3dcb9d58ab
Code review
2024-12-02 14:02:07 +01:00
c943cc6378
Add module and documentation
2024-12-02 14:02:07 +01:00
5cdf7ae175
Update documentation/modules/exploit/unix/webapp/cyberpanel_preauth_rce_multi_cve.md
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-11-30 13:55:02 +01:00
c4b7954f15
Land #19596 , Wordpress Plugin Post SMTP Account Takeover
2024-11-29 09:05:03 -08:00
d13bccca05
peer review
2024-11-28 20:24:25 -05:00
1906646e67
peer review
2024-11-28 13:18:47 -05:00
a945a54fc3
Merge remote-tracking branch 'origin/master' into acronis-rce
2024-11-27 21:50:53 +00:00
e41f5ad577
needrestart exploit updates
2024-11-27 15:41:23 -05:00
7de3d117b8
Land #19582 Acronis Cyber Backup/Protect Info Disclosure
2024-11-27 07:50:16 -08:00
d778f5469b
needrestart improvements
2024-11-26 18:22:48 -05:00
d4bd00d48e
needrestart improvements
2024-11-25 16:38:18 -05:00
492ccca1aa
review
2024-11-23 12:43:35 -05:00
dc445ed1ac
Apply suggestions from code review
2024-11-23 00:57:08 +01:00
7fd82b89df
offload files to data
2024-11-22 15:57:18 -05:00
94e5e49052
ubuntu needrestart lpe
2024-11-22 15:44:45 -05:00
502e415344
Merge pull request #19630 from remmons-r7/cups_ipp_rce
...
Exploit module for IPP attributes remote code execution - OpenPrinting CUPS
2024-11-22 09:22:21 -05:00
000ffb2406
make the check routine return a message for Detected.
2024-11-22 12:37:50 +00:00
cd780e4339
Added documentation
2024-11-22 13:12:38 +11:00
9c74467950
Refactor code + add check and autocheck
2024-11-21 22:48:36 +01:00
d95d549992
Land #19531 ProjectSend r1335 - r1605 RCE module
2024-11-21 09:53:36 -08:00
41bcf4629f
The payload we essentially being encoded twice (thanks for calling this out Brendan), we now supply a suitable BadChars and let the framewrk encode the framework paylaod. We rename the variable payload to bootstrap_payload as this was colliding with the frameworks payload variable which was not the intent.
2024-11-21 17:37:34 +00:00
68eb6599fd
Create projectsend_unauth_rce
2024-11-21 09:34:58 -08:00
d2f6e0e10f
As the payload option FETCH_WRITABLE_DIR may not be available if a non fetch based payload is used, we add a new option WRITABLE_DIR to account for this. Update the documentation to reflect the change.
2024-11-21 16:38:09 +00:00
f9b099a46d
remove the DefaultOption PAYLOAD value, and let the framework pick one for us. Mention I tested the exploit with cmd/linux/http/x64/meterpreter_reverse_tcp
2024-11-21 16:22:02 +00:00
d9d7f1a898
Merge pull request #19654 from h00die/strapi
...
strapi 3.0.0 beta 17.4 password reset (CVE-2019-18818)
2024-11-21 12:35:30 +00:00
0f6da56a52
vcenter sudo module
2024-11-21 04:34:15 -05:00
afbbba09e8
Land #19584 Judge0 sandbox escape CVE-2024-28185, CVE-2024-28189
2024-11-20 14:35:38 -08:00
da6f8cd552
Add Judge0 module and document
2024-11-20 14:15:38 -08:00
05cbd1d9a3
Land #19593 Add exploit for CVE-2023-28324 (Unauthenticated RCE in Ivanti EPM)
...
This exploits an unauthenticated RCE in Ivanti's EPM where a .NET remoting client can invoke a method that results in an OS command being executed in the context of NT AUTHORITY\SYSTEM.
2024-11-20 11:18:58 -08:00
e52edf447c
Implement feedback from the PR
2024-11-20 13:51:39 -05:00
afc735f4a4
Add documentation
2024-11-20 15:36:36 +11:00
2469d4ea23
add in exploit module for the recent PAN-OS RCE, CVE-2024-0012 + CVE-2024-9474
2024-11-19 16:15:06 +00:00
f7e210d3e9
Merge pull request #19624 from cdelafuente-r7/fix/mod/ms_icpr
...
Fix a crash when generating CSRs with OpenSSL 3.4.0
2024-11-19 10:58:52 -05:00
6bd049e346
operator working
2024-11-18 20:09:13 -05:00
19770cf870
Remove unneeded file and rudocop corrections
...
Update modules/exploits/linux/local/gameoverlay_privesc.rb
Co-authored-by: Brendan <bwatters@rapid7.com >
Give bwatters7 credit, add docs
Experiment with randomized bash copy and Rex::File.join
remove unused line
Add missing parenthesis
fix problem with bash copy
Remove rex::join, call proper method for generating payload
add exploit::exe mixin, bash copy randomization
Rubocop changes
Remove nc
2024-11-18 17:01:08 -06:00
dd7e1786e1
Merge pull request #19643 from smashery/dcsync_individual
...
DCsync individual accounts and groups
2024-11-18 09:25:21 -05:00
f38661d6c3
pod user working
2024-11-18 07:30:21 -05:00
219981227d
Update documentation/modules/auxiliary/scanner/http/strapi_3_password_reset.md
...
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com >
2024-11-16 15:36:00 -05:00
6629d5dff2
strapi password reset
2024-11-15 15:12:34 -05:00
c58dbbfb61
add in documentation
2024-11-15 17:42:57 +00:00
5d9add4450
Merge pull request #19640 from jheysel-r7/pyload_js2py_cve_2024_39205
...
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
2024-11-15 09:24:37 -05:00
6962d828ac
primefaces exploit v2
2024-11-14 14:14:02 -05:00
7a8e72f9b8
primefaces exploit v1
2024-11-14 14:12:13 -05:00
09d84eaabb
Added module for WSO2 API Manager Documentation File Upload Remote Code Execution
...
Closes #19646
on-behalf-of: @redwaysecurity <info@redwaysecurity.com >
2024-11-14 18:34:11 +01:00
3e3e81ff22
Update documentation with new datastore options
2024-11-14 15:15:06 +11:00
37c148cc7c
CVE-2024-47407
...
CVE-2024-47407
2024-11-13 03:55:17 +00:00
d2ef3cb6a9
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
2024-11-12 16:05:07 -08:00
19e182ce65
Land #19557 , Add Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module
...
Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module
2024-11-12 16:42:06 -06:00
24e19e4ebb
Update the ESC8 relay module to use the new helper
...
It also fixes some unrelated minor issues found in the module and the documentation
2024-11-12 18:23:31 +01:00
a09ca39dee
Update documentation/modules/exploit/linux/http/paloalto_expedition_rce.md
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2024-11-12 09:03:51 -06:00
Christophe De La Fuente