Commit Graph

605 Commits (e54442af36a8b7fc067ee5630e23e9a4e146ae2b)

Author SHA1 Message Date
jvazquez-r7 c77a0984bd
Land #3989, @us3r777's exploit for CVE-2014-7228, Joomla Update unserialize
the commit.
 empty message aborts
2014-10-20 13:39:08 -05:00
jvazquez-r7 4e6f61766d Change module filename 2014-10-20 13:31:22 -05:00
jvazquez-r7 e202bc10f0 Fix title 2014-10-20 13:30:44 -05:00
jvazquez-r7 f07c5de711 Do code cleanup 2014-10-20 13:27:48 -05:00
jvazquez-r7 052a9fec86 Delete return 2014-10-20 10:52:33 -05:00
jvazquez-r7 199f6eba76 Fix check method 2014-10-20 10:46:40 -05:00
us3r777 16101612a4 Some changes to use primer
Follow wiki How-to-write-a-module-using-HttpServer-and-HttpClient
2014-10-20 17:26:16 +02:00
us3r777 1e143fa300 Removed unused variables 2014-10-20 16:58:41 +02:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Tod Beardsley b1223165d4
Trivial grammar fixes 2014-10-14 12:00:50 -05:00
us3r777 444b01c4b0 Typo + shorten php serialized object 2014-10-12 21:29:04 +02:00
us3r777 2428688565 CVE-2014-7228 Joomla/Akeeba Kickstart RCE
Exploit via serialiazed PHP object injection. The Joomla! must be
updating more precisely, the file $JOOMLA_WEBROOT/administrator/
components/com_joomlaupdate/restoration.php must be present
2014-10-09 18:51:24 +02:00
Christian Mehlmauer 1584c4781c Add reference 2014-10-09 06:58:15 +02:00
jvazquez-r7 4f96d88a2f
Land #3949, @us3r777's exploit for CVE-2014-6446, wordpress infusionsoft plugin php upload 2014-10-08 16:35:49 -05:00
jvazquez-r7 66a8e7481b Fix description 2014-10-08 16:35:14 -05:00
jvazquez-r7 8ba8402be3 Update timeout 2014-10-08 16:32:05 -05:00
jvazquez-r7 bbf180997a Do minor cleanup 2014-10-08 16:29:11 -05:00
us3r777 03888bc97b Change the check function
Use regex based detection
2014-10-06 18:56:01 +02:00
us3r777 29111c516c Wordpress Infusionsoft Gravity Forms CVE-2014-6446
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for
WordPress does not properly restrict access, which allows remote
attackers to upload arbitrary files and execute arbitrary PHP
code via a request to utilities/code_generator.php.
2014-10-06 14:10:01 +02:00
Christian Mehlmauer f45b89503d change WPVULNDBID to WPVDB 2014-10-03 17:13:18 +02:00
Christian Mehlmauer 33b37727c7 Added wpvulndb links 2014-10-02 23:03:31 +02:00
jvazquez-r7 9acccfe9ba Fix description 2014-09-19 17:18:59 -05:00
jvazquez-r7 d826132f87 Delete CVE, add EDB 2014-09-19 17:16:03 -05:00
jvazquez-r7 7afbec9d6c
Land #2890, @Ahmed-Elhady-Mohamed module for OSVDB 93034 2014-09-19 17:12:49 -05:00
jvazquez-r7 1fa5c8c00c Add check method 2014-09-19 17:11:16 -05:00
jvazquez-r7 ce0b00bb0b Change module location and filename 2014-09-19 16:59:35 -05:00
Brendan Coles 564431fd41 Use arrays in refs for consistency 2014-08-18 18:54:54 +00:00
Brendan Coles b8b2e3edff Add HybridAuth install.php PHP Code Execution module 2014-08-16 23:31:46 +00:00
jvazquez-r7 a79eec84ac
Land #3584, @FireFart's update for wp_asset_manager_upload_exec 2014-07-30 10:28:51 -05:00
jvazquez-r7 9de8297848 Use [] for References 2014-07-30 10:28:00 -05:00
jvazquez-r7 58fbb0b421 Use [] for References 2014-07-30 10:24:14 -05:00
Christian Mehlmauer 75057b5df3
Fixed variable 2014-07-29 21:02:15 +02:00
Christian Mehlmauer cc3285fa57
Updated checkcode 2014-07-29 20:53:54 +02:00
Christian Mehlmauer 61ab88b2c5
Updated wp_asset_manager_upload_exec module 2014-07-29 20:53:18 +02:00
Christian Mehlmauer e438c140ab
Updated wp_property_upload_exec module 2014-07-29 20:34:34 +02:00
Christian Mehlmauer 621e85a32d
Correct version 2014-07-28 22:45:04 +02:00
Christian Mehlmauer d334797116
Updated foxpress module 2014-07-28 22:23:22 +02:00
jvazquez-r7 79fe342688
Land #3558, @FireFart's improvements to wordpress mixin 2014-07-28 09:52:20 -05:00
Christian Mehlmauer a6479a77d6
Implented feedback from @jhart-r7 2014-07-22 19:49:58 +02:00
Christian Mehlmauer baff003ecc
extracted check version to module
also added some wordpress specs and applied
rubocop
2014-07-22 17:02:35 +02:00
sinn3r 6048f21875
Land #3552 - Correct DbVisualizer title name 2014-07-21 13:07:33 -05:00
Tod Beardsley a41768fd7d
Correct DbVisualizer title name
I think "DbVis Software" is the name of the company and the product
itself is called DbVisualizer.

Also fixed the description on the WPTouch module.
2014-07-21 12:35:01 -05:00
Christian Mehlmauer a809c9e0b5
Changed to vprint and added comment 2014-07-18 22:15:56 +02:00
Christian Mehlmauer c6e129c622
Fix rubocop warnings 2014-07-18 21:58:33 +02:00
Christian Mehlmauer c1f612b82a
Use vprint_ instead of print_ 2014-07-15 06:58:33 +02:00
Christian Mehlmauer 144c6aecba
Added WPTouch fileupload exploit 2014-07-14 21:35:18 +02:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
Tod Beardsley 9fef2ca0f3
Description/whitespace changes (minor)
Four modules updated for the weekly release with minor cosmetic fixes.

- [ ] See all affected modules still load.
- [ ] See all affected modules have expected `info`
2014-07-07 12:39:05 -05:00
Christian Mehlmauer d5843f8eaf
Updated Mailpoet exploit to work with another version 2014-07-06 10:53:40 +02:00
William Vu cf5d29c53b
Add EOF newline to satisfy msftidy 2014-07-05 13:51:12 -05:00