0ff2835bb7
Merge pull request #19770 from h00die-gr3y/netis-unauth-rce
...
Netis Router Exploit Chain Reactor [CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457]
2025-01-07 17:24:37 -08:00
7ead96a740
Land #19769 , Add Selenium Chrome RCE module (CVE-2022-28108)
...
Land #19769 , Add Selenium Chrome RCE module (CVE-2022-28108)
2025-01-07 11:10:37 +01:00
9a6d074463
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2025-01-07 09:25:41 +01:00
e70b6c777f
Merge pull request #19663 from sfewer-r7/CVE-2024-0012
...
Exploit module for PAN-OS management interface unauth RCE (CVE-2024-0012 + CVE-2024-9474)
2024-12-30 10:29:10 -08:00
f436f44d83
Merge pull request #19698 from h00die/obsidian
...
obsidian community plugin persistence module
2024-12-30 09:06:58 -08:00
bbc282e90c
Improve check
2024-12-30 13:36:15 +09:00
862f2ee6c6
Added documentation and some small module updates
2024-12-29 20:05:05 +00:00
86bd1c2938
Minor improve
...
* enable fetch_delete
* avoid using single quotes
* update doc
2024-12-29 12:19:19 +09:00
7ecc1cb87b
Update vulnerable version
2024-12-28 14:39:24 +09:00
e3d68d4164
Update author and fix version detection
2024-12-28 11:18:41 +09:00
64b1832567
Update not to use selenium-webdriver
2024-12-27 13:00:20 +09:00
82ebdf1f9d
Improve docs
2024-12-26 23:54:47 +09:00
acbcd9f3b1
Fix ubuntu version
2024-12-26 23:51:40 +09:00
06af9b0b3d
Add selenium chrome rce module
2024-12-26 23:44:11 +09:00
7ddffc790c
Merge pull request #19460 from gardnerapp/game_overlay
...
Land #19460 , CVE-2023-2640, CVE-2023-32629 Game Overlay Ubuntu Privilege Escalation
2024-12-18 14:44:57 -06:00
b7f477172f
Update docs to reflect recent changes
2024-12-18 14:08:10 -06:00
531ed162db
Land #19733 , exploit module for CVE-2022-40471 - unauthenticated RCE
2024-12-18 12:44:34 +01:00
65bb3cc990
typo 2
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-12-17 17:26:20 +00:00
3ed2b5916a
fix typo
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-12-17 17:26:00 +00:00
6f9982db54
Land #19647 Added module for WSO2 API Manager RCE
...
Adds an exploit module for a vulnerability in the 'Add API Documentation' feature of WSO2 API Manager and allows malicious users with specific permissions to upload arbitrary files to a user-controlled server location. This flaw allows for RCE on the target system.
2024-12-16 07:27:23 -08:00
d196591845
Modified documentation
2024-12-16 15:47:30 +05:30
06528abe05
Added documentation
2024-12-16 15:33:29 +05:30
77d0292be3
additional review for obsidian plugin
2024-12-14 17:38:29 -05:00
e06dd6deea
Update documentation
2024-12-12 22:10:11 +01:00
7cf942ca30
peer review
2024-12-11 17:49:43 -05:00
7d559e0b34
Add exploit module for CVE-2024-8856 - WP Time Capsule RCE
2024-12-11 01:14:17 +01:00
0b5e221620
Land #19533 , Update werkzeug rce module
2024-12-09 12:56:35 -08:00
4ce4cf472e
Update werkzeug_debug_rce.md
...
Added note about python3 version in verification steps because the version may change when a newer docker image becomes available.
Added report.txt as a file because I apparently forgot it before and the containers fail to build without it.
2024-12-08 21:11:03 +00:00
0e5cf3f7ba
Land #19649 , Primefaces RCE (CVE-2017-1000486)
2024-12-06 16:22:06 -08:00
6cfc18a1e7
Land #19661 , WordPress Really Simple Security Plugin RCE (CVE-2024-10924)
2024-12-06 16:19:56 -08:00
be30a06af4
Land #19430 , Moodle RCE (CVE-2024-43425) Module
...
Land #19430 , Moodle RCE (CVE-2024-43425) Module
2024-12-06 12:15:35 +01:00
6723c585f2
obsidian plugin module
2024-12-05 17:54:07 -05:00
8ac7348be0
Land #19608 CyberPanel Pre-Auth RCE
...
Adds a CyberPanel Pre-Auth RCE Exploit Module for (CVE-2024-51378 / CVE-2024-51567 / CVE-2024-51568)
2024-12-05 09:35:35 -08:00
5290750cca
Update doc
2024-12-05 16:19:14 +01:00
a123234141
Add CVE-2024-10924
2024-12-05 16:19:09 +01:00
e8911f9129
Land #19402 vCenter Sudo LPE (CVE-2024-37081)
2024-12-04 18:25:05 -08:00
21cf475cbb
Land #19595 Ivanti Connect Secure auth RCE via OpenSSL (CVE-2024-37404)
2024-12-04 08:26:07 -08:00
ab2ca41eb8
Land #19629 , Chamilo v1.11.24 Unrestricted File Upload (CVE-2023-4220)
...
Land #19629 , Chamilo v1.11.24 Unrestricted File Upload (CVE-2023-4220)
2024-12-04 16:49:56 +01:00
fabced539d
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-12-04 16:44:48 +01:00
58702f238c
Land #19574 , Windows Access Mode Mismatch LPE in ks.sys (CVE-2024-35230)
...
Land #19574 , Windows Access Mode Mismatch LPE in ks.sys (CVE-2024-35230)
2024-12-04 16:39:43 +01:00
2d1af7d809
Land #19648 Add exploit module for FortiManager (CVE-2024-47575)
2024-12-02 18:31:25 -08:00
a230a353e4
Land #19613 Asterisk authenticated rce via AMI (CVE-2024-42365)
2024-12-02 08:21:35 -08:00
3dcb9d58ab
Code review
2024-12-02 14:02:07 +01:00
c943cc6378
Add module and documentation
2024-12-02 14:02:07 +01:00
5cdf7ae175
Update documentation/modules/exploit/unix/webapp/cyberpanel_preauth_rce_multi_cve.md
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-11-30 13:55:02 +01:00
d13bccca05
peer review
2024-11-28 20:24:25 -05:00
a945a54fc3
Merge remote-tracking branch 'origin/master' into acronis-rce
2024-11-27 21:50:53 +00:00
492ccca1aa
review
2024-11-23 12:43:35 -05:00
dc445ed1ac
Apply suggestions from code review
2024-11-23 00:57:08 +01:00
502e415344
Merge pull request #19630 from remmons-r7/cups_ipp_rce
...
Exploit module for IPP attributes remote code execution - OpenPrinting CUPS
2024-11-22 09:22:21 -05:00
jheysel-r7