3182cb4000
Land #18612 , Craft CMS unauthenticed RCE [CVE-2023-41892]
2023-12-22 10:59:39 +01:00
0a2dea523f
Add suggested changes
2023-12-22 00:04:54 +01:00
4c404765a4
Final update to the module based on cdelafuente-r7 comments
2023-12-21 12:06:21 +00:00
9c9af0dca1
Fix statement
2023-12-20 01:51:19 +01:00
22a05c8bf5
Add CVE-2023-50917
2023-12-20 00:43:00 +01:00
5d7cf90521
Some minor changes to the module and documentation
2023-12-18 08:23:16 +00:00
0641839e69
Added documentation and removed debug info
2023-12-17 13:10:18 +00:00
db099f8f4c
Third release of module
2023-12-16 16:06:05 +00:00
d00249f083
Second release with manual cleanup of php* files
2023-12-14 12:57:07 +00:00
e946d78993
Add opennms_horizon_authenticated_rce exploit
2023-12-13 18:03:56 +02:00
ff44932113
first draft release of module
2023-12-10 21:09:40 +00:00
1438a88eb5
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-28 08:10:56 +01:00
c60da4ad58
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2023-11-23 17:33:19 +01:00
d20a1703b1
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2023-11-23 17:32:57 +01:00
9b050e29ae
Add suggested changes
2023-11-22 00:53:12 +01:00
fff8d20eb8
Add suggested changes
2023-11-22 00:50:57 +01:00
2750deedee
Update
2023-11-21 18:28:28 +01:00
218f652429
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-21 17:08:55 +01:00
58425df0ef
Update vinchin_backup_recovery_cmd_inject exploit and documentation
2023-11-21 02:09:24 +01:00
d59d5e5524
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:07:04 +01:00
4e1ec6484a
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:06:51 +01:00
8eb1f61217
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:06:41 +01:00
223cb245ba
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:06:05 +01:00
13b19ba537
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:05:54 +01:00
00cc8dcc09
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:05:45 +01:00
42cdda7200
Vinchin
2023-11-16 18:10:42 +01:00
7482948ab7
Fix
2023-11-09 20:05:39 +01:00
c5cfc995c2
Add vinchin_backup_recovery_cmd_inject
2023-11-09 19:47:27 +01:00
1cde6198b5
Land #18481 , MagnusBilling unauthenticated RCE [CVE-2023-30258]
2023-11-03 20:42:27 +01:00
e5790f8d6e
Fix a stability issue with the module
...
Occassionally the module will fail on login if things are running too
quickly. Fix it by retrying like update_user_password does.
2023-11-02 17:10:20 -04:00
27d86be456
Remove the REPEATABLE_SESSION tag
...
The module is generally reliable, but may fail after it's been run multiple
times.
2023-11-02 11:11:36 -04:00
cea4c1f326
Feedback from module review
2023-11-02 10:17:45 -04:00
d26742a266
Add check code annotations, update AJP link
2023-11-02 08:53:56 -04:00
9c67b92a4d
Rename the other TMUI RCE module
2023-11-01 16:55:42 -04:00
7b53592b4f
Add module docs
2023-11-01 16:55:41 -04:00
03252913a1
Add the check method
2023-11-01 16:55:41 -04:00
714eeaaa3a
Finish cleaning the exploit up
2023-11-01 16:55:36 -04:00
c803d6ef7e
Fetch the admin hash as a bonus
2023-10-31 15:27:31 -04:00
04388d9e25
Initial commit of CVE-2023-46747
2023-10-31 09:55:18 -04:00
ad6e4618df
third release module with minor text changes
2023-10-31 09:29:13 +00:00
bfff35eb63
second release module with php fix
2023-10-31 09:05:51 +00:00
50b7e0305e
first release module
2023-10-24 15:29:18 +00:00
05dd2e1473
Land #18351 , Apache Superset RCE (CVE-2023-37941)
2023-10-12 17:10:10 -04:00
45be501a50
Raise a more specific error message
...
Check for and raise a more specific error message when the internal
database fails to mount because the path is incorrect.
2023-10-10 15:21:35 -04:00
59da2865d9
Use an exec-in-place gadget for Python
...
This adds a Python deserialization gadget that will exec arbitrary
Python code in place. It is only compatible with Python 3.x due to
differences in Python's exec function and statement between 2 and 3.
2023-10-10 14:01:24 -04:00
931a67d290
kibana telemetry rce rewritten to use fetch payloads
2023-10-06 09:55:10 -04:00
a2a9becc73
convert cmd_stager to fetch payloads
2023-10-06 07:40:17 -04:00
5e0538a239
review comments round 1
2023-10-05 13:12:33 -04:00
88eb44be64
kibana telemetry rce
2023-10-02 16:53:20 -04:00
1e69086d24
Land #18365 , TOTOLINK X5000R Wireless GigaBit Router Unauthenticed RCE [CVE-2023-30013]
2023-09-21 11:27:19 +02:00
Christophe De La Fuente