b7e4247d22
Avoid using CVE as option
2024-08-07 08:43:57 +09:00
b487dadf8c
Remove explicit return
2024-08-05 13:01:11 +09:00
ab38c83d9c
Update module document
2024-08-05 08:51:56 +09:00
93f1362d22
Add module document
2024-08-05 08:47:29 +09:00
48c69b99fb
Land #19344 , FortiClient EMS FCTID SQLi to RCE fix for 7.2.x
2024-07-31 09:43:19 -04:00
24c8a2bf5f
Land #19331 , Update empire_skywalker module
2024-07-31 12:27:06 +02:00
4f061c87fb
Update document
2024-07-31 15:43:03 +09:00
ba7c7b6456
Land #19298 , OpenMediaVault authenticated RCE [CVE-2013-3632]
2024-07-30 17:40:39 +02:00
598498832c
Merge branch 'rapid7:master' into master
2024-07-27 09:21:28 +09:00
14945679ba
Updated email generation part.
2024-07-25 23:54:27 -04:00
c8feb5c5e6
Updated formatting
2024-07-24 22:40:00 -04:00
c05aebe248
Formatting
2024-07-24 11:16:26 -07:00
e9cbb9287c
Add support for 7.2.x
2024-07-24 10:45:38 -07:00
0f6e2a62b5
Fix numbering
2024-07-24 19:27:11 +09:00
86ae938b1f
Add #
2024-07-24 18:55:52 +09:00
b023ebfb7d
Add space at EOL
2024-07-24 18:51:23 +09:00
dc60fe8025
Update skywalker.md
2024-07-24 18:49:09 +09:00
9bfaf6343a
Updated the module to take advantage of the check method
2024-07-23 23:48:32 -04:00
2bdba1a48d
Documentation for the MyPRO Command Injection (CVE-2023-28384) Module.
2024-07-22 16:46:37 -04:00
a18ce36459
Update empire_skywalker.md
2024-07-21 09:36:45 +09:00
b65c7ecb08
added support for all openmediavault versions (0.1 - 7.4.2-2)
2024-07-20 20:55:33 +00:00
48ea314138
Update empire_skywalker.md
2024-07-20 14:44:15 +09:00
ec45763f05
Add empire_skywalker module documentation
2024-07-20 14:10:00 +09:00
636c72965c
Land #19084 , Add CVE-2022-1373 and CVE-2022-2334 exploit chain
...
Merge branch 'land-19084' into upstream-master
2024-07-19 12:22:25 -05:00
9b7b1fd16e
Land #19313 , Ghostscript Command Execution via Format String (CVE-2024-29510)
...
Merge branch 'land-19313' into upstream-master
2024-07-19 11:24:11 -05:00
a9f8475bf5
moved module + doc to exploit/unix/webapp
2024-07-16 15:50:20 +00:00
e9c511c979
Add documentation and some updates
2024-07-16 16:34:28 +02:00
f7449ea850
Land #19311 , Add GeoServer unauth RCE module
...
This adds an exploit module for CVE-2024-36401, an unauthenticated RCE
vulnerability in GeoServer versions prior to 2.23.6, between version
2.24.0 and 2.24.3 and in version 2.25.0, 2.25.1.
2024-07-12 11:07:36 -07:00
292c177b74
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-07-12 19:20:46 +02:00
5d210b548b
added windows support
2024-07-11 16:34:07 -07:00
4e76068cea
added armle architecture support
2024-07-11 21:42:45 +00:00
92f6445856
added documentation
2024-07-11 21:24:50 +00:00
198f3f8d9b
update based on review comments of jvoisin
2024-07-10 11:05:22 +00:00
7746c8877e
Add sysinfo Meterpreter output and target OS version numbers
2024-07-09 16:31:01 -05:00
06da60cade
Adding atlassian_confluence_rce_cve_2024_21683 documentation
...
Adding CVE-2024-21683 documentation, which includes both Windows and Linux examples.
2024-07-09 14:05:43 -05:00
aabd9febb2
Land #19274 , Ivanti EPM SQLi to RCE
...
This adds an exploit for CVE-2024-29824, an unauthenticated SQLi
which can be used to obtain RCE in Ivanti Endpoint Manager 2022 SU5 and
prior
2024-07-08 12:52:34 -07:00
594de4681f
Second release module addressing cdelafuente-r7 comments and added documentation
2024-07-04 20:31:02 +00:00
df8f281d18
Land #19204 , Zyxel VPN Series Pre-auth Command Injection
2024-07-03 20:14:39 +02:00
9cfaa2e69f
Lowered rank and explained mock testing
2024-06-24 09:13:46 -07:00
24fa34e7b9
Land #19188 , Netis MW5360 unauthenticated RCE [CVE-2024-22729]
2024-06-24 13:40:51 +02:00
ecb628eaab
Add module and documentation
2024-06-20 15:30:54 +02:00
dc70aa0896
Land #19247 , PHP CGI Arg injection RCE
...
XAMPP installs running on Windows system configured to use Japanese or
Chinese (simplified or traditional) locales are vulnerable to a PHP CGI
argument injection vulnerability. This exploit module returns a session
running in the context of the Administrator user
2024-06-17 11:27:38 -07:00
e14dd93d6f
Rebased encoder fix, removed PS paylaod dependency
2024-06-14 16:59:55 -07:00
ade11a5a4b
Added default options fixed Verification Steps
2024-06-14 16:41:12 -07:00
1dfd5da51e
Apache OFBiz Dir Traversal RCE
2024-06-14 16:41:12 -07:00
178bb3e085
Land #19229 , Junos OS PHPRC module enhancement
...
The junos_phprc_auto_prepend_file module used to depend on having a user
authenticated to the J-Web application to steal the necessary session
tokens in order to exploit. With this enhancement the module will now
create a session if one doesnt exist. Also it adds datastore options to
change the hash format to be compatible with older version as well an
option to attempt to set ssh root login to true before attempting to
establish a root ssh session
2024-06-14 11:35:15 -07:00
1bb95acd12
Updated documentation
2024-06-14 11:02:31 -07:00
d7531ef74c
fix typo in documentation
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-06-13 15:09:56 +01:00
b9b638dd83
Land #19196 , Cacti import package RCE
...
This exploit module leverages an arbitrary file write vulnerability
(CVE-2024-25641) in Cacti versions prior to 1.2.27 to achieve RCE. It
abuses the Import Packages feature to upload a specially crafted package
that embeds a PHP file.
2024-06-12 15:43:46 -07:00
45815a4cb5
Code review
2024-06-12 19:47:02 +02:00
Takah1ro