5ea20a332b
Clearly I had the wrong disclosure date. This one is based on Adobe's security bulletin.
2012-02-10 00:13:39 -06:00
e5ea2961f5
Add CVE-2011-2140 Adobe Flash SequenceParameterSetNALUnit (mp4) bof
2012-02-10 00:10:28 -06:00
6b29af5c23
Add user-agent check. Auto-migrate.
2012-02-02 03:11:10 -06:00
82eacbe2fd
Added module for CVE-2008-2551
2012-02-01 23:26:28 +01:00
e371f0f64c
MSFTidy commits
...
Whitespace fixes, grammar fixes, and breaking up a multiline SOAP
request.
Squashed commit of the following:
commit 2dfd2472f7afc1a05d3647c7ace0d031797c03d9
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:58:53 2012 -0600
Break up the multiline SOAP thing
commit 747e62c5be2e6ba99f70c03ecd436fc444fda99e
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:48:16 2012 -0600
More whitespace and indent
commit 12c42aa1efdbf633773096418172e60277162e22
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:39:36 2012 -0600
Whitespace fixes
commit 32d57444132fef3306ba2bc42743bfa063e498df
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:35:37 2012 -0600
Grammar fixes for new modules.
2012-02-01 10:59:58 -06:00
1dec4c0c45
These modules should use vprint_xxx() instead of print_xxx() ... if datastore['VERBOSE']
2012-01-30 13:08:35 -06:00
fbac9a7239
Forgot to remove this comment
2012-01-28 13:18:15 -06:00
7b866eee86
Use the proper function for verbose prints
2012-01-27 12:50:01 -06:00
64651e52a8
Credit Shane of X-Force for the discovery
2012-01-27 11:18:34 -06:00
b4e2228404
Fix exitfunc option name
2012-01-27 09:15:31 -06:00
298b94d397
Add MS12-004 MIDI Heap Overflow Remote Code Execution Exploit (CVE-2012-003)
2012-01-27 03:48:39 -06:00
f6a6963726
Msftidy run over the recent changed+added modules
2012-01-24 15:52:41 -06:00
a682e68073
Add CVE-2011-4786 HP Easy Printer Care XMLCacheMgr exploit (Feature #6246 )
2012-01-17 12:28:47 -06:00
4f16caed0f
Change naming style for MS type bug
2012-01-17 03:00:07 -06:00
bd31f3f480
add osvdb ref
2012-01-13 13:21:33 -06:00
2eb35728f6
Randomize nops
2012-01-12 18:37:25 -06:00
a8ef3417b5
Fixed the date
2012-01-12 20:54:55 -06:00
e75e23b963
Removed more unused variables and fixed some formatting
2012-01-12 18:13:28 -06:00
f22f54034a
Removed unused variables
2012-01-12 18:05:54 -06:00
87ee6905df
Modified exploit to not need egg hunter shellcode
2012-01-12 18:01:22 -06:00
06414c2413
changed author to my actual name
2012-01-06 01:03:20 -06:00
b26ed37467
Added description, urls, and another author
2012-01-06 00:47:01 -06:00
5c05cebaf7
Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790
2012-01-06 00:16:45 -06:00
f3a9bc2dad
Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790
2012-01-06 00:12:28 -06:00
958ffe6e1d
Fix stack trace from unknown agents
2012-01-02 03:41:49 -06:00
b202c29153
Correct e-mail format
2011-12-29 11:27:10 -06:00
d484e18300
Add e-mail for tecr0c
2011-12-29 11:14:15 -06:00
9972f42953
Add e-mail for mr_me for consistency
2011-12-29 11:01:38 -06:00
b58097a2a7
Remove junk() because it's never used
2011-12-17 01:28:07 -06:00
acef9de711
Repair dead milw0rm link to exploit-db
2011-12-13 16:13:15 -06:00
c411c216c0
Solved most of msftidy issues with the /modules directory
2011-11-28 17:10:29 -06:00
95d639ccf7
Change target index and names. Also retested on XP all the way to Win 7, IE 6 to IE8.
2011-11-20 01:44:52 -06:00
9c2fab0921
Add CVE-2010-0356 (Viscom Movie Player Pro) by tecr0c
2011-11-19 20:40:04 -06:00
fea42dbdee
Add feature #5872
2011-11-16 12:26:54 -06:00
170c4f5451
Fix author email format
2011-11-12 01:53:25 -06:00
e767214411
Fix: whitespaces, svn propset, author e-mail format
...
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 22:02:26 +00:00
7bfa29ace4
clean up exploit HTML print_status
...
git-svn-id: file:///home/svn/framework3/trunk@14036 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 14:21:57 +00:00
62c8c6ea9f
big msftidy pass, ping me if there are issues
...
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
0f1ba8dcf1
Change user agent check
...
git-svn-id: file:///home/svn/framework3/trunk@13993 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 15:48:03 +00:00
8e4f4a2672
Add CVE-2011-1774 (Safari libxslt arbitrary file creation)
...
git-svn-id: file:///home/svn/framework3/trunk@13987 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 07:39:50 +00:00
fbbec1fa92
This exploit falls between NormalRanking to GoodRanking. I'll class it as Normal for now.
...
git-svn-id: file:///home/svn/framework3/trunk@13984 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 03:48:10 +00:00
c336d063da
Mostly file format (unix linefeeds) and File.open() calls using binary. Fixed ranking for mozilla_nstreerange and disclosure and BID # for tugzip.
...
git-svn-id: file:///home/svn/framework3/trunk@13971 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 04:20:53 +00:00
3c36b0c975
Msftidy: knocking out all those trailing spaces. Screw those guys.
...
git-svn-id: file:///home/svn/framework3/trunk@13967 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 03:49:49 +00:00
39a4488da5
Patch #5740 for Firefox Array.reduceRight() exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13958 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 20:28:15 +00:00
cf8524b1b4
Fixes #5414 by applying Joshua Taylor's patch that corrects bad reference types
...
git-svn-id: file:///home/svn/framework3/trunk@13949 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 09:53:53 +00:00
020abd926b
A handful of rankings changes, also converting whitespace.
...
git-svn-id: file:///home/svn/framework3/trunk@13941 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 22:58:20 +00:00
14d7db1641
Add disclosure dates to all the exploit modules that didn't have one
...
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 21:09:17 +00:00
1adb31747d
This module is missing a ranking. Adding one.
...
git-svn-id: file:///home/svn/framework3/trunk@13936 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 20:35:18 +00:00
4f4c0bc0be
Add CVE-2011-2371 Firefox Array.reduceRight() vuln
...
git-svn-id: file:///home/svn/framework3/trunk@13909 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-13 03:16:15 +00:00
90a426cec6
Add PcVue 10 LoadObject/SaveObject vuln (Feature #5647 )
...
git-svn-id: file:///home/svn/framework3/trunk@13889 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 10:57:31 +00:00
2b3a277124
Found an instance that causes the win 7 target to fail. This fix corrects it.
...
git-svn-id: file:///home/svn/framework3/trunk@13797 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-27 08:55:07 +00:00
ec6f290fbd
Add Windows 7 target and all kinds of stuff.
...
git-svn-id: file:///home/svn/framework3/trunk@13775 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-22 17:40:35 +00:00
5d4f68a6f2
Fix JS
...
git-svn-id: file:///home/svn/framework3/trunk@13767 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-21 03:13:45 +00:00
f4be092ac1
include the CVE with more details that definitely applies to this bug, in addition to the ambiguous one that may or may not
...
git-svn-id: file:///home/svn/framework3/trunk@13751 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-18 03:57:27 +00:00
10c76f66ba
Adding an extra print line to adobe_cooltype_sing that clearly displays the user-agent.
...
git-svn-id: file:///home/svn/framework3/trunk@13748 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-17 20:12:51 +00:00
56025609f0
Add fix commit url to reference. Thx jduck!
...
git-svn-id: file:///home/svn/framework3/trunk@13745 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-17 06:48:33 +00:00
2ebef435a0
Add CVE-2011-2950 Real Player heap overflow
...
git-svn-id: file:///home/svn/framework3/trunk@13738 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-16 19:22:29 +00:00
7569cad178
Correct variable use in heap spray js function
...
git-svn-id: file:///home/svn/framework3/trunk@13735 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-15 22:37:13 +00:00
70fa0e630b
Add Windows 7 + IE 8 target. Also use a different approach to get code execution.
...
git-svn-id: file:///home/svn/framework3/trunk@13734 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-15 20:51:01 +00:00
819e673b88
Mention about the RSA attack in the description, also add a reference for it
...
git-svn-id: file:///home/svn/framework3/trunk@13697 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-06 17:22:00 +00:00
8a070b81a2
Add the noobfuscation arg to the heaplib call
...
git-svn-id: file:///home/svn/framework3/trunk@13675 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-01 09:00:20 +00:00
22dc0ed551
Fix disclosure date
...
git-svn-id: file:///home/svn/framework3/trunk@13670 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-31 00:15:46 +00:00
c5fe6ed503
Reset the target to allow for multiple client connections
...
git-svn-id: file:///home/svn/framework3/trunk@13669 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-30 22:29:14 +00:00
70dffd6afb
Adds Citrix Gateway ActiveX Stack Based Buffer Overflow module
...
git-svn-id: file:///home/svn/framework3/trunk@13666 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-30 22:22:32 +00:00
b331073851
cleaned up some column width issues, added on_new_session clean up code to remove files
...
git-svn-id: file:///home/svn/framework3/trunk@13599 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-20 17:47:03 +00:00
6723c7fb3e
Minor metadata format fix
...
git-svn-id: file:///home/svn/framework3/trunk@13593 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-20 00:11:22 +00:00
8fbd81a0f0
Add HP Easy Printer xmlsimpleaccessor exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13592 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 23:49:45 +00:00
fe53151324
fix tabs
...
git-svn-id: file:///home/svn/framework3/trunk@13590 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 16:58:50 +00:00
056adf7063
Add Win 7 target
...
git-svn-id: file:///home/svn/framework3/trunk@13589 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 16:57:19 +00:00
6c58dad979
ugh, why the extra spaces
...
git-svn-id: file:///home/svn/framework3/trunk@13566 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-15 15:34:49 +00:00
eaa5cf6b5d
Use heaplib on IE 8, allow obfuscation as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13565 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-15 15:32:17 +00:00
55d60a1af2
Allow JavaScript obfuscation as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13556 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-13 02:28:49 +00:00
c29a4d5ea3
Specify UUID offset for the custom .Net binary
...
git-svn-id: file:///home/svn/framework3/trunk@13555 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-13 02:15:05 +00:00
f8bf910fbb
missing var
...
git-svn-id: file:///home/svn/framework3/trunk@13554 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-13 02:05:08 +00:00
8bf7a9990b
Improve javascript obfuscation, and allow it as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13553 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 23:03:11 +00:00
20f4280d9f
Exploit is much more reliable than before, it gets a promotion
...
git-svn-id: file:///home/svn/framework3/trunk@13549 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 19:17:23 +00:00
bfc59e4c62
Add MS10-026 exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13547 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 19:04:25 +00:00
3b04e7bd9e
Add routine to check target before exploiting it
...
git-svn-id: file:///home/svn/framework3/trunk@13535 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 23:05:45 +00:00
0d9908435a
Allow JavaScript obfuscation as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13533 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 22:18:25 +00:00
456aeeb90b
Allow JavaScript obfuscation as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13530 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 18:47:21 +00:00
4ac431948a
Allow JavaScript obfuscation as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13524 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 15:50:43 +00:00
a1526e86b8
Use heaplib to spray, and use obfuscation as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13523 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 15:25:14 +00:00
a6a444930e
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@13522 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 11:17:30 +00:00
6a89cf5859
Add TeeChart Professional ActiveX exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13520 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 08:41:30 +00:00
58198f37ba
Fix reference link
...
git-svn-id: file:///home/svn/framework3/trunk@13513 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 18:58:20 +00:00
8dc4228ee0
Fix very minor typo
...
git-svn-id: file:///home/svn/framework3/trunk@13508 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 17:05:49 +00:00
3b1769d621
Add Mozilla Firefox 3.6.16 mChannel Use After Free exploit by Rh0
...
git-svn-id: file:///home/svn/framework3/trunk@13507 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 05:58:02 +00:00
6bf90f884e
Fix debug mode and some extra tabs in JS
...
git-svn-id: file:///home/svn/framework3/trunk@13325 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-24 00:22:29 +00:00
f47a2c7565
Format dictatorship round 2: Fix author e-mail format for all exploit modules
...
git-svn-id: file:///home/svn/framework3/trunk@13297 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-22 20:17:58 +00:00
94aea207d3
Remove extra tabs and spaces
...
git-svn-id: file:///home/svn/framework3/trunk@13148 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 21:10:45 +00:00
9892eb39eb
Syntax fix
...
git-svn-id: file:///home/svn/framework3/trunk@13147 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 20:50:52 +00:00
32a7eb0000
svn propset
...
git-svn-id: file:///home/svn/framework3/trunk@13146 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 19:19:00 +00:00
7958516549
Adds Xeros Firefox nstreerange exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13143 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 17:12:53 +00:00
6448daf571
MS10-018, y u no InitialAutoRunScript
...
git-svn-id: file:///home/svn/framework3/trunk@13141 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 07:02:38 +00:00
1058948419
Updated ROP, no more hardcoded ntdll addresses
...
git-svn-id: file:///home/svn/framework3/trunk@13106 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-06 07:22:24 +00:00
1223275330
Change ranking for now until we have a better solution for SP3
...
git-svn-id: file:///home/svn/framework3/trunk@13009 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-23 01:04:29 +00:00
fdbc038bd0
Add BlackIce Cover Page ActiveX downloadimagefileurl exploit
...
git-svn-id: file:///home/svn/framework3/trunk@12992 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-21 02:51:39 +00:00
650762517f
update CVE and OSVDB to match what the author said
...
git-svn-id: file:///home/svn/framework3/trunk@12964 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-17 17:35:57 +00:00
7c47b48f5b
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12962 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-17 01:56:20 +00:00
23cc89482b
CVE correction, thanks Kurt.
...
git-svn-id: file:///home/svn/framework3/trunk@12961 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-17 00:56:11 +00:00
eae350b88b
CVE-2011-1260 seems to be the right one
...
git-svn-id: file:///home/svn/framework3/trunk@12959 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-16 22:27:10 +00:00
0a04835138
Added MS11-050 by d0c_s4vage
...
git-svn-id: file:///home/svn/framework3/trunk@12956 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-16 21:19:12 +00:00
b9e398c706
adds support for SSL
...
git-svn-id: file:///home/svn/framework3/trunk@12872 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-06 20:15:51 +00:00
31a659e55a
Fixed this up to use the new JS obfuscation hotness thanks to egyp7s rkelly fu!
...
git-svn-id: file:///home/svn/framework3/trunk@12871 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-06 19:49:33 +00:00
377a18030a
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12869 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-06 19:06:18 +00:00
3d7715ce60
Added Cisco AnyConnect VPN Client ActiveX download and execute exploit
...
git-svn-id: file:///home/svn/framework3/trunk@12868 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-06 18:52:26 +00:00
bee19278d7
add a new javascript obfuscation engine using rkelly for parsing. use it in browser_autopwn and ms10_018_ie_behaviors. see #1003
...
git-svn-id: file:///home/svn/framework3/trunk@12839 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-03 00:36:26 +00:00
36983436db
play a little nicer with browser autopwn by not spraying the heap if creating the vulnerable object failed
...
git-svn-id: file:///home/svn/framework3/trunk@12667 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-19 19:45:14 +00:00
0b88468617
out with the new, in with the old. css_clip is pretty unreliable in my tests, go back to using ie_behaviors in browser autopwn
...
git-svn-id: file:///home/svn/framework3/trunk@12663 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-19 16:33:55 +00:00
f9c49ef9ce
Comment update (this is still for the egghunter fix: bug #4552 )
...
git-svn-id: file:///home/svn/framework3/trunk@12657 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-18 19:50:22 +00:00
6345fec06c
checksum support for egghunter disabled, because not enough room for it. See r4552.
...
git-svn-id: file:///home/svn/framework3/trunk@12656 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-18 19:48:06 +00:00
40894c3726
Moving Iconics webhmi activeX exploit from browser to scada directory
...
git-svn-id: file:///home/svn/framework3/trunk@12584 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-11 20:45:54 +00:00
b84df80983
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12576 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-10 19:16:07 +00:00
105b5799af
Added ICONICS WebHMI ActiveX SetActiveXGuid bof
...
git-svn-id: file:///home/svn/framework3/trunk@12573 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-10 18:07:15 +00:00
8d78a47e45
get_resource() added to 'src' parameter
...
git-svn-id: file:///home/svn/framework3/trunk@12543 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-05 22:10:30 +00:00
a8b6c43636
reverting the disclosure dates for now need to clean up the patch
...
git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 20:43:19 +00:00
3b7ea08f6a
Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy
...
git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 19:17:31 +00:00
c5d51cf810
Disclosure date change
...
git-svn-id: file:///home/svn/framework3/trunk@12391 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 15:45:07 +00:00
31f2afc033
fix date
...
git-svn-id: file:///home/svn/framework3/trunk@12388 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 11:12:34 +00:00
cb491e35d2
Changed disclosure date
...
git-svn-id: file:///home/svn/framework3/trunk@12384 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 02:10:40 +00:00
458d8cccb8
Modified heap spray routine. Added IE 8 target for XP SP3.
...
git-svn-id: file:///home/svn/framework3/trunk@12383 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-20 21:55:33 +00:00
c28e7259ac
Added CVE-2011-0611 Adobe Flash 0day
...
git-svn-id: file:///home/svn/framework3/trunk@12330 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-16 02:09:33 +00:00
ffe6868d22
Updated vbs stager temp var
...
git-svn-id: file:///home/svn/framework3/trunk@12286 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-09 18:24:43 +00:00
a8947662db
old file hanging around
...
git-svn-id: file:///home/svn/framework3/trunk@12280 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-08 13:28:57 +00:00
bb26593da7
add osvdb ref. rename file to correct typo
...
git-svn-id: file:///home/svn/framework3/trunk@12279 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-08 12:41:18 +00:00
717fb83fc9
Added RealNetworks RealGames ActiveX exec arbitrary code execution
...
git-svn-id: file:///home/svn/framework3/trunk@12276 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-08 02:39:11 +00:00
b90d6fc16f
Modified the heap spraying function. Each block size should be more consistent now.
...
git-svn-id: file:///home/svn/framework3/trunk@12264 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-07 07:27:38 +00:00
0882f18ec0
add fix commit diff and fix broken cve reference
...
git-svn-id: file:///home/svn/framework3/trunk@12166 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-28 03:04:54 +00:00
24fd896bfb
add OSVDB reference back, conflict handling fail!
...
git-svn-id: file:///home/svn/framework3/trunk@12165 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-28 03:02:46 +00:00
214751379f
Updated: using get_resource() instead of datastore['URIPATH']
...
git-svn-id: file:///home/svn/framework3/trunk@12156 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-27 03:56:45 +00:00
25ca59b56f
Added Win Vista and debug target
...
git-svn-id: file:///home/svn/framework3/trunk@12153 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 23:22:51 +00:00
349512f48d
Updated exploit ranking and description to reflect the new ranking
...
git-svn-id: file:///home/svn/framework3/trunk@12151 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 19:33:38 +00:00
81fae13258
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12147 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 12:05:48 +00:00
ff3659aa37
Lots of work to make this a lot more reliable =)
...
git-svn-id: file:///home/svn/framework3/trunk@12146 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 06:35:28 +00:00
eb7df0be8e
Updated how the trigger file should be loaded... the proper way.
...
git-svn-id: file:///home/svn/framework3/trunk@12140 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 00:07:36 +00:00
77ceadc6ad
Updated description and how the trigger file loads
...
git-svn-id: file:///home/svn/framework3/trunk@12139 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-25 22:49:11 +00:00
08f210ac52
Added CVE-2010-3275 (VLC AMV vulnerability)
...
git-svn-id: file:///home/svn/framework3/trunk@12137 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-25 21:03:12 +00:00
89ec6ab5da
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12092 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 11:19:45 +00:00
8233030184
opps removed mixin require as well
...
git-svn-id: file:///home/svn/framework3/trunk@12091 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 04:41:48 +00:00
f8534f06dd
opps removed mixin reference =)
...
git-svn-id: file:///home/svn/framework3/trunk@12090 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 04:40:38 +00:00
d7266b6551
Add CVE-2011-0609 exploit for Adobe Flash
...
git-svn-id: file:///home/svn/framework3/trunk@12089 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 04:31:48 +00:00
586c1f9305
oops, broke the LIBPATH option
...
git-svn-id: file:///home/svn/framework3/trunk@12015 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-18 01:18:18 +00:00
f4fe3f11b0
enable bind payloads, thx hdm :)
...
git-svn-id: file:///home/svn/framework3/trunk@12014 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-18 00:52:58 +00:00
4992deed21
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12013 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-18 00:16:06 +00:00
fb6107ffb5
enable java payloads, currently via one-off method
...
git-svn-id: file:///home/svn/framework3/trunk@12012 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-17 23:57:11 +00:00
36b83cde6f
Added exploit for CVE-2010-3747 RealPlayer CDDA URI Code Execution
...
git-svn-id: file:///home/svn/framework3/trunk@12009 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-17 15:42:28 +00:00
382e63e16e
fixed a typo in javascript
...
git-svn-id: file:///home/svn/framework3/trunk@12007 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-17 04:40:36 +00:00
4a1e59be8d
oops =D
...
git-svn-id: file:///home/svn/framework3/trunk@11983 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 05:01:29 +00:00
4644110962
add exploit for cve-2010-4452, currently windows only and no payloads :(
...
git-svn-id: file:///home/svn/framework3/trunk@11982 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 04:50:25 +00:00
695963dde7
Fixed references
...
git-svn-id: file:///home/svn/framework3/trunk@11888 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-07 02:28:15 +00:00
b51c9f8397
oops forgot a , =)
...
git-svn-id: file:///home/svn/framework3/trunk@11887 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-06 20:42:37 +00:00
6dc0596870
Added Novell iPrint GetDriverSettings <= 5.52 exploit from mr_me thanks
...
git-svn-id: file:///home/svn/framework3/trunk@11886 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-06 20:27:06 +00:00
8ef05017b8
style compliance fixes, naughty naughty
...
git-svn-id: file:///home/svn/framework3/trunk@11796 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-22 20:49:44 +00:00
c322534907
Add exploit for CVE-2010-3765, firefox interleaved document.write and appendChild calls.
...
git-svn-id: file:///home/svn/framework3/trunk@11773 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-18 02:23:10 +00:00
8c8b181ffb
Update ms11_xxx modules to reflect bulletin release, minor style fixes
...
git-svn-id: file:///home/svn/framework3/trunk@11730 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-08 23:31:44 +00:00
e06d4d52fe
convert VLC module to FileFormat, adjust spray
...
git-svn-id: file:///home/svn/framework3/trunk@11705 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-03 18:16:40 +00:00
3ac076c20a
add exploit for VLC media player WebM processing from Dan Rosenburg
...
git-svn-id: file:///home/svn/framework3/trunk@11692 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-01 18:54:24 +00:00
a62f1922b3
fix typos, lol?
...
git-svn-id: file:///home/svn/framework3/trunk@11662 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-28 23:56:35 +00:00
d7cda0f85a
accept a client argument for get_uri()
...
git-svn-id: file:///home/svn/framework3/trunk@11623 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-22 00:16:57 +00:00
f3bda46333
doesn't work on IE8, fixes #3566 , thanks Hauke Mehrtens for the patch
...
git-svn-id: file:///home/svn/framework3/trunk@11610 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-20 19:30:59 +00:00
b6b9b83dd7
add CVE reference
...
git-svn-id: file:///home/svn/framework3/trunk@11579 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-14 16:25:37 +00:00
739604ea12
Fixes #3469 , silly typo
...
git-svn-id: file:///home/svn/framework3/trunk@11520 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 05:58:55 +00:00
d994f595fe
remove unused vars
...
git-svn-id: file:///home/svn/framework3/trunk@11517 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 01:59:10 +00:00
287f4c87fe
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@11516 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 01:13:26 +00:00
19e8a6a5b1
switch AutoRunScript for InitialAutoRunScript, oops
...
git-svn-id: file:///home/svn/framework3/trunk@11513 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 00:25:44 +00:00
a206ed8418
clarifying wmi tools are not installed by default
...
git-svn-id: file:///home/svn/framework3/trunk@11481 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-06 05:27:37 +00:00
bc7a8e3b47
fix silly merge conflict data in HTML
...
git-svn-id: file:///home/svn/framework3/trunk@11479 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-05 22:52:54 +00:00
08df4dac3b
randomize import styles, patch from jjarmoc
...
git-svn-id: file:///home/svn/framework3/trunk@11443 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-29 16:49:20 +00:00
b3bfb5834e
change credit to passerby
...
git-svn-id: file:///home/svn/framework3/trunk@11427 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-28 17:10:19 +00:00
5f5d2992ce
add reference to 0x557 slides (for .NET 2.0 rop)
...
git-svn-id: file:///home/svn/framework3/trunk@11405 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-23 01:36:54 +00:00
cdfe03ce43
add MSFT advisory and CVE
...
git-svn-id: file:///home/svn/framework3/trunk@11404 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-23 01:30:43 +00:00
09b00739fb
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@11402 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 22:21:56 +00:00
0f24d1955c
minor corrections, use .NET 2.0 ROP :)
...
git-svn-id: file:///home/svn/framework3/trunk@11398 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 18:26:18 +00:00
44c8a71dcf
minor clean ups
...
git-svn-id: file:///home/svn/framework3/trunk@11397 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 18:23:16 +00:00
1407d7f1d5
revert back. little more reliable.
...
git-svn-id: file:///home/svn/framework3/trunk@11396 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 17:40:13 +00:00
d89c60f2de
add exploit module wmi_admintools.rb
...
git-svn-id: file:///home/svn/framework3/trunk@11395 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 14:35:36 +00:00
c4c0cabccb
switch to .NET 2.0 ROP, Merry Xmas!
...
git-svn-id: file:///home/svn/framework3/trunk@11390 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-21 19:24:19 +00:00
5d2f26b41b
add exploit for unpatched IE css import bug
...
git-svn-id: file:///home/svn/framework3/trunk@11383 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-20 16:34:07 +00:00
b8b0e1af97
fix typo
...
git-svn-id: file:///home/svn/framework3/trunk@11380 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-20 09:11:45 +00:00
f15e6e5e62
update autopwn, replace ms10-018 behaviors with ms10-090 css clip.
...
git-svn-id: file:///home/svn/framework3/trunk@11333 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-14 18:53:22 +00:00
af56bebfa1
note ms10-090 bulletin
...
git-svn-id: file:///home/svn/framework3/trunk@11331 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-14 18:41:20 +00:00
e6f640bc17
add cve and osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@11189 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-01 03:18:05 +00:00
14ea7a85bb
svn keywords
...
git-svn-id: file:///home/svn/framework3/trunk@11188 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-01 02:03:25 +00:00
5ed387aa38
added exploit module enjoysapgui_comp_download.rb
...
git-svn-id: file:///home/svn/framework3/trunk@11187 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-01 02:01:46 +00:00
e9faf75503
fix some more titles with periods
...
git-svn-id: file:///home/svn/framework3/trunk@11127 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-24 19:35:38 +00:00
52389d28f4
make windows the default target
...
git-svn-id: file:///home/svn/framework3/trunk@11102 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-22 20:54:25 +00:00
7a3770f87b
don't use java_basicservice_impl in browser autopwn because it doesn't work in an iframe against IE and causes popups in other browsers
...
git-svn-id: file:///home/svn/framework3/trunk@11101 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-22 20:44:16 +00:00
d608db778c
we're not sending an applet, just a jar, clarify the output
...
git-svn-id: file:///home/svn/framework3/trunk@11084 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-21 19:58:04 +00:00
6f7af42667
add an exploit for cve-2010-3563, thanks Matthias Kaiser
...
git-svn-id: file:///home/svn/framework3/trunk@11078 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-19 23:02:35 +00:00
3992eb7ef8
Mass RE-update: fix all framework URL references
...
git-svn-id: file:///home/svn/framework3/trunk@10998 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 22:43:22 +00:00
9fc6f2f3a3
Mass update: fix all framework URL references
...
git-svn-id: file:///home/svn/framework3/trunk@10996 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 22:25:13 +00:00
eab0a40caa
switch up IE6 target to work on older version
...
git-svn-id: file:///home/svn/framework3/trunk@10978 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 02:54:56 +00:00
61e5d00722
switch title, comment out IE8 target for now
...
git-svn-id: file:///home/svn/framework3/trunk@10963 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-09 23:12:48 +00:00
338d6e3693
add osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@10914 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-05 02:58:01 +00:00
b0f64ebba1
add a debug target
...
git-svn-id: file:///home/svn/framework3/trunk@10912 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-05 00:08:55 +00:00
76123e79c1
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@10909 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-04 23:59:56 +00:00
979ddcd8e5
add exploit for cve-2010-3962
...
git-svn-id: file:///home/svn/framework3/trunk@10907 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-04 23:44:23 +00:00
9f5fca12f7
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@10828 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-26 15:28:04 +00:00
f909b360ba
note tested on 6u11
...
git-svn-id: file:///home/svn/framework3/trunk@10820 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-25 20:22:08 +00:00
3fffd15549
add exploit for cve-2010-3552 (w/dep bypass)
...
git-svn-id: file:///home/svn/framework3/trunk@10819 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-25 20:21:41 +00:00
sinn3r
juan
Tod Beardsley
HD Moore
Steve Tornio
root
Sam Sharps
sam
Joshua J. Drake
Rob Fuller
Wei Chen
Tod Beardsley
James Lee
David Rude
Mario Ceballos
Matt Weeks
Jonathan Cran