adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

6278 Commits

Author SHA1 Message Date
Ismail Dawoodjee 4137d2df21 Merge branch 'rapid7:master' into apache_airflow_dag_rce 2023-08-17 10:19:13 +06:30
Jack Heysel 8717e66b14 Land #18280, Add Maltrail Unauth RCE Module 
This PR adds a module for an unauthenticated RCE vulnerability
in Maltrail, a malicious traffic detection system. This vuln
does not have a CVE associated with it.
 2023-08-16 17:29:05 -04:00
Ege Balcı a91f928d62 Update documentation/modules/exploit/unix/http/maltrail_rce.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-08-16 18:45:37 +00:00
Ismail Dawoodjee a2a4489ce4 Merge branch 'rapid7:master' into apache_airflow_dag_rce 2023-08-16 13:50:13 +06:30
h00die b5a21f66b5 add docs 2023-08-15 20:30:54 -04:00
Jack Heysel 900e418796 Land #18226, H2 Web Interface RCE 
This PR adds a module to exploit an RCE feature in
the H2 databases Web Interface.
 2023-08-15 16:23:09 -04:00
Spencer McIntyre 53bd5bfb0a Fix a typo in the docs 2023-08-15 10:23:28 -04:00
Ismail Dawoodjee bdaaef8d60 Merge branch 'rapid7:master' into apache_airflow_dag_rce 2023-08-15 12:24:06 +06:30
Jack Heysel 6cf136ec3a Land #18263, Add RaspAP Unauth Command Injection 
This PR adds an unauthenticated command injection
module for the RaspAP webgui application.
 2023-08-14 23:25:23 -04:00
Jack Heysel 99e78a4c00 Update documentaion file 2023-08-14 21:01:10 -04:00
RadioLogic 6ff0c956b3 Merge branch 'master' into useradd 2023-08-14 16:13:54 -04:00
bka-dev a47ac264ae corrected typo 2023-08-13 22:56:57 +02:00
bka-dev b623684284 added module documentation 2023-08-13 22:35:14 +02:00
Ismail Dawoodjee 4953dad2fc Update scenario code block to use "msf" instead of "rb" - 3rd scenario 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-08-12 09:29:29 +06:30
Ismail Dawoodjee 94521e2dc3 Update scenario code block to use "msf" instead of "rb" - 2nd scenario 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-08-12 09:29:08 +06:30
Ismail Dawoodjee ac2d2588d9 Update scenario code block to use "msf" instead of "rb" 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-08-12 09:28:19 +06:30
RadioLogic 54fa11c822 Added new UseraddMethod argument 2023-08-11 17:58:57 -04:00
Ismail Dawoodjee 54b0abb318 Apache Airflow 1.10.10 - Example DAG Remote Code Execution (CVE-2020-11978 + CVE-2020-13927) 2023-08-11 21:43:16 +06:30
cudalac 904e8ba89f roundcube arbitrary file read 2023-08-10 22:45:01 -04:00
Ege Balcı 4b7d98df07 Add Maltrail Unauthenticated RCE exploit 2023-08-10 23:02:20 +02:00
Ege Balcı da9200819d Update scenarios for new targets 2023-08-10 00:55:52 +02:00
cgranleese-r7 214c788ce7 Land #18232, metabase setup token rce (cve-2023-38646) 2023-08-09 09:44:53 +01:00
wvu 3be876b9dc Update pam_username_bof.md 2023-08-09 00:24:53 -05:00
h00die bba8681be4 update doc 2023-08-08 17:44:35 -04:00
h00die 7b024f21bd apache nifi h2 rce 2023-08-08 17:44:35 -04:00
h00die 9516592eb6 metabase setup token rce 2023-08-08 17:16:56 -04:00
h00die ec5317a789 h2 doc addition 2023-08-08 17:15:22 -04:00
h00die 97daf47269 h2 web interface shell 2023-08-08 17:15:22 -04:00
Ege Balcı d1f9f540c6 Add VMware vRealize Log Insight RCE exploit 2023-08-08 20:32:38 +02:00
Ege Balcı 41f0c30855 Add RaspAP Unauthenticated Command Injection (CVE-2022-39986) Exploit 2023-08-04 21:22:07 +02:00
Jack Heysel bcfc892195 General code clean up 2023-08-04 14:27:14 -04:00
bwatters e8456a6625 Add documentation and fix null filename catch 2023-08-03 18:30:20 -05:00
Christophe De La Fuente 4a7836055e Land #18211, Subrion CMS v4.2.1 RCE 2023-08-03 19:03:44 +02:00
Christophe De La Fuente 00006fffae Land #18240, Citrix RCE - CVE-2023-3519 2023-08-03 18:55:48 +02:00
Spencer McIntyre 67e1c57b7c Fix some buffer encoding issues 2023-08-03 12:47:14 -04:00
Ismail Dawoodjee 31da1f890d Merge branch 'rapid7:master' into subrion_cms_file_upload_rce 2023-08-03 18:29:21 +06:30
cgranleese-r7 49c5b1df64 Land #18203, Fix libssh_auth_bypass crash on newer versions of Ruby 2023-08-03 12:51:36 +01:00
Jack Heysel 29c2361a9c Module clean up, docs, metadata, rubocop 2023-08-02 18:53:20 -04:00
Ege Balcı 329920eeb2 Add Netgear NMS RCE (CVE-2023-38096/8) exploit 2023-08-02 18:03:57 +02:00
ismaildawoodjee 19dcc2d674 Move module and documentation from linux/http to multi/http 2023-08-02 10:10:27 -04:00
h00die 042136cf57 python flask signer module and docs 2023-08-01 18:27:25 -04:00
Spencer McIntyre 692c625752 Add module docs 2023-08-01 12:28:13 -04:00
JustAnda7 79d3cc81cb changes-to-support-nmap-script 2023-08-01 07:50:01 -04:00
Ismail Dawoodjee 11fb61c3b6 Merge branch 'rapid7:master' into subrion_cms_file_upload_rce 2023-08-01 14:24:37 +03:00
adfoster-r7 b979217227 Land #18239, Add version numbers to apache nifi rce module 2023-07-31 22:28:52 +01:00
h00die b2869a5550 version numbers for apache nifi rce 2023-07-31 17:16:26 -04:00
h00die 5d9a65eeb0 version numbers for apache nifi rce 2023-07-31 16:14:57 -04:00
Christophe De La Fuente a7402fb5f1 Land #18205, Add rudder-server SQLI RCE (CVE-2023-30625) exploit 2023-07-31 15:15:07 +02:00
ismaildawoodjee 154387f99a Add additional installation instructions and scenarios 2023-07-30 07:28:16 -04:00
h00die-gr3y 19ef0cc4f9 Added documentation and fixed a typo in the module description 2023-07-28 21:30:24 +00:00