110cb837aa
Merge pull request #20672 from h00die-gr3y/centreon_auth_rce
...
Centreon authenticated command injection leading to RCE via broker engine "reload" parameter [CVE-2025-5946]
2025-11-05 16:29:29 +01:00
34c424f473
update based on dledda-r7 comments
2025-11-05 09:20:13 +00:00
61dfc293d9
update based on dledda-r7 comments
2025-11-03 14:37:23 +00:00
85b4233345
updated module based on review comments and added documentation
2025-11-03 10:21:31 +00:00
83e7fc2667
update attackerkb reference
2025-11-02 18:26:34 +00:00
e01456bcf4
init commit module
2025-11-02 17:45:22 +00:00
91c0adb17f
Merge pull request #20585 from vognik/CVE_2025_60787
...
Add MotionEye Authenticated RCE (CVE-2025-60787)
2025-10-09 13:50:25 -05:00
267a26b763
code review changes from smcintyre-r7@
2025-10-09 21:51:31 +04:00
9dc5696cc4
Update dash characters in module references
2025-10-07 14:03:32 -04:00
fd21209e4d
Add missing CVEs from VulnCheck
2025-10-07 13:59:13 -04:00
cf3abc280e
Merge pull request #20533 from cdelafuente-r7/feat/mitre/add_ref
...
Add T1003 "OS credential dumping" MITRE technique reference
2025-09-18 11:56:33 -04:00
1314f5d0bb
Merge pull request #20455 from Chocapikk/aitemi_m300_time_rce
...
Add unauthenticated RCE on Shenzhen Aitemi M300 MT02 (CVE-2025-34152)
2025-09-10 10:12:41 +02:00
7ce2bdc979
Add T1003 "OS credential dumping" MITRE technique
2025-09-09 10:45:46 +02:00
f1dffd3ad6
Merge pull request #20480 from msutovsky-r7/exploit/pretalx/file-rw
...
Adds modules for Pretalx File Read/Limited File Write (CVE-2023-28459, CVE-2023-28458)
2025-08-27 15:46:39 -05:00
d49870211b
Adding exceptions to exploit module, bug fix for aux module, adds documentation for exploit module
2025-08-22 15:26:46 +02:00
4e113b1768
Addresses comments, adds exception for Pretalx, modifies aux module
2025-08-22 13:59:50 +02:00
2e9b5453ec
Adds description
2025-08-21 15:29:08 +02:00
fb062075e3
Adds target, adds side effects
2025-08-21 15:21:16 +02:00
408f7575e4
Fixing write primitive for exploit module, library update
2025-08-21 15:17:32 +02:00
01c09bcfed
Library fixes, refactoring exploit module
2025-08-21 09:22:21 +02:00
72dcc5a301
Library fix
2025-08-21 07:21:56 +02:00
f4e71c1e93
Replace Rank
2025-08-14 16:37:13 +02:00
3022513652
Add CRASH_SERVICE_DOWN and "`" badchar
2025-08-14 16:16:21 +02:00
46bbec2470
Update modules/exploits/linux/http/aitemi_m300_time_rce.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2025-08-14 16:11:27 +02:00
bd9c2bf231
Update modules/exploits/linux/http/aitemi_m300_time_rce.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-08-14 16:01:59 +02:00
8251d89e92
Merge pull request #20400 from msutovsky-r7/exploit/pivotx-rce
...
Adds module for PivotX RCE (CVE-2025-52367)
2025-08-12 12:28:28 -07:00
0273f1474f
Added incorrect creds check
2025-08-12 10:42:46 -07:00
e59a24823b
Merge pull request #20387 from h00die-gr3y/wazuh-auth-rce
...
Wazuh Server authenticated RCE [CVE-2025-24016]
2025-08-12 09:22:22 -07:00
ff4ede95cc
Remove useless headers
2025-08-07 21:53:14 +02:00
87eb063460
Add unauthenticated RCE on Shenzhen Aitemi M300 MT02 (CVE-2025-34152)
2025-08-07 18:34:49 +02:00
9caa2be9a2
Land #20399 , adds module for Pandora ITSM authenticated RCE (CVE-2025-4653)
...
Pandora ITSM auth RCE [CVE-2025-4653]
2025-08-07 08:37:45 +02:00
70f2cbe055
simplified cleaning procedure
2025-08-06 08:22:06 +00:00
c99702c8bf
Land #20446 , adds module for ICTBroadcast Unauthenticated RCE (CVE-2025-2611)
...
Add ICTBroadcast Unauthenticated Remote Code Execution (CVE-2025-2611)
2025-08-05 09:29:36 +02:00
a81884fb9e
Update metadata
2025-08-04 17:53:29 +02:00
2c9053c45e
Refactor fingerprint detection, cookie handling and per-cookie injection
...
- Centralize JS fingerprint checks in `check`
- Memoize `get_valid_cookies` correctly and reuse a single `cookie_jar`
- Update `inject_command` to test payload on each cookie separately
2025-08-04 17:49:34 +02:00
26099da7a2
Update modules/exploits/linux/http/ictbroadcast_unauth_cookie.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-08-04 17:03:04 +02:00
46b3012cda
Update modules/exploits/linux/http/ictbroadcast_unauth_cookie.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-08-04 17:02:47 +02:00
a6d86fbe59
Update modules/exploits/linux/http/ictbroadcast_unauth_cookie.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-08-04 17:02:35 +02:00
50ef5edd90
Add Unauthenticated ICTBroadcast Remote Code Execution (CVE-2025-2611)
2025-08-02 19:46:14 +02:00
c9e0c7171b
Adds cleanup method
2025-08-01 10:01:50 +02:00
2328b40df7
Unifies parenthesis in fail_with calling, whitespaces fixes, changing CheckCode::Unknown to CheckCode::Detected
2025-08-01 09:34:47 +02:00
d2175c372f
Fixes disclosure date
2025-07-31 12:58:28 +02:00
3d0cfd0dfc
update module + documentation based on review comments
2025-07-30 20:24:56 +00:00
4b52708357
update module + documentation based on review comments
2025-07-30 11:39:20 +00:00
edfa84ed42
Uses Rex::MIME::Message instead of manual form-data
2025-07-25 14:24:42 +02:00
54c86cfc10
Addressing comments
2025-07-24 12:19:47 +02:00
05f2012ccc
Merge pull request #20338 from Chocapikk/xorcom
...
Add auxiliary and exploit modules for Xorcom CompletePBX 5.2.35 CVEs (2025-2292, 30004, 30005)
2025-07-22 08:19:36 -07:00
75f6e6a748
Refactors code, adds description, fixes CVE
2025-07-22 16:24:35 +02:00
ed5c13330f
Module init
2025-07-21 12:41:38 +02:00
58704e9eab
init module + documentation
2025-07-20 19:06:01 +00:00
Diego Ledda