0f6e2a62b5
Fix numbering
2024-07-24 19:27:11 +09:00
86ae938b1f
Add #
2024-07-24 18:55:52 +09:00
b023ebfb7d
Add space at EOL
2024-07-24 18:51:23 +09:00
dc60fe8025
Update skywalker.md
2024-07-24 18:49:09 +09:00
a18ce36459
Update empire_skywalker.md
2024-07-21 09:36:45 +09:00
48ea314138
Update empire_skywalker.md
2024-07-20 14:44:15 +09:00
ec45763f05
Add empire_skywalker module documentation
2024-07-20 14:10:00 +09:00
636c72965c
Land #19084 , Add CVE-2022-1373 and CVE-2022-2334 exploit chain
...
Merge branch 'land-19084' into upstream-master
2024-07-19 12:22:25 -05:00
9b7b1fd16e
Land #19313 , Ghostscript Command Execution via Format String (CVE-2024-29510)
...
Merge branch 'land-19313' into upstream-master
2024-07-19 11:24:11 -05:00
e9c511c979
Add documentation and some updates
2024-07-16 16:34:28 +02:00
f7449ea850
Land #19311 , Add GeoServer unauth RCE module
...
This adds an exploit module for CVE-2024-36401, an unauthenticated RCE
vulnerability in GeoServer versions prior to 2.23.6, between version
2.24.0 and 2.24.3 and in version 2.25.0, 2.25.1.
2024-07-12 11:07:36 -07:00
292c177b74
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-07-12 19:20:46 +02:00
5d210b548b
added windows support
2024-07-11 16:34:07 -07:00
4e76068cea
added armle architecture support
2024-07-11 21:42:45 +00:00
92f6445856
added documentation
2024-07-11 21:24:50 +00:00
7746c8877e
Add sysinfo Meterpreter output and target OS version numbers
2024-07-09 16:31:01 -05:00
06da60cade
Adding atlassian_confluence_rce_cve_2024_21683 documentation
...
Adding CVE-2024-21683 documentation, which includes both Windows and Linux examples.
2024-07-09 14:05:43 -05:00
aabd9febb2
Land #19274 , Ivanti EPM SQLi to RCE
...
This adds an exploit for CVE-2024-29824, an unauthenticated SQLi
which can be used to obtain RCE in Ivanti Endpoint Manager 2022 SU5 and
prior
2024-07-08 12:52:34 -07:00
df8f281d18
Land #19204 , Zyxel VPN Series Pre-auth Command Injection
2024-07-03 20:14:39 +02:00
9cfaa2e69f
Lowered rank and explained mock testing
2024-06-24 09:13:46 -07:00
24fa34e7b9
Land #19188 , Netis MW5360 unauthenticated RCE [CVE-2024-22729]
2024-06-24 13:40:51 +02:00
ecb628eaab
Add module and documentation
2024-06-20 15:30:54 +02:00
dc70aa0896
Land #19247 , PHP CGI Arg injection RCE
...
XAMPP installs running on Windows system configured to use Japanese or
Chinese (simplified or traditional) locales are vulnerable to a PHP CGI
argument injection vulnerability. This exploit module returns a session
running in the context of the Administrator user
2024-06-17 11:27:38 -07:00
e14dd93d6f
Rebased encoder fix, removed PS paylaod dependency
2024-06-14 16:59:55 -07:00
ade11a5a4b
Added default options fixed Verification Steps
2024-06-14 16:41:12 -07:00
1dfd5da51e
Apache OFBiz Dir Traversal RCE
2024-06-14 16:41:12 -07:00
178bb3e085
Land #19229 , Junos OS PHPRC module enhancement
...
The junos_phprc_auto_prepend_file module used to depend on having a user
authenticated to the J-Web application to steal the necessary session
tokens in order to exploit. With this enhancement the module will now
create a session if one doesnt exist. Also it adds datastore options to
change the hash format to be compatible with older version as well an
option to attempt to set ssh root login to true before attempting to
establish a root ssh session
2024-06-14 11:35:15 -07:00
1bb95acd12
Updated documentation
2024-06-14 11:02:31 -07:00
d7531ef74c
fix typo in documentation
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-06-13 15:09:56 +01:00
b9b638dd83
Land #19196 , Cacti import package RCE
...
This exploit module leverages an arbitrary file write vulnerability
(CVE-2024-25641) in Cacti versions prior to 1.2.27 to achieve RCE. It
abuses the Import Packages feature to upload a specially crafted package
that embeds a PHP file.
2024-06-12 15:43:46 -07:00
45815a4cb5
Code review
2024-06-12 19:47:02 +02:00
18fe758416
Finish up and document the deserialization RCE
2024-06-12 08:58:37 -04:00
f2027784cf
Land #19240 , Rejetto HTTP File Server (HFS) 2.x - Unauthenticated RCE exploit module (CVE-2024-23692)
...
Merge branch 'land-19240' into upstream-master
2024-06-11 12:22:29 -05:00
2d63038196
Update documentation/modules/exploit/windows/http/rejetto_hfs_rce_cve_2024_23692.md
...
fix a typo in the documentation.
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-06-11 16:23:56 +01:00
9bbb82ab55
Land #18998 , VSCode exploit for ipynb integration
...
VSCode allows users open a Jypiter notebook (.ipynb) file. Versions
v1.4.0 - v1.71.1 allow the Jypiter notebook to embed HTML and
javascript, which can then open new terminal windows within VSCode. Each
of these new windows can then execute arbitrary code at startup
2024-06-10 14:36:57 -07:00
bf9b3f1d2a
add documentation
2024-06-10 17:41:55 +01:00
12b1936e16
Fixed typo added Options section docs
2024-06-10 07:39:24 -07:00
55fa94995b
Updated check method
2024-06-06 22:23:35 +00:00
c8208704be
add in exploit module for CVE-2024-23692
2024-06-06 18:04:14 +01:00
120fa0f2fe
Land #19208 , Add exploit module for CVE-2024-5084: WordPress Hash Form Plugin RCE
2024-06-05 10:17:02 +02:00
67ec4baa66
PR-19208: Add DefaultTarget to the info hash
2024-06-05 10:14:48 +02:00
d7966104f2
touchup docs
2024-06-04 19:40:39 -04:00
6b127249fa
Add suggestions
2024-05-31 20:56:03 +02:00
80ee458410
Land #19151 , Add Flowmon Priv Esc Feature Module
...
Privilege escalation module for Progress Flowmon unpatched feature
2024-05-29 11:35:53 -04:00
72f332aba0
Land #19150 , Add Flowmon Command Injection Module
...
Unauthenticated Command Injection Module for Progress Flowmon
CVE-2024-2389
2024-05-29 08:28:37 -04:00
d60524d0b3
Started docs file
2024-05-28 15:54:47 -04:00
4fdf6df1e7
Fix doc
2024-05-28 20:16:33 +02:00
bea708d24c
Add exploit module for CVE-2024-5084: WordPress Hash Form Plugin RCE
2024-05-28 18:27:02 +02:00
2c6fc11639
Responded to comments, clean up /etc/sudoers file
2024-05-23 16:56:35 -04:00
a0597007e4
Minor fixes, respond to comments
2024-05-23 14:02:28 -04:00
Takah1ro