560327deba
Land #14616 , fix typo in autoroute.md
2021-01-15 15:43:50 -06:00
c8819259ae
Land #14414 , CVE-2020-1337 - patch bypass for CVE-2020-1048
2021-01-15 19:13:14 +01:00
e2e3cc12b0
Update autoroute.md
2021-01-15 16:22:33 +08:00
d8e68e6487
Specify you must be SYSTEM for dll removal in docs and removed unused variable in the module
2021-01-12 11:45:53 -06:00
33bd712e0a
Land #14585 , Create module for CVE-2020-17136: Cloud Filter Arbitrary File Creation EoP
2021-01-11 17:16:40 -05:00
50e115b414
Cleanup and edits per review from Christophe
...
Removed unused method from ps script
Cleaned up some code in the module
Added removal instructions to the documentation
2021-01-11 16:02:58 -06:00
7aef731267
Land #14572 , add AIT CSV import rce
2021-01-11 15:37:05 -06:00
7d7263cf1f
spelling
2021-01-09 08:13:19 -05:00
3072391d00
Make second round of review edits to fix Spencer's comments
2021-01-08 12:50:52 -06:00
2886ee0448
Land #14582 , Support command actions for post modules and consolidate VSS modules
2021-01-08 16:54:04 +01:00
3e52debd8b
Update the exploit a bit more to remove excess options and also update the documentation accordingly.
2021-01-06 12:16:06 -06:00
17c393f101
Land #14046 , Adding juicypotato-like privilege escalation exploit for windows
2021-01-06 16:02:05 +01:00
863417fca7
Second round of updates and some rubocop changes to conform to standards.
2021-01-06 01:30:40 -06:00
81ee149ea2
Add check code support to module and update the documentation accordingly, plus rework the module description
2021-01-06 01:06:08 -06:00
7cab5568ab
Land #14568 , add total upkeep backup download
2021-01-05 14:01:04 -06:00
54f5e565fa
Land #14330 , SpamTitan Gateway Remote Code Execution
...
Merge branch 'land-14330' into upstream-master
2021-01-04 12:14:12 -06:00
2f58d246e7
Add documentation for the new VSS module
2021-01-04 12:25:41 -05:00
d8c55501a5
ait csv improter exploit
2021-01-01 12:14:52 -05:00
c64d0038ab
review step 1
2020-12-31 12:54:33 -05:00
ff3dd7b73a
first go of wp_total_upkeep
2020-12-30 16:34:12 -05:00
8701a2e6e8
Remove the deprecated SOCKS modules in favor of the new unified one
2020-12-29 13:33:06 -05:00
7de662c807
Land #14521 , Struts2 Multi Eval OGNL RCE
2020-12-23 11:40:16 -06:00
70f8ff31f8
Update documentation to include missing extra options I forgot to document, edit the wording on the module to match the documentation, and do final touch ups.
2020-12-23 10:50:22 -06:00
799b451324
Add in updates to documentation to fix spelling mistakes and to also add in missing documentation for some options, plus to make some explanations a bit clearer.
2020-12-22 17:33:40 -06:00
d2ca5d331d
Add documentation
2020-12-22 14:14:20 -06:00
4a449f97d3
Land #14522 , Replace hard-coded Shiro default key with ENC_KEY
2020-12-22 09:26:49 -06:00
24e8aeffe5
Incorporate review feedback and update the associated documentation.
2020-12-21 17:29:21 -06:00
2c66beac17
Land #14429 , Create shodan_host.rb, a module to grab ports from a given IP using Shodan
2020-12-21 15:58:17 -06:00
12277d3020
Apply RuboCop changes to the exploit module and also make final adjustments to the exploit code to handle some edge cases and fix review comments
2020-12-21 15:26:48 -06:00
39110d04f0
Add note about needing an Oracle account
2020-12-18 21:20:29 -06:00
4d85602fae
Fix incorrect scenario header in module doc
...
I retested in VirtualBox and updated the output but not the header.
2020-12-18 21:15:05 -06:00
57c57a398d
Adding new check to filter out Windows 7 and Windows XP. Indeed, lab experiments has shown that BITS does not attempt to connect to WinRM port, making those systems not vulnerable.
2020-12-19 02:51:48 +01:00
11faafa4e9
Land #14474 , Wordpress 2-day: easy-wp-smtp arbitrary wordpress user password reset
2020-12-18 17:07:46 -05:00
764efbeac3
Fixup a typo, an unnecessary statement and clarify a statement
2020-12-18 17:07:16 -05:00
3cb39c2fca
Land #14497 , wordpress uplicator plugin arbitrary file read
2020-12-18 17:05:40 -05:00
dc6b67f4c6
Land #14509 , Fixes for Solr RCE
2020-12-18 21:51:06 +01:00
9e6d20a83c
create aggressive mode and some review
2020-12-18 15:30:45 -05:00
9b8b4621df
Land #14368 , Pulse Connect Secure gzip RCE: cve-2020-8260
2020-12-17 17:43:55 -05:00
a1702e8b53
rubocop and minor adjustments
2020-12-17 06:39:43 -05:00
87dacce2cd
Land #14446 , Add Oracle Solaris SunSSH PAM parse_user_name() exploit (CVE-2020-14871)
2020-12-16 16:01:32 -05:00
c586bde50d
Update documentation to add SNMPPORT option description
2020-12-16 15:20:10 +01:00
60bcc95edc
Fix documentation
2020-12-16 15:15:27 +01:00
298deae709
Add documentation
2020-12-16 15:15:27 +01:00
3d7ed70cec
Tweak the check method and add module docs
2020-12-15 19:49:29 -05:00
246c455c96
Reformat the struts2_namespace_ognl module docs
2020-12-15 09:13:06 -05:00
fc96ae0583
Create shodan_host.md
2020-12-15 10:30:58 +08:00
a30cdfc892
Fix #14254 , Add CVE-2020-1054, win32k DrawIconEx OOB Write LPE
2020-12-14 14:54:54 +00:00
98d6364248
Land #14482 , Use CVE-2020-5752 path traversal bypass for CVE-2019-3999
2020-12-14 15:10:09 +01:00
910463b492
Update wp_duplicator_file_read.md
2020-12-13 21:13:33 -05:00
f255724e01
Changes to support older Solr (tested 5.3.0)
...
Use a new parameter instead of a header because older versions don't
have access to the request object.
There was an issue where the exploit would fail if the exec returned -1
despite the payload otherwise working, fixed by not trying to return
output in that case.
Also updates the documentation to reflect that we have a Java target now
and quoting is no longer a concern.
2020-12-13 19:05:47 -06:00
Shelby Pace