adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,674 Commits 27 Branches 1,043 Tags
2c4eaff583a65ec9ad2f394bb87ca69cb1904d98
Commit Graph

7121 Commits

Author SHA1 Message Date
msutovsky-r7 f2920f868a Land #20291, adds Roundcube post-authentication RCE (CVE-2025-49113) 
Add Remote for Roundсube CVE-2025-49113 post-authentication RCE module
 2025-06-11 10:48:58 +02:00
Maksim Rogov ed643c3bc6 Update roundcube_auth_rce_cve_2025_49113.md 2025-06-09 18:42:52 +03:00
msutovsky-r7 f20e72b6c8 Land #20256, adds RCE module for Remote For Mac 2025.7 
Add Remote for Mac 2025.6 unauthenticated RCE module
 2025-06-08 16:03:58 +02:00
Maksim Rogov d97b09a898 Rename roundcube_unauth_rce_cve_2025_49113.md to roundcube_auth_rce_cve_2025_49113.md 2025-06-07 16:46:30 +03:00
Maksim Rogov bd811a3cd1 Update roundcube_unauth_rce_cve_2025_49113.md 2025-06-07 04:45:54 +03:00
Vognik a4638ad632 Update Documentation 2025-06-07 05:35:18 +04:00
Vognik 96d7929972 Add Documentation for Roundcube CVE-2025-49113 unauthenticated RCE module 2025-06-07 05:28:45 +04:00
msutovsky-r7 0f522220d4 Land #20072, adds Maldoc in PDF fileformat module 
Add Maldoc in PDF polyglot fileformat module
 2025-06-06 14:36:24 +02:00
Spencer McIntyre a1e3a23eb4 Merge pull request #20262 from bwatters-r7/fix/vcenter_vmdir_gather 
Fix references to LDAP Datastore Options
 2025-06-05 17:44:21 -04:00
Brendan 19e8e6cdf8 Merge pull request #20187 from Chocapikk/wp_ottokit 
Add CVE-2025-27007 in existing `exploit(multi/http/wp_suretriggers_auth_bypass)` module
 2025-06-05 11:03:00 -05:00
Brendan cc98ef58d4 Merge pull request #20140 from h4x-x0r/CVE-2023-2915 
ThinManager Path Traversal Delete (CVE-2023-2915) Module
 2025-06-05 10:08:42 -05:00
Spencer McIntyre 602212fe9c Merge pull request #20282 from SweilemCodes/docs/Jenkins_enum 
Jenkins Enum Documentation Added
 2025-06-05 10:50:39 -04:00
Spencer McIntyre 166db38e67 Add missing newlines to render the markdown properly 2025-06-05 10:49:47 -04:00
Brendan 312d052a5c Merge pull request #20141 from h4x-x0r/CVE-2023-2917 
ThinManager Path Traversal Upload (CVE-2023-2917) Module
 2025-06-04 16:48:39 -05:00
Brendan 2a7f40dcc9 Merge pull request #20139 from h4x-x0r/CVE-2023-27856 
ThinManager Path Traversal Download (CVE-2023-27856) Module
 2025-06-04 14:03:21 -05:00
Brendan 10d443d5d9 Merge pull request #20138 from h4x-x0r/CVE-2023-27855 
ThinManager Path Traversal Upload (CVE-2023-27855) Module
 2025-06-04 12:41:34 -05:00
Brendan 26156dfac2 Merge pull request #20265 from remmons-r7/cve_2025_4427_4428 
Exploit module for CVE-2025-4427/CVE-2025-4428 - Ivanti EPMM (AKA MobileIron Core) Authentication Bypass to EL Injection
 2025-06-04 09:05:04 -05:00
remmons-r7 97f308386b Update documentation/modules/exploit/multi/http/ivanti_epmm_rce_cve_2025_4427_4428.md 
Update docs to reflect the new Python payload approach

Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-06-04 08:30:11 -05:00
msutovsky-r7 5fbf46ba7f Land #19472, adds exploits/linux/local/udev_persistence 
Add modules/exploits/linux/local/udev_persistence.rb
 2025-06-04 13:21:04 +02:00
Theo Sweilem ff78d179a3 Edited jenkins_enum Documentation 2025-06-03 23:36:13 -07:00
Theo Sweilem ac4e574eea Added jenkins_enum Documentation 2025-06-03 23:25:15 -07:00
Simon Janusz d497156f84 Merge pull request #20258 from zeroSteiner/fix/issue/20251 
Update the ldap options for shadow credentials
 2025-06-03 17:45:18 +01:00
Simon Janusz 043f8cb6b4 Merge pull request #20260 from zeroSteiner/fix/issue/20252 
Update the ldap/change_password module
 2025-06-03 17:44:26 +01:00
Spencer McIntyre 3057f80a1b Update the ldap options for shadow credentials 2025-06-03 12:29:04 -04:00
Mario 50ae65d59c Update documentation/modules/auxiliary/scanner/discovery/udp_probe.md 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-05-31 17:13:29 +02:00
mariomontecatine 3efcc6322b Add documentation for auxiliary/scanner/discovery/udp_probe 2025-05-30 06:23:54 -04:00
bwatters-r7 e36336669d Update description in module and docs to reflect nre option name 2025-05-29 08:11:33 -05:00
root e027be9f4c Add documentation for Remote for Mac 2025.6 unauthenticated RCE module 2025-05-29 12:30:10 +01:00
remmons-r7 68929a50fa Add ivanti_epmm_rce_cve_2025_4427_4428.md 
Documentation for ivanti_epmm_rce_cve_2025_4427_4428.
 2025-05-28 17:35:34 -05:00
bwatters-r7 b207a8848c Fix references to LDAP Datastore Options 2025-05-28 12:02:01 -05:00
Diego Ledda 9b7e27e946 Merge pull request #20185 from Chocapikk/wp_depicter_sqli_cve_2025_2011 
Add WP Depicter Plugin Unauth SQL Injection (CVE-2025-2011)
 2025-05-28 18:38:52 +02:00
Spencer McIntyre 5c6f6f1070 Merge pull request #20261 from bwatters-r7/fix/vmcenter_vmdir_auth 
Update datastore option names in vmware_vcenter_vmdir_auth_bypass module and docs
 2025-05-28 12:33:43 -04:00
bwatters-r7 e282bbda99 Update datastore option names in module and docs 2025-05-28 09:23:36 -05:00
Spencer McIntyre dae8c9b43a Update the ldap/change_password module 2025-05-28 10:19:30 -04:00
Diego Ledda ce6e0d1164 Merge pull request #20096 from h00die-gr3y/CVE-2025-30406 
Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization [CVE-2025-30406]
 2025-05-28 13:46:13 +02:00
Chocapikk 2e158d2d1a Fix User-Agent issue 2025-05-22 23:47:20 +02:00
mariomontecatine e7a2809ca0 Adding documentation for modules/auxiliary/scanner/http/copy_of_file.rb 2025-05-21 14:48:10 -04:00
Mario 272546658e Merge branch 'rapid7:master' into master 2025-05-21 19:48:46 +02:00
Chocapikk 38b7cfd753 Refactor 2025-05-21 19:46:47 +02:00
jheysel-r7 ca40f6ecbc Merge pull request #20214 from Chocapikk/invision_customcss_rce 
Add Invision Community 5.0.6 customCss RCE (CVE-2025-47916)
 2025-05-21 09:29:14 -07:00
Chocapikk 2820a0418f Update code to use Wordpress::SQLi mixin ^^ 2025-05-21 18:27:02 +02:00
jheysel-r7 0600de2d90 Merge pull request #20177 from msutovsky-r7/clinic_management_system_sqli2rce 
Clinic Patient's Management System SQLi (CVE-2025-3096)
 2025-05-21 08:42:16 -07:00
Martin Sutovsky 282d0f7820 Refactor docs 2025-05-21 16:48:54 +02:00
Valentin Lobstein e5bbc01e78 Update invision_customcss_rce.md 2025-05-21 08:38:36 +02:00
Chocapikk 28b7c7f786 Add Invision Community 5.0.6 customCss RCE (CVE-2025-47916) 2025-05-20 18:33:06 +02:00
Chocapikk 70d5fb4b65 Move from scanner to gather 2025-05-19 17:52:00 +02:00
msutovsky-r7 561eef98c1 Land #20188, adds module for CVE-2024-7399 Samsung MagicINFO 9 Server 
Samsung MagicINFO 9 Server RCE (CVE-2024-7399) Module
 2025-05-19 09:49:09 +02:00
Martin Sutovsky 070bd54d33 Addressing comments 2025-05-19 07:17:14 +02:00
mariomontecatine 8cde1bab78 Documentation for ipv6_multicast_ping.md 2025-05-18 04:31:03 -04:00
Spencer McIntyre 57c69049f7 Merge pull request #20175 from smashery/ruby-kerberoasting 
Ruby kerberoasting
 2025-05-16 10:28:52 -04:00