34 +00:00
a8ff6eb429
Refactor send_request_cgi_follow_redirect
2014-02-03 21:49:49 +00:00
83925da2f1
Refactor form_data code
2014-02-03 21:16:58 +00:00
7e2a9a7072
More desc fixes, add a vprint to give a hint
2014-02-03 13:18:52 -06:00
d34020115a
Fix up on apache descs and print_* methods
2014-02-03 13:13:57 -06:00
08493f2670
Merge remote-tracking branch 'upstream/master' into upgrade_psh
...
Conflicts:
lib/msf/core/post/file.rb
2014-02-03 18:02:09 +00:00
50f860757b
Changes made to pandora_fms_exec module as requested
2014-02-03 14:10:27 +07:00
67c18d8d2d
I had a problem, then I used regex.
2014-02-02 22:19:54 +00:00
95eb758642
Initial commit
2014-02-02 19:04:38 +00:00
57f4998568
Better failures and handle unconfigured server
2014-02-02 16:26:22 +00:00
9fa9402eb2
Better check and better follow redirect
2014-02-02 16:07:46 +00:00
0d3a40613e
Add auto 30x redirect to send_request_cgi
2014-02-02 15:03:44 +00:00
8b33ef1874
Not html its form-data...
2014-02-02 13:57:29 +00:00
7ddc6bcfa5
Final tidyup
2014-02-01 01:05:02 +00:00
486a9d5e19
Use msf branded djvu
2014-02-01 00:37:28 +00:00
fd1a507fda
Rename file
2014-02-01 00:27:32 +00:00
700c6545f0
Polished
2014-02-01 00:26:55 +00:00
a5bff638c5
Remove EOL spaces
2014-01-31 15:01:03 -06:00
5a883a4477
updated
2014-01-31 21:59:26 +01:00
7fa1522299
Initial commit
2014-01-31 18:51:18 +00:00
b67ac39a33
Land #2921 - Apache Struts Developer Mode OGNL Execution
2014-01-31 12:06:58 -06:00
60ead5de43
Explain why we flag the vuln as "Appears" instead of vulnerable
2014-01-31 12:05:58 -06:00
2fca2da9f7
Add an vprint message on check
2014-01-31 11:57:20 -06:00
356692f2f5
Land #2923 , @rangercha tomcat deploy module compatible with tomcat8
2014-01-31 10:53:53 -06:00
a010748056
Land #2924 , @xistence's exploit for CVE-2014-1683
2014-01-31 09:20:10 -06:00
710902dc56
Move file location
2014-01-31 09:18:59 -06:00
810605f0b7
Do final cleanup for the skybluecanvas exploit
2014-01-31 09:17:51 -06:00
32c5d77ebd
Land #2918 , @wvu's fix for long argument lists
2014-01-31 08:49:22 -06:00
f6291eb9a8
updated
2014-01-31 14:33:18 +01:00
ffd8f7eee0
Changes as requested in SkyBlue Canvas RCE module
2014-01-31 12:52:48 +07:00
93db1c59af
Do small fixes
2014-01-30 17:16:43 -06:00
9daacf8fb1
Clean exploit method
2014-01-30 16:58:17 -06:00
4458dc80a5
Clean the find_csrf mehtod
2014-01-30 16:39:19 -06:00
697a86aad7
Organize a little bit the code
2014-01-30 16:29:45 -06:00
50317d44d3
Do more easy clean
2014-01-30 16:23:17 -06:00
1a9e6dfb2a
Allow check to detect platform and arch
2014-01-30 15:17:20 -06:00
b2273dce2e
Delete Automatic target
...
It isn't usefull at all, when auto targeting is done, the payload (java platform and arch)
has been already selected.
2014-01-30 15:04:08 -06:00
cebbe71dba
Do easy cleanup of exploit
2014-01-30 14:42:02 -06:00
c336133a8e
Do a first clean related to auto_target
2014-01-30 14:27:20 -06:00
57b8b49744
Clean query_manager
2014-01-30 14:20:02 -06:00
148e51a28b
Clean metadata and use TARGETURI
2014-01-30 14:03:52 -06:00
56287e308d
Clean up unused variables
2014-01-30 11:20:21 -06:00
e7ab77c736
added module for Oracle Forms and Reports
2014-01-30 14:45:17 +01:00
9a929e75e4
Added Pandora FMS RCE
2014-01-29 12:46:23 +07:00
bac6e2a3e1
added SkyBlueCanvas CMS 1.1 r248-03 RCE
2014-01-28 11:06:25 +07:00
f086655075
Land #2913 , @bcoles Exploit for Simple E-Document
2014-01-27 08:09:45 -06:00
861126fdbd
Clean exploit code
2014-01-27 08:09:18 -06:00
a49473181c
Added new module. Abuses tomcat manager upload page. Tested on tomcat 5.5.36, 6.0.37, 7.0.50, 8.0.0rc10
2014-01-27 09:04:59 -05:00
8fe74629fe
Allow send_request_cgi to take care of the uri encoding
2014-01-26 00:06:41 -06:00
37adf1251c
Delete privileged flag because is configuration dependant
2014-01-25 18:25:31 -06:00
038cb7a981
Add module for CVE-2012-0394
2014-01-25 18:17:01 -06:00
cc4dea7d49
Was playing with ms08_067 check and realized I forgot this print
2014-01-25 16:15:52 -06:00
7c5229e2eb
Use opts hash for glassfish_deployer
...
https://dev.metasploit.com/redmine/issues/8498
2014-01-24 20:17:02 -06:00
47b9bfaffc
Use opts hash for adobe_pdf_embedded_exe
...
https://dev.metasploit.com/redmine/issues/8498
2014-01-24 20:16:53 -06:00
a7fa4e312b
This module fails to load due to the missing end
2014-01-24 17:56:47 -06:00
9db295769d
Land #2905 , @wchen-r7's update of exploit checks
2014-01-24 16:49:33 -06:00
cdc425e4eb
Update some checks
2014-01-24 12:08:23 -06:00
16b8b58a84
Fix the dwSize parameter
2014-01-24 11:38:57 +01:00
8f6dcd7545
Add some randomization to the ROP chain
2014-01-24 10:28:59 +01:00
32d6032893
Add Simple E-Document Arbitrary File Upload module
2014-01-24 19:19:25 +10:30
021aa77f5f
Add module for BID-46926
2014-01-24 01:48:21 +01:00
c403c521b3
Change check code
2014-01-23 11:03:40 -06:00
0a10c1297c
Address nil
2014-01-23 11:00:28 -06:00
333229ea7e
Throw Unknown if connection times out
2014-01-23 10:54:45 -06:00
7f560a4b41
Oops, I broke this module
2014-01-22 11:23:18 -06:00
c83053ba9b
Progress
2014-01-22 11:20:10 -06:00
646f7835a3
Saving progress
2014-01-21 17:14:55 -06:00
85396b7af2
Saving progress
...
Progress group 4: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 14:10:35 -06:00
b3b51eb48c
Pre-release fixup
...
* Updated descriptions to be a little more descriptive.
* Updated store_loot calls to inform the user where the
loot is stored.
* Removed newlines in print_* statments -- these will screw
up Scanner output when dealing with multiple hosts.
Of the fixed newlines, I haven't see any output, so I'm not sure what
the actual message is going to look like -- I expect it's a whole bunch
of newlines in there so it'll be kinda ugly as is (not a blocker for
this but should clean up eventually)
2014-01-21 13:29:08 -06:00
689999c8b8
Saving progress
...
Progress group 3: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 13:03:36 -06:00
fe767f3f64
Saving progress
...
Progress group 2: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 11:07:03 -06:00
7cc3c47349
Land #2891 - HP Data Protector Backup Client Service Directory Traversal
2014-01-20 20:08:01 -06:00
e5dc6a9911
Update exploit checks
...
Progress group 1: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-20 14:26:10 -06:00
e2fa581b8c
Delete empty line
2014-01-17 22:05:14 -06:00
57318ef009
Fix nil bug in jboss_invoke_deploy.rb
...
If there is a connection timeout, the module shouldn't access the
"code" method because that does not exist.
2014-01-17 11:47:18 -06:00
c670259539
Fix protocol handling
2014-01-17 00:49:44 -06:00
eaf1b0caf6
Add minor clean up
2014-01-16 17:55:45 -06:00
f3c912bd32
Add module for ZDI-14-003
2014-01-16 17:49:49 -06:00
ac9e634cbb
Land #2874 , @mandreko's sercomm exploit fixes
2014-01-16 16:35:32 -06:00
272fe5ddfd
Delete debug comments
2014-01-16 16:12:12 -06:00
8213eed49f
Delete Netgear N150 target, ist's a Netgear DGN1000 model
2014-01-16 15:14:31 -06:00
139119d32c
Add Manual targets to sercomm_exec
2014-01-16 12:44:26 -06:00
0922aef8d1
Update module description
2014-01-16 11:16:11 -06:00
5d387c96ec
Land #2879 , minor code formatting missed in #2863
2014-01-14 11:22:09 -06:00
b4280f2876
Very minor code formatting
2014-01-14 13:35:00 +01:00
b7b1ddf1e8
Sercomm Exploit module fixes
...
Added targets for 8 specific targets that I've tested: Cisco WAP4410N,
Honeywell WAP-PL2 IP Camera, Netgear DG834, Netgear DG834G, Netgear
DG834PN, Netgear DGN1000, Netgear DSG835, Netgear WPNT834
Added functionality to the CmdStagerEcho mix-in to support encoding via
octal instead of hex based on the :enc_type option. This is because many
devices would not output hex encoded values properly.
Added options on a per-target basis for the PackFormat (endian pack()
values for communication), UploadPath (because /tmp wasn't always
writable), and PayloadEncode (previously mentioned octal encoding
option)
Note for some reason, some devices communicate over one endianness, but
then require a payload for the other endianess. I'm not sure what's
causing this, but if those specific combinations are not used, the
exploit fails. More research may be required for this.
2014-01-13 16:58:32 -05:00
24c57b34a7
Have into account endianess
2014-01-13 15:04:23 -06:00
671027a126
Pre-release title/desc fixes
2014-01-13 13:57:34 -06:00
771bd039a0
Land #2863 - Update realplayer_ver_attribute_bof.rb
...
Refs & ROP
2014-01-13 11:29:52 -06:00
bc9c865c25
Land #2865 - js payload to firefox_svg_plugin & add BA support for FF JS exploits
2014-01-13 11:17:36 -06:00
95a5d12345
Merge #2835 , #2836 , #2837 , #2838 , #2839 , #2840 , #2841 , #2842 into one branch
2014-01-13 10:57:09 -06:00
e7cc3a2345
Removed unnecessary target
2014-01-13 13:17:16 +01:00
26d17c03b1
Replaced ROP chain
2014-01-13 02:54:49 +01:00
b3b04c4159
Fix both firefox js exploits to use browser_autopwn.
2014-01-11 17:34:38 -06:00
d657a2efd3
Added DEP Bypass
2014-01-11 20:31:28 +01:00
72d15645df
Added more references
2014-01-11 20:30:50 +01:00
8449005b2a
Fixed CVE identifier.
2014-01-10 23:45:34 +01:00
cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells
2014-01-10 14:29:32 -06:00
9d14dd59eb
Delete parentheses
2014-01-09 15:17:13 -06:00
85203c2f2a
Land #2823 , @mandreko's exploit module for OSVDB 101653
2014-01-09 10:27:44 -06:00
40d2299ab4
Added tested device
2014-01-09 10:46:14 -05:00
c50f7697a5
Merge branch 'review_2823' of https://github.com/jvazquez-r7/metasploit-framework into sercomm_exec
2014-01-09 10:39:12 -05:00
bbaaecd648
Delete commas
2014-01-09 08:01:11 -06:00
5e510dc64c
Add minor fixes, mainly formatting
2014-01-09 07:51:42 -06:00
ed6723655d
Code Review Feedback
...
Fixed some handling of errors and invalid hosts
2014-01-09 08:44:01 -05:00
8414973746
Land #2833 , rm linksys_wrt110_cmd_exec_stager
2014-01-09 01:21:22 -06:00
d2458bcd2a
Code Review Feedback
...
Migrated the Sercomm module to use the CmdStager mixin to provide
uploading of the ELF binary.
Modified the CmdStagerEcho mixin to allow bypass of the "-en " since in
this case, the device messed up when it was used, and would actually
write the "-en " to the file, from some flaky busybox version of "echo".
2014-01-08 22:21:32 -05:00
e79ccb08cb
Update rails_secret_deserialization.rb
...
When using aws-sdk with Ruby 2.1.0-rc1, many "Digest::Digest is deprecated; use Digest" warnings are printed.
Even in Ruby 1.8.7-p374, OpenSSL::Digest::Digest is only provided for backward compatibility.
2014-01-07 21:41:15 +01:00
590547ebc7
Modify title to avoid versions
2014-01-07 13:01:10 -06:00
c34af35230
Add wrt100 to the description and title.
...
* The wrt110 and wrt100 share the same firmware, and are both vulnerable to this
bug.
2014-01-07 10:26:15 -06:00
1057cbafee
Remove deprecated linksys module.
2014-01-07 10:22:35 -06:00
c0a82ec091
Avoid specific versions in module names
...
They tend to be a lie and give people the idea that only that version is
vulnerable.
2014-01-06 13:47:24 -06:00
1cdfbfeed5
Land #2820 - vTigerCRM SOAP AddEmailAttachment Arbitrary File Upload
2014-01-06 10:36:02 -06:00
cd38f1ec5d
Minor touchups to recent modules.
2014-01-03 13:39:14 -06:00
41ac66b5e5
Removed stupid debug line I left in
2014-01-03 11:00:13 -05:00
aaa9fa4d68
Removed RequiredCmd options that didn't work successfully.
2014-01-03 10:56:01 -05:00
20b073006d
Code Review Feedback
...
Removed Payload size restriction. I tested with 10,000 characters and it
worked.
Removed handler for now, since it's unable to get a shell. It's
currently limited to issuing commands.
2014-01-03 10:54:16 -05:00
570e7f87d3
Moved to more appropriate folder
2014-01-02 20:58:46 -05:00
b24e927c1a
Added module to execute commands on certain Sercomm devices through
...
backdoor
See more: https://github.com/elvanderb/TCP-32764
2014-01-02 20:54:02 -05:00
2d25781cf0
Land #2804 for real (thanks, @jvazquez-r7!)
...
It was the wrong time to mess with my workflow.
2014-01-02 16:39:02 -06:00
1cb671b02e
Merge branch 'adjust_getenv_api' into stop_abusing_expand_path
2014-01-03 08:14:02 +10:00
67a796021d
Land #2804 , IBM Forms Viewer 4.0 exploit
2014-01-02 16:10:02 -06:00
eaeb457d5e
Fix disclosure date and newline as pointed by @wvu-r7
2014-01-02 16:08:44 -06:00
06fb2139b0
Digging around to get shell_command_token to work.
2014-01-02 14:05:06 -06:00
1b893a5c26
Add module for CVE-2013-3214, CVE-2013-3215
2014-01-02 11:25:52 -06:00
1b0e99b448
Update proto_crmfrequest module.
2014-01-02 10:48:28 -06:00
694cb11025
Add firefox platform, architecture, and payload.
...
* Enables chrome privilege exploits in firefox to run a javascript cmd
shell session without touching the disk.
* Adds a spec for the addon_generator.
2014-01-02 10:48:28 -06:00
d291cd92d7
Land #2817 , icofx_bof random things
2014-01-01 22:01:48 -06:00
b4439a263b
Make things random
2013-12-31 16:06:25 -06:00
184bd1e0b2
Land #2815 - Change gsub hardtabs
2013-12-31 15:58:21 -06:00
2252a037a5
Fix disclosure date
2013-12-31 14:51:43 -06:00
3775b6ce91
Add module for CVE-2013-4988
2013-12-31 14:43:45 -06:00
841f67d392
Make adobe_reader_u3d also compliant
2013-12-31 11:07:31 -06:00
7f9f4ba4db
Make gsubs compliant with the new indentation standard
2013-12-31 11:06:53 -06:00
80a1e85235
Add :config => false to sysax_ssh_username
2013-12-30 18:13:49 -06:00
c3fd657bde
Missing config false flag
...
the sshexec exploit was missing the flag
that tells net:ssh to not use the user's
local config . This can cuase ugly problem
MSP-9262
2013-12-30 14:28:15 -06:00
57d60c66f9
Add masqform version as comment
2013-12-27 10:59:23 -06:00
341e3c0370
Use rexml
2013-12-27 10:55:36 -06:00
ee35f9ac30
Add module for zdi-13-274
2013-12-27 10:20:44 -06:00
5ce862a5b5
Add OSVDB
2013-12-26 10:33:46 -06:00
90ce761681
Land #2790 - RealNetworks RealPlayer Version Attribute Buffer Overflow
2013-12-24 00:39:54 -06:00
367dce505b
Minor details
2013-12-24 00:39:15 -06:00
f687a14539
Added support for opening via menu.
2013-12-24 03:12:49 +01:00
9c484dd0a3
Land #2786 - HP SiteScope issueSiebelCmd Remote Code Execution
2013-12-23 02:34:01 -06:00
5b647ba6f8
Change description
...
Pre-auth is implied.
2013-12-23 02:33:17 -06:00
287271cf98
Fixed date format.
2013-12-22 01:32:16 +01:00
0ac495fef8
Replaced hex with plain text.
2013-12-22 01:31:37 +01:00
f43bc02297
Land #2787 , @mwulftange's exploit for CVE-2013-6955
2013-12-20 17:03:10 -06:00
163a54f8b1
Do send_request_cgi final clean up
2013-12-20 17:00:57 -06:00
44ab583611
Added newline to end of file.
2013-12-20 22:40:45 +01:00
62f71f6282
Added module for CVE-2013-6877
2013-12-20 22:37:09 +01:00
af13334c84
Revert gsub!
2013-12-20 11:39:49 -06:00
ce8b8e8ef9
Land #2783 - OpenSIS 'modname' PHP Code Execution
2013-12-20 11:29:10 -06:00
d0ef860f75
Strip default username/password
...
There isn't one. So force the user to supply one.
2013-12-20 11:28:18 -06:00
52a4e55804
Land #2781 - Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution
2013-12-20 11:25:50 -06:00
1da961343a
Do final (minor) cleanup
2013-12-20 11:20:29 -06:00
jvazquez-r7
Tod Beardsley
Michael Messner
William Vu
Joe Vennix
Philip OKeefe
sinn3r
Mekanismen
Jovany Leandro G.C
sgabe
bwall
Meatballs
Spencer McIntyre
David Maciejak
grimmlin
James Lee
xistence
RangerCha
bcoles
Matt Andreko
Niel Nielsen
OJ
David Maloney