adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,674 Commits 27 Branches 1,043 Tags
2c4eaff583a65ec9ad2f394bb87ca69cb1904d98
Commit Graph

1100 Commits

Author SHA1 Message Date
Maksim Rogov ed643c3bc6 Update roundcube_auth_rce_cve_2025_49113.md 2025-06-09 18:42:52 +03:00
Maksim Rogov d97b09a898 Rename roundcube_unauth_rce_cve_2025_49113.md to roundcube_auth_rce_cve_2025_49113.md 2025-06-07 16:46:30 +03:00
Maksim Rogov bd811a3cd1 Update roundcube_unauth_rce_cve_2025_49113.md 2025-06-07 04:45:54 +03:00
Vognik a4638ad632 Update Documentation 2025-06-07 05:35:18 +04:00
Vognik 96d7929972 Add Documentation for Roundcube CVE-2025-49113 unauthenticated RCE module 2025-06-07 05:28:45 +04:00
Brendan 19e8e6cdf8 Merge pull request #20187 from Chocapikk/wp_ottokit 
Add CVE-2025-27007 in existing `exploit(multi/http/wp_suretriggers_auth_bypass)` module
 2025-06-05 11:03:00 -05:00
remmons-r7 97f308386b Update documentation/modules/exploit/multi/http/ivanti_epmm_rce_cve_2025_4427_4428.md 
Update docs to reflect the new Python payload approach

Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-06-04 08:30:11 -05:00
remmons-r7 68929a50fa Add ivanti_epmm_rce_cve_2025_4427_4428.md 
Documentation for ivanti_epmm_rce_cve_2025_4427_4428.
 2025-05-28 17:35:34 -05:00
Chocapikk 2e158d2d1a Fix User-Agent issue 2025-05-22 23:47:20 +02:00
Chocapikk 38b7cfd753 Refactor 2025-05-21 19:46:47 +02:00
jheysel-r7 ca40f6ecbc Merge pull request #20214 from Chocapikk/invision_customcss_rce 
Add Invision Community 5.0.6 customCss RCE (CVE-2025-47916)
 2025-05-21 09:29:14 -07:00
jheysel-r7 0600de2d90 Merge pull request #20177 from msutovsky-r7/clinic_management_system_sqli2rce 
Clinic Patient's Management System SQLi (CVE-2025-3096)
 2025-05-21 08:42:16 -07:00
Valentin Lobstein e5bbc01e78 Update invision_customcss_rce.md 2025-05-21 08:38:36 +02:00
Chocapikk 28b7c7f786 Add Invision Community 5.0.6 customCss RCE (CVE-2025-47916) 2025-05-20 18:33:06 +02:00
Martin Sutovsky 070bd54d33 Addressing comments 2025-05-19 07:17:14 +02:00
Chocapikk 75a3fa7ad7 Add CVE-2025-27007 in existing exploit(multi/http/wp_suretriggers_auth_bypass) module 2025-05-14 19:29:03 +02:00
msutovsky-r7 fe5f56cac0 Land #20159, adds module for privilege escalation in Wordpress (CVE-2025-2563) 
Add Unauthenticated privesc for WP User Registration & Membership plugin (CVE-2025-2563)
 2025-05-14 15:33:30 +02:00
msutovsky-r7 7d8d0230cb Land #20026, adds module for CVE-2024-57487 
New Exploit Module & Documentation for CVE-2024-57487
 2025-05-14 08:00:20 +02:00
Chocapikk e335841bb0 Add Unauthenticated privesc for WP User Registration & Membership plugin (CVE-2025-2563) 2025-05-13 21:42:09 +02:00
Martin Sutovsky 939d997b8a Adds documentation 2025-05-13 14:57:55 +02:00
Chocapikk 4d0c7bb71a Add WP SureTriggers ≤1.0.78 admin-creation & RCE module (CVE-2025-3102) 2025-05-07 17:45:30 +02:00
Martin Sutovsky f2e0fe79be Responding to comments 2025-04-30 17:53:26 +02:00
Martin Sutovsky b117843c00 Addressing comments 2025-04-25 20:17:46 +02:00
Martin Sutovsky 9d5c4a59e8 Adding documentation 2025-04-25 14:47:00 +02:00
Martin Sutovsky 665065e4df Module init 2025-04-25 14:35:24 +02:00
aaryan-11-x 0a3e3c3b6b Made all changes as requested 2025-04-14 23:40:25 +05:30
msutovsky-r7 140b93e802 Land #20022, Langflow RCE module 
Add Langflow unauth RCE module (CVE-2025-3248)
 2025-04-14 08:24:44 +02:00
Takah1ro c7fdcc8e91 Update the document 2025-04-12 10:21:13 +09:00
aaryan-11-x cd307984cb msftidy Fixes 2025-04-11 23:05:43 +05:30
aaryan-11-x 6fb4e2ef56 Added exploit module & documentation for CVE-2024-57488 2025-04-11 23:01:33 +05:30
Takah1ro f67dfe6a62 Update check 2025-04-11 21:51:45 +09:00
Takahiro Yokoyama 0c20606c8c Update documentation/modules/exploit/multi/http/langflow_unauth_rce_cve_2025_3248.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-11 20:44:03 +09:00
msutovsky-r7 0b4e133001 Land #20018, pgAdmin Authenticated RCE (CVE-2025-2945) 
pgAdmin Query Tool Authenticated RCE (CVE-2025-2945)
 2025-04-11 10:34:02 +02:00
Takah1ro 718a0bc5c7 Change directory from linux to multi 2025-04-11 14:45:10 +09:00
Jack Heysel 4cec129e1c Responded to comments 2025-04-10 10:53:05 -07:00
Jack Heysel ddb29d6181 Removed unnecessary method 2025-04-10 07:18:42 -07:00
Jack Heysel 290a35b0f6 pgAdmin Query Tool Authenticated RCE (CVE-2025-2945) 2025-04-09 17:32:10 -07:00
Brendan 4da78bd550 Merge pull request #19994 from sfewer-r7/CVE-2021-35587 
Adds exploit module for CVE-2021-35587, an unauthenticated deserialization vulnerability affecting Oracle Access Manager (OAM).
 2025-04-08 08:59:18 -05:00
Stephen Fewer 03f5291bcc Improve the documentation, fix typo in console commands, add comment to wait for DB container to complete setup (Thanks Brendan). 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-04-08 09:41:47 +01:00
Stephen Fewer 16e374750f Improve the documentation, add steps to create /opt/oracle/user_projects (thanks Brendan). 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-04-08 09:40:21 +01:00
jheysel-r7 d16eeab32c Merge pull request #19995 from chutton-r7/cve-2025-24813 
Module for CVE-2025-24813
 2025-04-02 14:20:52 -07:00
Jack Heysel b85faf9440 Update documentation 2025-04-02 14:10:46 -07:00
Jack Heysel 6816589378 Added FileDropper for cleanup 2025-04-02 13:37:39 -07:00
Jack Heysel fefb954827 Correct Tomcat version listed in Scenarios section 2025-04-02 13:02:26 -07:00
Jack Heysel 4058173a1c Correct spelling 2025-04-02 12:57:20 -07:00
sfewer-r7 b44540bc35 update docs to give some more detail on the testing setup 2025-04-02 20:51:39 +01:00
Jack Heysel 1e58d419f6 Updated docs, added Setup steps 2025-04-02 12:03:21 -07:00
sfewer-r7 dc74b37577 add in a scenario for the Unix Command target to the docs 2025-04-02 15:32:18 +01:00
chutton-r7 917aaeb027 Add module docs 2025-04-02 10:22:01 +01:00
sfewer-r7 c5d3512659 update docs 2025-04-01 13:05:28 +01:00