 Brent Cook
|
1ee8734717
|
Land #10570, AKA Metadata Refactor
|
2018-09-17 20:31:07 -07:00 |
|
|
William Vu
|
2ee6a49a27
|
Land #10649, https://seclists.org references
|
2018-09-17 15:09:39 -07:00 |
|
|
Wei Chen
|
3e801c22fb
|
Land #10546, Add Apache Struts exploit: CVE-2018-11776
|
2018-09-07 12:56:02 -07:00 |
|
|
William Vu
|
4360b9e82e
|
Land #10566, struts2_rest_xstream normalize_uri
|
2018-08-30 14:00:53 -07:00 |
|
|
William Vu
|
add03ca7f8
|
Land #10543, struts2_rest_xstream targeting fixes
|
2018-08-28 16:55:02 -07:00 |
|
|
William Vu
|
98ee549705
|
Land #10538, PSH target for struts2_rest_xstream
|
2018-08-28 16:55:01 -07:00 |
|
|
Brent Cook
|
f22e6ec2bf
|
Land #10527, Fix msftdiy EDB link check, enable HTTPS
|
2018-08-27 08:53:05 -07:00 |
|
|
Jacob Robles
|
376a343472
|
Land #10487, add php5 session file target
|
2018-08-27 08:49:42 -07:00 |
|
|
Adam Cammack
|
43f1f8eeb2
|
Land #10405, Cleanup dropped files for CMSMS
|
2018-08-01 12:46:44 -07:00 |
|
|
Jacob Robles
|
7e180a390c
|
Land #10060, vTiger CRM v6.3.0 Upload RCE
|
2018-07-30 10:34:17 -07:00 |
|
|
Wei Chen
|
3a67d89711
|
Land #10383, Add WP Responsive Thumbnail Slider Plugin Exploit Module
|
2018-07-26 21:56:35 -07:00 |
|
|
Wei Chen
|
e075836ad5
|
Land #10346, update check method and doc for CMS Made Simple
|
2018-07-20 15:49:07 -07:00 |
|
|
Wei Chen
|
fdc24fe453
|
Land #10327, Add CMS Made Simple Upload/Rename Authenticated RCE
|
2018-07-19 10:20:10 -07:00 |
|
|
William Vu
|
dbd03f9914
|
Land #10278, gitlist_arg_injection fixes
|
2018-07-12 17:05:33 -07:00 |
|
|
Wei Chen
|
465dceb182
|
Land #10299, Add 88 CVEs to various auxiliary and exploit modules
|
2018-07-12 16:28:05 -07:00 |
|
|
Shelby Pace
|
8586e6fc8f
|
Land #10260, Add phpMyAdmin v4.8.1/4.8.0 LFI RCE
|
2018-07-12 11:24:03 -05:00 |
|
|
Shelby Pace
|
45f354e55d
|
Land #10231, Monstra Fileupload Exec
|
2018-07-12 11:24:02 -05:00 |
|
|
Jacob Robles
|
d480ee8e20
|
Land #10275, Update missing CVE references for exploit modules
|
2018-07-12 11:24:01 -05:00 |
|
|
Wei Chen
|
e915bb0f66
|
Land #10262, Add GitList argument injection exploit module
|
2018-07-06 12:30:10 -07:00 |
|
|
William Vu
|
d4dfb98fb9
|
Land #10207, msftidy fixes
|
2018-06-26 12:40:50 -07:00 |
|
|
Jacob Robles
|
95cb9f3654
|
Land #9825, Add 'phpMyAdmin Authenticated Remote Code Execution'
|
2018-06-18 06:55:53 -07:00 |
|
|
William Vu
|
012de0f6b1
|
Land #10038, struts_code_exec_parameters EXE fix
|
2018-05-17 08:16:33 -07:00 |
|
|
William Vu
|
cbac801b88
|
Land #8727, CVE-2017-9791 exploit
|
2018-05-17 08:16:33 -07:00 |
|
|
Jacob Robles
|
b2b97db28b
|
Land #9878, Add MSF module for EDB 6768, Mantis <= v1.1.3 Post-auth RCE
|
2018-05-09 17:48:53 -07:00 |
|
|
Jacob Robles
|
dcbc871883
|
Land #9988, playsms_uploadcsv_exec
|
2018-05-07 09:35:08 -07:00 |
|
|
Jacob Robles
|
75196b4fc6
|
Land #9944, playsms_filename_exec.rb
|
2018-05-07 09:35:08 -07:00 |
|
|
Jacob Robles
|
8739befa70
|
Land #9821, osCommerce 2.3.4.1 - Remote Code Execution
|
2018-05-03 09:21:02 -07:00 |
|
|
Chris Higgins
|
ded6a50883
|
Land #8539, ProcessMaker Plugin Upload exploit
|
2018-04-04 19:06:18 -07:00 |
|
|
William Vu
|
b870091380
|
Land #9423, PSH for jenkins_xstream_deserialize
|
2018-03-27 14:21:47 -05:00 |
|
|
h00die
|
c56e571b18
|
Land #9702 exploit for clipbucket
|
2018-03-27 13:55:43 -05:00 |
|
|
Aaron Soto
|
395320ba97
|
Land #9379, Oracle Weblogic RCE exploit and documentation
|
2018-01-26 18:08:56 -06:00 |
|
|
William Vu
|
366a20a4a4
|
Fix #9215, minor style nitpick
|
2018-01-03 23:11:51 -06:00 |
|
|
William Vu
|
a1d43c8f33
|
Land #9215, new Drupageddon vector
|
2018-01-03 14:45:32 -06:00 |
|
|
William Vu
|
e9b9c80841
|
Fix #9307, credit to @r0610205
|
2017-12-18 03:55:01 -06:00 |
|
|
William Vu
|
76823e9fe6
|
Land #9183, Jenkins Groovy XStream RCE
|
2017-12-18 03:38:27 -06:00 |
|
|
WhiteWinterWolf
|
bfd5c2d330
|
Keep the initial option name 'ADMIN_ROLE'
|
2017-11-22 22:03:56 +01:00 |
|
|
WhiteWinterWolf
|
2be3433bdb
|
Update references URLs
|
2017-11-17 13:27:35 +01:00 |
|
|
WhiteWinterWolf
|
a636380e4b
|
Merge the new method into drupal_drupageddon.rb
|
2017-11-17 13:00:15 +01:00 |
|
|
WhiteWinterWolf
|
704514a420
|
New exploit method for Drupageddon (CVE-2014-3704)
This new script exploits the same vulnerability as
*exploits/multi/http/drupal_drupageddon.rb*, but in a more efficient way.
|
2017-11-16 20:47:44 +01:00 |
|
|
Adam Cammack
|
4219959c6d
|
Bump ranking to Excellent
|
2017-11-15 15:00:47 -06:00 |
|
|
Steven Patterson
|
df2b62dc27
|
Add Mako Server CMD injection Linux support, update docs, move to multi
|
2017-11-10 16:28:39 -05:00 |
|
|
attackdebris
|
500bde1150
|
get_vars tweak
|
2017-11-09 04:16:34 -05:00 |
|
|
attackdebris
|
a04bc0a25b
|
Add get_vars, remove a https instance
|
2017-11-08 16:30:59 -05:00 |
|
|
attackdebris
|
7173e7f4b4
|
Add CVE to module description
|
2017-11-07 11:05:14 -05:00 |
|
|
attackdebris
|
371f3c333a
|
This commit adds the jenkins_xstream_deserialize module
|
2017-11-07 09:46:42 -05:00 |
|
|
Jeffrey Martin
|
cfaa34d2a4
|
more style cleanup for tomcat_jsp_upload_bypass
|
2017-10-11 15:53:35 -05:00 |
|
|
Jeffrey Martin
|
9885dc07f7
|
updates for style
|
2017-10-11 15:29:47 -05:00 |
|
|
root
|
03e7797d6c
|
fixed msftidy errors and added documentation
|
2017-10-11 07:57:01 -04:00 |
|
|
peewpw
|
facc38cde1
|
set timeout for DELETE request
|
2017-10-09 21:53:31 -04:00 |
|
|
peewpw
|
be8680ba3d
|
Create tomcat_jsp_upload_bypass.rb
Created a module for CVE-2017-12617 which uploads a jsp payload and executes it.
|
2017-10-08 21:48:47 -04:00 |
|