e0f13e44d1
Land #14699 , Add Nagios XI snmptrap RCE and docs (CVE-2020-5792)
2021-04-20 14:30:45 -05:00
13d3e4ae89
Add in CentOS 7 with NagiosXI 5.6.5 scenario
2021-04-20 14:12:56 -05:00
f241a050b8
Apply review comments and fixes to documentation and the module
2021-04-20 12:38:34 -05:00
4ac9304ca2
Land #14968 - Add Nagios XI Mibs.php Authenticated RCE module and docs (CVE-2020-5791)
2021-04-16 14:37:15 -05:00
496e074ec8
Add in fixes to documentation and module from review
2021-04-16 13:14:17 -05:00
9e6f425427
Move exploit/linux/http/citrix_dir_traversal_rce
...
To exploit/freebsd/http/citrix_dir_traversal_rce. It's actually FreeBSD.
2021-04-15 19:13:25 -05:00
832ca92f42
Land #14700 , Add Nagios XI Plugins Filename Authenticate RCE module and docs (CVE-2020-35578)
2021-04-14 16:58:55 -05:00
61395f3cb1
Update scenarios in documentation and also update the module to handle cases where the version number may not be in a format that Rex::Text can immediately handle.
2021-04-14 16:32:53 -05:00
154e237edd
Add in fixes to documentation and module that were covered in the review process
2021-04-14 15:33:42 -05:00
a59e7e196d
Land #14701 , Rename Nagios XI authenticated RCE module and integrate Nagios XI mixin
2021-04-13 18:58:29 -05:00
9379f0356b
Add in 5.6.5 exploitation scenario to documentation
2021-04-13 17:42:47 -05:00
0aada27128
Update the documentation to account for the fact that the plugin name has to be check_ping and also update the module to randomize some of the fields where possible.
2021-04-13 17:15:34 -05:00
cdd589f592
Update documentation to wrap some overly long lines to meet msftidy_docs.rb requirements.
2021-04-13 16:36:38 -05:00
ead9d73dc5
Add in fixes from review to documentation and module
2021-04-13 16:34:13 -05:00
258b9d3e28
Land #14998 , Change CVE references from CVE Details to NVD
2021-04-07 10:10:55 +01:00
4020813b42
Correct broken or redundant CVE references
2021-04-05 13:06:50 -05:00
cfc6b0a8ba
Land #14971 , add Apache OFBiz SOAP Deser rce
2021-04-05 11:44:40 -05:00
a803e1e932
remove spare comma
2021-04-05 09:33:20 -05:00
34a5f7906c
Rebase so we can use the latest mixin code,update the version range, update docs
2021-04-01 13:29:44 -04:00
faab100d9a
Add Nagios XI Mibs.php Authenticated RCE module and docs
2021-04-01 13:06:33 -04:00
f76f58eb51
Rebase, use latest mixin code in check, update version and docs
2021-04-01 12:43:44 -04:00
dd5c747584
Add Nagios XI snmptrap RCE and docs
2021-04-01 12:26:06 -04:00
02b9e5c939
rebase, use latest mixin code, correct vulnerable versions, update docs
2021-04-01 12:18:46 -04:00
3b7e612541
Add Nagios XI Plugins Filename Authenticate RCE module and docs
2021-04-01 11:23:52 -04:00
2df90d8d23
Rebase, rename module to nagios_xi_plugins_check_plugin_authenticated_rce, update check to take advantage of mixin, minor improvements
2021-04-01 11:07:49 -04:00
2cbd1a6be9
Land #14935 , add F5 iControl REST API SSRF RCE
2021-04-01 08:40:38 -05:00
0e7c11ada3
Rename module and modify it to use the Nagios XI mixin, add autocheck, fix syntax and linting, also update docs
2021-04-01 09:26:16 -04:00
9eacda5552
add wait time line to test output
2021-03-31 14:47:34 -05:00
69a0c9420b
Add module doc
2021-03-31 14:02:32 -05:00
9806026ab9
Update from code review
2021-03-31 17:48:35 +02:00
a0a4bc079a
Add the exploit module for CVE-2021-26295
2021-03-30 18:18:16 -04:00
00698d20bf
Add waiting status message and update doc
2021-03-26 14:59:27 +01:00
b069fec866
Add module and doc for Saltstack Salt API wheel_async RCE
2021-03-26 13:54:06 +01:00
fb7a97077f
Land #14875,CVE-2021-21978 - VMWare View Planner Harness 4.6.x < 4.6 Security Patch 1 Arbitrary File Upload RCE
...
Merge branch 'land-14875' into upstream-master
2021-03-18 12:06:12 -05:00
b1c3c49eb5
Land #14757 , nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes
2021-03-16 17:43:43 -05:00
e30d8db082
nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes
...
Resolve Rubocop violations
Fix off-by-one in array index triggered when no file upload succeeds
Fix cleanup: ensure files are removed when upload succeeds but execution fails
Add AutoCheck
Add module notes
Add error handling and associated operator feedback
Add additional writable paths required for some old Nagios versions
Add fallback to session as `apache` if privlege escalation fails
Update documentation in line with above changes and fix software download links
2021-03-16 07:13:55 +00:00
4f2e299d8f
Update the exploit to use Python as its payload since this is a lot more flexible, allows Meterpreter, returns a shell faster, and we are already injecting into and executing a Python file
2021-03-14 00:00:06 -06:00
c2c5db95d8
Add in documentation and fix some mistakes in the description of the module
2021-03-14 00:00:05 -06:00
d580e7d122
Fix some documentation, remove unnecessary code and fix a filename typo
2021-03-11 12:09:29 -06:00
8d2e644f4f
Add a new Java Deserialization mixin and use it to set the shell
2021-03-11 12:09:29 -06:00
bdc2041c83
Add Klog Server authenticate.php user Unauthenticated Command Injection
2021-02-12 17:07:52 +00:00
00cbc33ebb
Add module doc
2021-01-22 01:06:14 -06:00
9b8b4621df
Land #14368 , Pulse Connect Secure gzip RCE: cve-2020-8260
2020-12-17 17:43:55 -05:00
d208e441ba
Update the documentation
2020-12-07 10:54:20 -05:00
f73a88a39c
Land #14396 , hadoop_unauth_exec clarification
2020-11-16 12:44:13 -06:00
0feff932f2
Change docs to reflect the truth of the "vuln"
2020-11-16 11:38:00 -06:00
fcb507e412
Fix AutoCheck
...
I'm a big dummy.
2020-11-11 15:57:38 -06:00
04bcbd0253
Update module doc
2020-11-11 15:57:29 -06:00
42bdae919b
Add SaltStack Salt REST API RCE (CVE-2020-16846)
...
Leveraging CVE-2020-25592.
2020-11-11 13:09:26 -06:00
da70b74954
fix version numbers
2020-11-08 22:38:53 -05:00
Grant Willcox