7281d00938
Implement feedback from PR review
2021-02-04 09:25:40 -05:00
c33c08bae9
Add a check method using the version information
2021-02-03 18:16:13 -05:00
c590d7b1bb
Add module docs and be more permissive with Length formatting
2021-02-03 18:16:13 -05:00
9174958489
Land #14627 , Add PRTG Network Monitor RCE (CVE-2018-9276)
...
Merge branch 'land-14627' into upstream-master
2021-01-27 15:48:27 -06:00
74898461b4
Land #14654 , Add exploit for Micro Focus UCMDB unauthenticated RCE
2021-01-27 10:00:22 -05:00
fc6957fbf6
Fix a couple of issues in the markdown formatting
2021-01-27 10:00:02 -05:00
ba730d5c3c
Land #14618 , Add exploit for CVE-2020-28949: Archive_Tar PEAR plugin arbitrary file write
2021-01-25 12:12:12 +00:00
7220dc3ff6
add new note on broken payloads
2021-01-24 22:39:01 +07:00
12157163f7
Merge branch 'obm_deser' into ucmdb
2021-01-24 22:25:57 +07:00
bf4ac7b1a8
add UCMDB sploit
2021-01-24 22:25:45 +07:00
0ec99c03f9
Clean up documentation formatting a little bit
2021-01-22 14:27:57 -06:00
00cbc33ebb
Add module doc
2021-01-22 01:06:14 -06:00
7ce10f68ae
RuboCop for great justice
...
And update docs.
2021-01-21 10:44:18 -06:00
a336ee483a
Update exploit/unix/smtp/opensmtpd_mail_from_rce
...
Failure was caused by POSIX read requiring an argument.
2021-01-21 03:56:19 -06:00
8f6dd43025
Add documentation
2021-01-18 12:02:46 +01:00
95d3bd98ac
Do msftidy_docs and rubocop changes
2021-01-15 18:10:23 -06:00
2f0abe4900
Add in documentation and fix up small issues with module
2021-01-15 18:06:07 -06:00
c8819259ae
Land #14414 , CVE-2020-1337 - patch bypass for CVE-2020-1048
2021-01-15 19:13:14 +01:00
d8e68e6487
Specify you must be SYSTEM for dll removal in docs and removed unused variable in the module
2021-01-12 11:45:53 -06:00
33bd712e0a
Land #14585 , Create module for CVE-2020-17136: Cloud Filter Arbitrary File Creation EoP
2021-01-11 17:16:40 -05:00
50e115b414
Cleanup and edits per review from Christophe
...
Removed unused method from ps script
Cleaned up some code in the module
Added removal instructions to the documentation
2021-01-11 16:02:58 -06:00
7aef731267
Land #14572 , add AIT CSV import rce
2021-01-11 15:37:05 -06:00
7d7263cf1f
spelling
2021-01-09 08:13:19 -05:00
3072391d00
Make second round of review edits to fix Spencer's comments
2021-01-08 12:50:52 -06:00
3e52debd8b
Update the exploit a bit more to remove excess options and also update the documentation accordingly.
2021-01-06 12:16:06 -06:00
17c393f101
Land #14046 , Adding juicypotato-like privilege escalation exploit for windows
2021-01-06 16:02:05 +01:00
863417fca7
Second round of updates and some rubocop changes to conform to standards.
2021-01-06 01:30:40 -06:00
81ee149ea2
Add check code support to module and update the documentation accordingly, plus rework the module description
2021-01-06 01:06:08 -06:00
54f5e565fa
Land #14330 , SpamTitan Gateway Remote Code Execution
...
Merge branch 'land-14330' into upstream-master
2021-01-04 12:14:12 -06:00
d8c55501a5
ait csv improter exploit
2021-01-01 12:14:52 -05:00
7de662c807
Land #14521 , Struts2 Multi Eval OGNL RCE
2020-12-23 11:40:16 -06:00
70f8ff31f8
Update documentation to include missing extra options I forgot to document, edit the wording on the module to match the documentation, and do final touch ups.
2020-12-23 10:50:22 -06:00
799b451324
Add in updates to documentation to fix spelling mistakes and to also add in missing documentation for some options, plus to make some explanations a bit clearer.
2020-12-22 17:33:40 -06:00
d2ca5d331d
Add documentation
2020-12-22 14:14:20 -06:00
4a449f97d3
Land #14522 , Replace hard-coded Shiro default key with ENC_KEY
2020-12-22 09:26:49 -06:00
24e8aeffe5
Incorporate review feedback and update the associated documentation.
2020-12-21 17:29:21 -06:00
39110d04f0
Add note about needing an Oracle account
2020-12-18 21:20:29 -06:00
4d85602fae
Fix incorrect scenario header in module doc
...
I retested in VirtualBox and updated the output but not the header.
2020-12-18 21:15:05 -06:00
57c57a398d
Adding new check to filter out Windows 7 and Windows XP. Indeed, lab experiments has shown that BITS does not attempt to connect to WinRM port, making those systems not vulnerable.
2020-12-19 02:51:48 +01:00
dc6b67f4c6
Land #14509 , Fixes for Solr RCE
2020-12-18 21:51:06 +01:00
9b8b4621df
Land #14368 , Pulse Connect Secure gzip RCE: cve-2020-8260
2020-12-17 17:43:55 -05:00
87dacce2cd
Land #14446 , Add Oracle Solaris SunSSH PAM parse_user_name() exploit (CVE-2020-14871)
2020-12-16 16:01:32 -05:00
c586bde50d
Update documentation to add SNMPPORT option description
2020-12-16 15:20:10 +01:00
60bcc95edc
Fix documentation
2020-12-16 15:15:27 +01:00
298deae709
Add documentation
2020-12-16 15:15:27 +01:00
3d7ed70cec
Tweak the check method and add module docs
2020-12-15 19:49:29 -05:00
246c455c96
Reformat the struts2_namespace_ognl module docs
2020-12-15 09:13:06 -05:00
a30cdfc892
Fix #14254 , Add CVE-2020-1054, win32k DrawIconEx OOB Write LPE
2020-12-14 14:54:54 +00:00
98d6364248
Land #14482 , Use CVE-2020-5752 path traversal bypass for CVE-2019-3999
2020-12-14 15:10:09 +01:00
f255724e01
Changes to support older Solr (tested 5.3.0)
...
Use a new parameter instead of a header because older versions don't
have access to the request object.
There was an issue where the exploit would fail if the exec returned -1
despite the payload otherwise working, fixed by not trying to return
output in that case.
Also updates the documentation to reflect that we have a Java target now
and quoting is no longer a concern.
2020-12-13 19:05:47 -06:00
Spencer McIntyre