adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
70,470 Commits 27 Branches 1,043 Tags
2fcd97f5efac397ea025b33a2d26d306d3f9dcab
Commit Graph

5664 Commits

Author SHA1 Message Date
space-r7 3b53966caa add installation steps 2023-06-06 12:14:14 -05:00
space-r7 5f7ae883f8 add documentation 2023-06-05 17:38:58 -05:00
Spencer McIntyre 9e38ed4459 Land #17929, Linux sudoedit LPE (CVE-2023-22809) 
Linux sudoedit priv esc (CVE-2023-22809)
 2023-05-23 09:30:18 -04:00
space-r7 60f6574bf3 Land #17965, add module for AD CS cert management 2023-05-22 09:50:53 -05:00
Spencer McIntyre 0a3247f1a7 Add documentation 2023-05-22 10:29:03 -04:00
space-r7 6c88e85d02 Land #17993, add invscout RPM privesc 2023-05-17 18:56:42 -05:00
bcoles 0bc1fdf51d Add invscout RPM Privilege Escalation 2023-05-17 20:17:55 +10:00
Grant Willcox 459cf871cb Land #17979, Add exploit for Ivanti Avalanche file upload - CVE-2023-28128 2023-05-16 09:19:33 -05:00
Grant Willcox ea988f0c78 Add more documentation on how to set the target up based on my own experience and so that we have a backup in case the link to external documentation breaks 2023-05-12 14:27:39 -05:00
Grant Willcox cf5f90ac4f Minor updates to documentation to tidy things up a bit 2023-05-11 16:48:16 -05:00
space-r7 722de33b6f address feedback, use cleanup to restore path 
fix bug where if config restore failed, module would
output that it was both a failure and a success
add akb topic as reference
 2023-05-11 13:20:25 -05:00
Grant Willcox 020ee7ca5c Land #17964 - Pentaho Business Server Auth Bypass and SSTI - CVE-2022-43769 and CVE-2022-43939 2023-05-11 09:28:55 -05:00
Grant Willcox 9f6a1c18a1 Minor updates to fix URLs, disclosure date, description, and minor gramatical things 2023-05-10 18:22:00 -05:00
Grant Willcox 9f0a6503b7 require.js is not the only way, account for this new discovery in code 2023-05-10 13:02:02 -05:00
Grant Willcox 5d4e68d36c Add Metasploit payload example and remove message that may suggest successful exploitation occurred even when it didn't 2023-05-10 10:36:29 -05:00
Grant Willcox 1b8f1de7c8 Add in fixes from review, add archive of software, and use uri_encode_mode for encoding parameters. 2023-05-10 10:16:08 -05:00
Christophe De La Fuente a485a786ef Land #17881, Zyxel chained RCE using LFI and weak password derivation algorithm 2023-05-10 11:49:51 +02:00
Jack Heysel 07056a74bc Pentaho Business Server Auth Bypass and SSTI 2023-05-09 14:24:51 -05:00
space-r7 d60843f0eb name versions that are vulnerable 2023-05-09 09:16:42 -05:00
space-r7 08a79a2f4e add documentation 2023-05-08 17:42:23 -05:00
Grant Willcox f773d348e1 Add in notes about reliability of the module, and also add documentation on 7005 test on Windows 2022 2023-05-08 12:11:01 -05:00
Grant Willcox c221edb1ec Add in ADAudit Plus build 6077 testing examples 2023-05-08 11:45:44 -05:00
h00die-gr3y 51ab9746fb Updates based on cdelafuente-r7 comments 2023-05-06 19:05:21 +00:00
h00die e692e927dc review fixes 2023-05-05 16:43:47 -04:00
Grant Willcox 19651633c4 Update the installation instructions to resolve some issues encountered during testing 2023-05-04 18:26:54 -05:00
Grant Willcox f27fc28411 Perform review updates 2023-05-04 15:12:31 -05:00
ErikWynter aede036b02 additional changes from code review 2023-05-04 15:12:30 -05:00
Grant Willcox 0fd743d851 Add in fixes from code review 2023-05-04 15:12:29 -05:00
Grant Willcox d5032f0a5d Minor touchups on documentation for review 2023-05-04 15:12:28 -05:00
ErikWynter 32796b429b add note about payload limitations for builds 7004 and 7005 2023-05-04 15:12:27 -05:00
Grant Willcox 3b0d8b850b Fix up some issues identified during review 2023-05-04 15:12:26 -05:00
ErikWynter 9f68a5f8d1 add manageengine_adaudit_plus_authenticated_rce exploit module and docs 2023-05-04 15:12:09 -05:00
Grant Willcox bf61718fe6 Land #17915, Icinga Web 2 Arbitrary File Read (CVE-2022-24716) 2023-05-03 11:47:26 -05:00
Grant Willcox 818bd4837e Add in additional information about testing on Docker 2023-05-03 10:17:16 -05:00
h00die 95562e04aa sudoedit work 2023-05-02 18:39:59 -04:00
Grant Willcox 092e4f93ad Fix up incorrect user who we are executing as 2023-05-02 15:50:46 -05:00
Grant Willcox cf6b309904 Add in quick fixes from review 2023-05-02 15:17:02 -05:00
adfoster-r7 7ec7a4c607 Land #17910, Fixes couchdb_login false positives 2023-05-02 17:56:55 +01:00
Christophe De La Fuente 60149259a2 Land #17856, RCE exploit for CVE-2023-26359 (Adobe ColdFusion) and an auxiliary module for arbitrary file read via the same vuln. 2023-04-28 19:27:15 +02:00
h00die d454b2e195 cve-2023-22809 2023-04-25 20:54:48 -04:00
bcoles 5a57ea131e resolve_sid: Add docs and resolve RuboCop violations 2023-04-23 17:39:32 +10:00
h00die 076760e011 cve-2022-24716 2023-04-21 16:31:07 -04:00
h00die d6c2e4f528 cve-2022-24716 2023-04-21 16:27:52 -04:00
space-r7 365b7c099c Land #17895, add Joomla api scanner 2023-04-21 09:50:24 -05:00
h00die-gr3y c39751094a Updates based on review comments 2023-04-21 11:46:53 +00:00
cgranleese-r7 eb4107b5e2 Fixes couchdb login bug 2023-04-21 10:14:22 +01:00
h00die 17f674e3fa review comments 2023-04-20 16:23:52 -04:00
h00die-gr3y 4131f1abf1 Fixed some bugs in module and added documentation 2023-04-20 08:23:55 +00:00
bwatters 9c9eac28a7 Land #17874, VMware Workspace One Access mr_me Hekate LPE 
Merge branch 'land-17874' into upstream-master
 2023-04-18 19:29:39 -05:00
bwatters 6ae00877ed Land #17854, VMware Workspace One Access mr_me Hekate RCE 
Merge branch 'land-17854' into upstream-master
 2023-04-18 09:49:41 -05:00