infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
metasploit-framework/data/exploits
History
OJ 0e82ced082
Add LPE exploit module for the capcom driver flaw 
This commit includes:

* RDI binary that abuses the SMEP bypass and userland function pointer
  invocation that is provided by the driver.
* Related metasploit module.
* Associated make.build to build from command line.
* Updated command line build file.

This also includes the beginnings of a new set of functions that help
with the management/automation of kernel-related work on Windows for
local priv esc exploits.
 		2016-09-27 22:37:45 +10:00
..
CVE-2008-6508 Permissions. 2012-06-28 11:42:37 -05:00
CVE-2010-0232 Remove genericity, x64 and renamed stuff 2013-11-14 12:22:53 +10:00
CVE-2010-0842 Fix my screwup in winscp for servicename 2012-02-21 20:31:52 -06:00
CVE-2010-1240 Add an R in /Info for the trailer dictionary to make it readable 2014-11-05 22:28:37 -06:00
CVE-2011-2882 Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2011-3400 Permissions 2012-06-12 15:20:25 -05:00
CVE-2012-0013 Permissions 2012-06-12 15:20:25 -05:00
CVE-2012-1535 Add Main.swf from 593363c 2013-07-29 21:53:40 -05:00
CVE-2012-2516 added chm templates 2012-10-10 19:21:47 +02:00
CVE-2012-4681 changed dir names according to CVE 2012-08-28 16:33:01 +02:00
CVE-2013-0109 Final changes before PR 2013-12-15 01:12:49 +00:00
CVE-2013-0634 Beautify and fix both ruby an AS 2014-04-17 23:32:29 -05:00
CVE-2013-2465 Change directory names 2013-08-15 22:52:42 -05:00
CVE-2013-3906 Initial commit of CVE-2013-3906 2013-11-19 23:10:32 -06:00
CVE-2013-5045 Use powershell instead of mshta 2014-06-03 09:01:56 -05:00
CVE-2013-5331 Add module for CVE-2013-5331 2014-04-27 10:40:46 -05:00
CVE-2014-0257 Do test 2014-06-03 09:52:01 -05:00
CVE-2014-0322 Add module for CVE-2014-0322 2014-04-15 17:55:24 -05:00
CVE-2014-0497 Add module for CVE-2014-0497 2014-05-03 20:04:46 -05:00
CVE-2014-0515 Delete debug 2015-06-11 17:39:36 -05:00
CVE-2014-0556 Update CVE-2014-0556 2015-06-04 18:23:50 -05:00
CVE-2014-0569 Unset debug flag 2015-06-09 11:36:09 -05:00
CVE-2014-4113 Use PDWORD_PTR and DWORD_PTR 2014-10-31 17:35:50 -05:00
CVE-2014-4114/template Add ppsx template 2014-10-16 17:55:22 -05:00
CVE-2014-4404 Change paths, add makefile and compile 2014-11-30 21:06:11 -06:00
CVE-2014-6352/template_run_as_admin Add module for CVE-2014-6352 2014-11-12 01:10:49 -06:00
CVE-2014-8440 Make last code cleanup 2015-06-09 16:01:57 -05:00
CVE-2015-0016 Update DLL 2015-08-26 15:15:32 -05:00
CVE-2015-0311 Add more targets 2015-06-04 12:11:53 -05:00
CVE-2015-0313 Allow more search space 2015-06-10 12:26:53 -05:00
CVE-2015-0318 This seems to work 2015-03-13 04:43:06 -05:00
CVE-2015-0336 Add support for Windows 8.1/Firefox 2015-06-03 22:46:04 -05:00
CVE-2015-0359 Disable debug 2015-06-10 14:07:18 -05:00
CVE-2015-1130 Add Rootpipe exploit 2015-04-10 11:22:00 -05:00
CVE-2015-1701 Update exploit binaries for ms15-051 2015-06-25 09:33:15 +10:00
CVE-2015-2426 Clean template code 2015-09-12 13:43:05 -05:00
CVE-2015-3090 Add module for CVE-2015-3090 2015-06-18 12:36:14 -05:00
CVE-2015-3105 Add module for CVE-2015-3105 2015-06-25 13:35:01 -05:00
CVE-2015-3113 Add module for CVE-2015-3113 2015-07-01 13:13:57 -05:00
CVE-2015-3673 Remove sleep(), clean up WritableDir usage. 2015-07-05 18:59:00 -05:00
CVE-2015-5119 Update swf 2015-07-15 18:35:41 -05:00
CVE-2015-5122 Improve adobe_flash_opaque_background_uaf 2015-07-16 14:56:32 -05:00
CVE-2015-8103 Add Jenkins CLI Java serialization exploit module 2015-12-11 14:57:10 -06:00
CVE-2016-0099 Fix whitespace 2016-07-27 12:37:14 -05:00
CVE-2016-4997 binary drops work! 2016-09-24 21:31:00 -04:00
R7_2015_17 Add missing stream.raw for hp_sitescope_dns_tool 2016-03-15 11:06:06 -05:00
batik_svg Permissions 2012-06-06 20:05:29 -05:00
capcom_sys_exec Add LPE exploit module for the capcom driver flaw 2016-09-27 22:37:45 +10:00
capture/http File.exists? must die 2016-04-21 00:47:07 -04:00
cmdstager Add module for ZDI-13-205 2013-09-04 15:57:22 -05:00
cve-2010-0094 Permission changes (to sync) 2011-11-10 19:48:32 -06:00
cve-2010-0840/vuln Permission changes (to sync) 2011-11-10 19:48:32 -06:00
cve-2010-3563 Permission changes (to sync) 2011-11-10 19:48:32 -06:00
cve-2010-4452 Permission changes (to sync) 2011-11-10 19:48:32 -06:00
cve-2011-3544 Allows for Loot and Tasks to be imported from an MSF ZIP. 2011-12-05 22:30:34 -05:00
cve-2012-5076 fixing bperry comments 2012-11-11 20:18:19 +01:00
cve-2012-5076_2 Added new module for cve-2012-5076 2013-01-17 21:27:47 +01:00
cve-2012-5088 Added module for CVE-2012-5088 2013-01-17 21:14:49 +01:00
cve-2013-0074 Small fix to interface 2013-11-22 17:02:08 -06:00
cve-2013-0422 cve and references available 2013-01-11 00:54:53 +01:00
cve-2013-0431 added security level bypass 2013-02-20 17:50:47 +01:00
cve-2013-1300 Use signed binary 2014-05-02 14:45:14 +01:00
cve-2013-1488 Add module for CVE-2013-1488 2013-06-07 13:38:41 -05:00
cve-2013-1493 Added module for CVE-2013-1493 2013-03-26 22:30:18 +01:00
cve-2013-2460 Make fixes proposed by review and clean 2013-06-25 12:58:00 -05:00
cve-2013-3660 ppr_flatten_rec update, RDI submodule, and refactor 2013-11-27 20:44:18 +10:00
cve-2013-3881 Add binary compiled on vs2013 2014-02-10 13:52:27 -06:00
cve-2014-1610 Use msf branded djvu 2014-02-01 00:37:28 +00:00
cve-2016-0051 refactor ms16-016 code 2016-07-05 20:50:43 -05:00
cve-2016-0189 add exploit for cve-2016-0189 2016-08-01 13:26:35 -05:00
docx Data files moved. Updated to use Rex::zip and Msf::Exploit::FILEFORMAT 2013-02-04 13:37:09 +01:00
edb-35948 Call CollectGarbage 2015-02-09 14:44:31 -06:00
imagemagick Add popen() vuln to ImageMagick exploit 2016-06-02 11:35:37 -05:00
java_signed_applet Permission changes (to sync) 2011-11-10 19:48:32 -06:00
jre7u17 Added module for Java 7u17 sandboxy bypass 2013-04-20 01:43:13 -05:00
mssql Permission changes (to sync) 2011-11-10 19:48:32 -06:00
mysql Permission changes (to sync) 2011-11-10 19:48:32 -06:00
ntapphelpcachecontrol Use RDL 2015-01-09 19:02:08 -06:00
osx Add auto-accept to osx/enum_keychain. 2015-09-07 21:17:49 -05:00
php Revert "Land #6812, remove broken OSVDB references" 2016-07-15 12:00:31 -05:00
poison_ivy_c2 Modifications based on suggestions by @wchen-r7 2016-06-08 01:17:15 +02:00
postgres Fixes #3988. Adds a command execution module for PostgreSQL by uploading a UDF library and adding sys_exec() as a temporary function. Requires the target to be Windows, uses Bernardo Damele A. G.'s binaries. 2011-03-23 19:36:07 +00:00
powershell new changes 2015-05-19 16:18:06 +01:00
psnuffle Retab all the things (except external/) 2013-09-30 13:47:53 -05:00
pxexploit Adds scriptjunkie's multilingual admin fie for pxexploit 2011-12-23 12:24:45 -06:00
scripthost_uac_bypass Initial working scripthost bypass uac 2015-08-23 20:16:15 +01:00
splunk Cleanup of #1062 2012-12-07 11:55:48 +01:00
tpwn Move tpwn source to external/source/exploits 2015-08-17 18:27:47 -05:00
uxss Add some common UXSS scripts. 2014-09-09 02:31:27 -05:00
wifi Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2007-3314.dat Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2008-0320.doc Permissions 2012-06-06 20:05:29 -05:00
CVE-2008-5353.jar Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2008-5499.swf Permission change, ignore 2012-04-23 13:42:18 -05:00
CVE-2009-3867.jar Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2009-3869.jar Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2010-0480.avi Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2010-0822.xls Consolidation of the Axis2 Deployer Exploits 2011-11-22 08:47:53 -08:00
CVE-2010-1297.swf Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2010-3275.amv Added Crash file for CVE-2010-3275 (VLC AMV file) 2011-03-25 21:01:30 +00:00
CVE-2010-3654.swf Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2011-0105.xlb Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2011-0257.mov Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2011-0609.swf Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2011-0611.swf Added swf trigger file 2011-04-16 02:08:03 +00:00
CVE-2011-2110.swf Permissions fix 2012-06-21 15:39:17 -05:00
CVE-2012-0507.jar Permissions fix for exploit jar file 2012-04-02 09:27:35 -05:00
CVE-2012-0754.swf Permisssions (ignore) 2012-03-08 16:16:13 -06:00
CVE-2012-0779.swf Permissions 2012-06-25 00:36:39 -05:00
CVE-2012-1723.jar Better handle of module cache when db_connect is run manually 2012-07-10 23:56:48 -05:00
CVE-2013-2171.bin Fix CVE-2013-2171 with @jlee-r7 feedback 2013-06-25 10:40:55 -05:00
CVE-2014-0980.pui Implemented Recommended Changes 2015-03-17 16:39:56 -04:00
CVE-2014-3153.elf added built data/exploits/CVE-2014-3153.elf 2015-02-09 09:50:31 -06:00
QTJavaExploit.class Permission changes (to sync) 2011-11-10 19:48:32 -06:00
cve-2010-2883.ttf Permission changes (to sync) 2011-11-10 19:48:32 -06:00
cve-2013-0758.swf Initial commit, works on three OSes, but automatic mode fails. 2013-05-15 23:32:02 -05:00
cve-2014-1761.rtf MS14-017 Word RTF listoverridecount memory corruption 2014-04-08 14:44:20 -04:00
exec_payload.msi added build exec_payload.msi 2012-11-28 21:51:01 +01:00
google_proxystylesheet.xml Permission changes (to sync) 2011-11-10 19:48:32 -06:00
iceweasel_macosx.icns Permission changes (to sync) 2011-11-10 19:48:32 -06:00
iphone_libtiff.bin Permission changes (to sync) 2011-11-10 19:48:32 -06:00
modicon_ladder.apx Permissions fix for modicon_ladder.apx 2012-04-12 14:26:27 -05:00
mp4player.as Permisssions (ignore) 2012-03-08 16:16:13 -06:00
mp4player.fla Add source code to the player 2012-03-08 15:23:10 -06:00
mp4player.swf Test out new player code 2012-03-08 15:05:12 -06:00
msfJavaToolkit.jar Permission changes (to sync) 2011-11-10 19:48:32 -06:00
pricedown.eot Permission changes (to sync) 2011-11-10 19:48:32 -06:00
runcalc.hlp Permission changes (to sync) 2011-11-10 19:48:32 -06:00
s4u_persistence.xml rename the xml template for s4u 2013-02-18 15:25:03 +01:00
shockwave_rcsl.dir Permission changes (to sync) 2011-11-10 19:48:32 -06:00