adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

4257 Commits

Author SHA1 Message Date
Chocapikk b8d2681335 Remove useless config suggestions 2025-04-26 23:53:59 +02:00
Chocapikk c4e621f3cf Add new exploit for CVE-2025-32432: Craft CMS Preauth RCE 2025-04-26 05:43:13 +02:00
Martin Sutovsky b117843c00 Addressing comments 2025-04-25 20:17:46 +02:00
Martin Sutovsky 9d5c4a59e8 Adding documentation 2025-04-25 14:47:00 +02:00
Martin Sutovsky 665065e4df Module init 2025-04-25 14:35:24 +02:00
RAMELLA Sebastien 740a8130d4 combine modules 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-04-25 10:35:16 +04:00
jheysel-r7 f5aafdcfdf Merge pull request #20046 from Takahiro-Yoko/bentoml_runner_server_rce_cve_2025_32375 
Add BentoML's runner server unauth RCE module (CVE-2025-32375)
 2025-04-22 12:32:08 -07:00
bcoles 1da0ebff66 exploit/solaris/sunrpc/sadmind_*: Cleanup and add documentation 2025-04-22 13:33:25 +10:00
RAMELLA Sebastien 0a428b8d03 add scanner capability + code review 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-04-20 18:02:52 +04:00
RAMELLA Sebastien 59ed219775 Added exploit module for CVE-2025-21293 (Erlang/OTP) 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-04-19 00:18:46 +04:00
Brendan 98702a6326 Merge pull request #20044 from jheysel-r7/cve_2025_21293 
Updated service_permissions with action to exploit CVE-2025-21293
 2025-04-17 13:24:46 -05:00
Takah1ro e1b5109c70 Add BentoML RCE module (CVE-2025-32375) 2025-04-17 20:46:43 +09:00
Jack Heysel 3ead0fdf42 Add check for is_uac_enabled? 2025-04-16 17:59:53 -07:00
Jack Heysel 9a95f60df6 Updated service_permissions with action to exploit CVE-2025-21293 2025-04-16 10:55:05 -07:00
Takah1ro edcc30699a Make user be able to specify a particular endpoint 2025-04-16 21:47:31 +09:00
Takahiro Yokoyama 8dc4beba7f Update documentation/modules/exploit/linux/http/bentoml_rce_cve_2025_27520.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-16 20:48:34 +09:00
Takah1ro a33a8d91fe Update the document 2025-04-16 12:52:15 +09:00
Takah1ro e51cd24383 Add BentoML RCE module (CVE-2025-27520) 2025-04-15 22:46:42 +09:00
aaryan-11-x 0a3e3c3b6b Made all changes as requested 2025-04-14 23:40:25 +05:30
msutovsky-r7 140b93e802 Land #20022, Langflow RCE module 
Add Langflow unauth RCE module (CVE-2025-3248)
 2025-04-14 08:24:44 +02:00
Takah1ro c7fdcc8e91 Update the document 2025-04-12 10:21:13 +09:00
aaryan-11-x cd307984cb msftidy Fixes 2025-04-11 23:05:43 +05:30
aaryan-11-x 6fb4e2ef56 Added exploit module & documentation for CVE-2024-57488 2025-04-11 23:01:33 +05:30
Takah1ro f67dfe6a62 Update check 2025-04-11 21:51:45 +09:00
Takahiro Yokoyama 0c20606c8c Update documentation/modules/exploit/multi/http/langflow_unauth_rce_cve_2025_3248.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-11 20:44:03 +09:00
msutovsky-r7 0b4e133001 Land #20018, pgAdmin Authenticated RCE (CVE-2025-2945) 
pgAdmin Query Tool Authenticated RCE (CVE-2025-2945)
 2025-04-11 10:34:02 +02:00
Takah1ro 718a0bc5c7 Change directory from linux to multi 2025-04-11 14:45:10 +09:00
Takah1ro b613b0a41b Add Langflow unauth RCE module (CVE-2025-3248) 2025-04-11 14:07:54 +09:00
Jack Heysel 4cec129e1c Responded to comments 2025-04-10 10:53:05 -07:00
Jack Heysel ddb29d6181 Removed unnecessary method 2025-04-10 07:18:42 -07:00
Jack Heysel 290a35b0f6 pgAdmin Query Tool Authenticated RCE (CVE-2025-2945) 2025-04-09 17:32:10 -07:00
Brendan 4da78bd550 Merge pull request #19994 from sfewer-r7/CVE-2021-35587 
Adds exploit module for CVE-2021-35587, an unauthenticated deserialization vulnerability affecting Oracle Access Manager (OAM).
 2025-04-08 08:59:18 -05:00
Stephen Fewer 03f5291bcc Improve the documentation, fix typo in console commands, add comment to wait for DB container to complete setup (Thanks Brendan). 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-04-08 09:41:47 +01:00
Stephen Fewer 16e374750f Improve the documentation, add steps to create /opt/oracle/user_projects (thanks Brendan). 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-04-08 09:40:21 +01:00
msutovsky-r7 fe9a0ad25b Land #20008, PandoraFMS Auth RCE module 
Pandora FMS authenticated RCE [CVE-2024-12971]
 2025-04-08 07:50:28 +02:00
h00die-gr3y 76fb34a5db small update in description of the module and documentation 2025-04-06 10:49:03 +00:00
h00die-gr3y 8a72fd6861 init module and documentation 2025-04-06 10:33:56 +00:00
Takah1ro 139dd50333 Add Appsmith RCE module (CVE-2024-55964) 2025-04-05 14:56:04 +09:00
jheysel-r7 d16eeab32c Merge pull request #19995 from chutton-r7/cve-2025-24813 
Module for CVE-2025-24813
 2025-04-02 14:20:52 -07:00
Jack Heysel b85faf9440 Update documentation 2025-04-02 14:10:46 -07:00
Jack Heysel 6816589378 Added FileDropper for cleanup 2025-04-02 13:37:39 -07:00
Jack Heysel fefb954827 Correct Tomcat version listed in Scenarios section 2025-04-02 13:02:26 -07:00
Jack Heysel 4058173a1c Correct spelling 2025-04-02 12:57:20 -07:00
sfewer-r7 b44540bc35 update docs to give some more detail on the testing setup 2025-04-02 20:51:39 +01:00
Jack Heysel 1e58d419f6 Updated docs, added Setup steps 2025-04-02 12:03:21 -07:00
sfewer-r7 dc74b37577 add in a scenario for the Unix Command target to the docs 2025-04-02 15:32:18 +01:00
chutton-r7 917aaeb027 Add module docs 2025-04-02 10:22:01 +01:00
sfewer-r7 c5d3512659 update docs 2025-04-01 13:05:28 +01:00
sfewer-r7 acafd884b5 add in the initial exploit for CVE-2021-35587, only tested on 12.2.1.4.0 so far. 2025-04-01 12:56:38 +01:00
jheysel-r7 5505bb5ef1 Merge pull request #19947 from machang-r7/machang-r7-module-cve-2025-27218 
Create sitecore_xp_cve_2025_27218.rb
 2025-03-28 07:40:28 -07:00