46832abd49
Land #18358 , Add a Thrift RPC client
...
This PR adds a Thrift RPC client and updates
two modules to make use of the new addition.
2023-09-14 19:01:13 -04:00
8b56dc0117
Land #18250 , CVE-2023-28252: Windows CLFS Driver Privilege Escalation
2023-09-14 10:18:29 +01:00
e82bff37e1
Land #18330 , Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035)
2023-09-13 10:15:59 +01:00
b83a49e573
Thanks to Spencer improved execute_command method
2023-09-12 15:14:10 -04:00
fbf95ecd92
Add and use a Thrift client object
2023-09-11 14:37:38 -04:00
f1aea836f3
Land #18273 , Add VMware vRealize Log Insight RCE
...
Add VMware vRealize Log Insight unauthenticated RCE exploit
2023-09-08 17:17:23 -04:00
21dde19511
Make some final tweaks
...
Change strings to reference `VMware` using the proper case. Don't
include CmdStager (because it's unnecessary). Set PrependFork to fix
shell payloads. Move CamelCase options to advanced.
2023-09-08 16:55:42 -04:00
57f3b8a352
Land #18350 , Add opentsdb_key_cmd_injection exploit module and docs
2023-09-08 16:50:46 +01:00
18103b032d
Add docs for opentsdb_key_cmd_injection
2023-09-08 16:08:18 +01:00
7302394ffa
Land #18316 , Kibana Timelion Prototype Pollution RCE (CVE-2019-7609)
2023-09-08 11:50:47 +01:00
a33f03d100
Land #18302 , Sonicwall rce CVE-2023-34124
2023-09-08 11:48:07 +02:00
946794c3f8
Land #18341 , add CVE-2023-38831 for Winrar 6.22
...
Merge branch 'land-18341' into upstream-master
2023-09-07 15:59:36 -05:00
ef4a9dd239
Land #18329 , Add LG Simple Editor RCE module
...
This PR adds an unauth RCE module for LG Simple Editor
2023-09-07 16:21:10 -04:00
2cda3fab50
Update options
2023-09-07 19:50:10 +02:00
15908b9721
Merge branch 'ivanti-sentry-misc-log-service' of github.com:jheysel-r7/metasploit-framework into ivanti-sentry-misc-log-service
2023-09-07 12:40:26 -04:00
fd6a2fa64a
Updated docs
2023-09-07 12:19:11 -04:00
7944df2b87
Apply suggestions from code review
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2023-09-07 11:46:24 -04:00
b12fe743d0
Resolve PR comments
2023-09-06 14:11:29 -07:00
482fdefb2c
Land #18313 , SolarView Compact unauth RCE module
...
This PR adds a SolarView Compact unauth RCE module.
2023-09-05 17:49:28 -04:00
03ccb3cce0
Apply grammatical suggestions from code review
2023-09-05 17:06:01 -04:00
d5f355d8de
WinRAR 6.22 (CVE-2023-38831)
2023-09-04 18:56:22 +02:00
48cb2db70b
Update scenario
2023-09-01 03:48:08 +02:00
ef55c4f2c1
Update documentation/modules/exploit/windows/local/cve_2023_28252_clfs_driver.md
2023-08-30 12:11:37 -04:00
8217745a85
Land #18257 , Apache nifi h2 rce (CVE-2023-34468)
2023-08-30 13:37:37 +02:00
fe8cb3398f
Another docs update
2023-08-29 17:33:51 -04:00
47f621106c
Updated docs
2023-08-29 17:11:33 -04:00
a3a7454f74
Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035)
2023-08-29 15:24:04 -04:00
1d9c7fde77
Add LG Simple Editor Unauthenticated RCE (CVE-2023-40498) Exploit
2023-08-29 17:58:43 +02:00
7fa2586e34
Land #18247 , Netgear NMS RCE CVE-2023-38096/8
2023-08-28 11:23:08 +02:00
77a1bbef79
Second release module and documentation
2023-08-28 07:49:40 +00:00
eaeb2024d3
Merge branch 'master' into vmware_vrli_rce
...
Merge for ThriftMessageType
2023-08-26 22:42:25 +02:00
b10d677308
Doc update.
2023-08-25 21:18:48 +02:00
5382eb22d1
kibana exploit
2023-08-24 16:08:08 -04:00
0fe335aff2
Update documentation/modules/exploit/windows/http/netgear_nms_rce.md
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-08-24 16:10:30 +00:00
a037d16b66
Land #18233 , Chamilo unauthenticed RCE [CVE-2023-34960]
2023-08-24 11:49:40 +02:00
e760e781df
Land #18307 , Fix exploit/linux typos in Subrion RCE docs
2023-08-23 20:37:46 +01:00
c216c5a184
Fix lines in SmarterMail RCE docs for linting with msftidy_docs
2023-08-23 23:07:07 +08:00
94b7e77d11
Fix exploit/linux typos in Subrion RCE docs
2023-08-23 22:44:49 +08:00
f64b67968f
Final minor updates
2023-08-23 11:38:07 +00:00
1db284dcaa
Apply suggestions from code review
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-08-22 18:46:25 +02:00
ce50cfa11a
Add module for SonicWall vulns, which includes cve-2023-34124
2023-08-21 08:53:07 -07:00
5fdc9924d5
Land #18123 , add exploit for Jorani unauth RCE
...
This PR adds a module that chains together a log poisoning LFI,
redirection bypass and a path traversal vulnerability to obtain unauth RCE.
2023-08-18 16:44:42 -04:00
4ddd789f51
Apply suggestions from code review
2023-08-18 15:33:59 -04:00
89f8deb672
Land #18253 , Add CVE-2023-34634, Greenshot Fileformat exploit
2023-08-17 15:30:02 +01:00
8717e66b14
Land #18280 , Add Maltrail Unauth RCE Module
...
This PR adds a module for an unauthenticated RCE vulnerability
in Maltrail, a malicious traffic detection system. This vuln
does not have a CVE associated with it.
2023-08-16 17:29:05 -04:00
a91f928d62
Update documentation/modules/exploit/unix/http/maltrail_rce.md
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-08-16 18:45:37 +00:00
900e418796
Land #18226 , H2 Web Interface RCE
...
This PR adds a module to exploit an RCE feature in
the H2 databases Web Interface.
2023-08-15 16:23:09 -04:00
53bd5bfb0a
Fix a typo in the docs
2023-08-15 10:23:28 -04:00
6cf136ec3a
Land #18263 , Add RaspAP Unauth Command Injection
...
This PR adds an unauthenticated command injection
module for the RaspAP webgui application.
2023-08-14 23:25:23 -04:00
99e78a4c00
Update documentaion file
2023-08-14 21:01:10 -04:00
Jack Heysel