786d59d360
Use AutoCheck mixin and prefer cc over gcc
2020-08-24 11:47:50 +00:00
6e2a7001a9
Land #13994 , add Dlink Wifi manager rce
2020-08-18 09:34:19 -05:00
d79ad5efca
minor rubocop fix
2020-08-18 09:33:32 -05:00
0a20a217dc
Fix description of the vulnerability
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-08-17 21:06:46 +02:00
602865ef70
refactor if in check method
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-08-17 21:01:34 +02:00
de5f335618
Fix formatting
2020-08-17 11:53:39 -05:00
0c34c2559e
Remove no-op Nokogiri::XML pretty printing
...
ea1f3d60f1
2020-08-17 11:16:11 -05:00
27ae6c4edd
Land #13986 , Add CVE-2020-16205 exploit for Geutebruck G-CAM
2020-08-17 09:24:32 -05:00
ea1f3d60f1
Adjust XML whitespace and add commands to the setup docs
2020-08-17 10:03:44 -04:00
eda222434f
Execute commands in a shell
2020-08-14 21:46:34 -05:00
22cf22fe53
Fix ARCH_CMD payload
...
Currently, we're not invoking within a shell.
2020-08-14 21:46:34 -05:00
f151c511bc
Explain what we're doing in the check
2020-08-14 21:46:34 -05:00
d3febe3284
Set SSL as a DefaultOption and update RPORT
2020-08-14 21:46:34 -05:00
46b6368597
Add Apache OFBiz XML-RPC Java deserialization
2020-08-14 21:46:34 -05:00
4a8b64a12f
Use WritableDir in execute_cmdstager, too
2020-08-14 21:07:08 -05:00
93fa66bfc5
Update geutebruck_testaction_exec.rb
...
And a fix for the fix ;)
I guess now everything will work as intended !
2020-08-15 00:56:53 +02:00
1da359ee01
Merge with last fix. This fix just fixes a issue with a method call as I tried calling the nonexistant method .true?
2020-08-14 17:49:02 -05:00
896c8aacae
Add in AutoCheck mixin so that we ensure targets are vulnerable before attempting to exploit them.
2020-08-14 17:27:39 -05:00
898f94320c
Add in fixes to check method so that the code will return the correct status if the connection fails
2020-08-14 17:18:31 -05:00
f3fdcf4343
Update geutebruck_testaction_exec.rb
...
Oops sorry, don't know what this "return true" was doing there.
2020-08-14 23:56:21 +02:00
f726967ba7
Update geutebruck_testaction_exec.rb
...
with the updated check using `Gem::Version`
2020-08-14 23:17:26 +02:00
cd41d9c3c9
Land #13911 , iphone 4 on ios 7.1.2 safari jit for root
2020-08-14 16:01:14 -04:00
a6f7c0c0de
Backport miscellaneous fixes to my modules
2020-08-14 13:40:23 -05:00
f401f48138
Update vbulletin module with correct CVE
...
Apparently someone snarfed the CVE for this out from under me. Since they were faster
to publish, we should use that number instead of the one out of our block.
2020-08-14 08:25:57 -05:00
0dc53c46d4
Apply Rubocop fixes I forgot about and update the module description to add in missing information about affected parameters
2020-08-13 15:23:09 -05:00
c59b3835f9
Fix up module description to have better sentence structure and English and to also include the actual versions of the products that were affected in addition to the firmware versions. This prevents people from having to read the documentation to find affected targets
2020-08-13 15:18:10 -05:00
3c70f37dbe
Update exploit ranking to reflect the fact that this is a CMD Injection vulnerability with no chance of crashing the host
2020-08-13 14:40:33 -05:00
959689d5de
Update geutebruck_testaction_exec.rb
...
Fixed rubocop offenses / msftidy warnings and added @bcoles enhancements.
2020-08-13 14:29:31 -05:00
5f6a0746a6
Update modules/exploits/linux/http/geutebruck_testaction_exec.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2020-08-13 14:29:30 -05:00
a69d941a72
Update modules/exploits/linux/http/geutebruck_testaction_exec.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2020-08-13 14:29:30 -05:00
4ceb542fac
Update modules/exploits/linux/http/geutebruck_testaction_exec.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2020-08-13 14:29:30 -05:00
a5e25f5a42
Add exploit for Geutebruck G-CAM
2020-08-13 14:29:28 -05:00
1a468fa210
remove unneeded include, left from an attempt to execute native payloads
2020-08-13 15:51:09 +02:00
66d3b1cd59
Add exploit for CVE-2019-13372
2020-08-13 15:07:11 +02:00
24b1235cf7
Whitespace adjustment and remove superfluous return statements
2020-08-12 13:59:25 -04:00
0b1efd0fe9
Update modules/exploits/multi/http/vbulletin_widget_template_rce.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2020-08-12 09:33:16 -07:00
e334217636
Fix from bad merge for vbulletin_widget_template_rce module.
2020-08-11 19:09:14 -05:00
8db34ea91b
vBulletin_widget_template_rce merge
2020-08-11 18:40:09 -05:00
3ef01c468f
Ran vBulletin_widget_template_rce through rubocop, cleaned up results.
2020-08-11 18:38:41 -05:00
19618d9bd2
Add CVE-2020-7373 in the references
2020-08-11 14:22:11 -05:00
0dab52ef35
A few last changes from msftidy and msftidy_docs.
2020-08-09 18:25:13 -05:00
661e2a680b
Initial push of exploit and module for vbulletin_widget_template_rce vulnerability.
2020-08-09 17:38:52 -05:00
d2b1d97b62
Land #13940 , Compliance and Typo Edits for baldr_upload_exec
2020-08-06 11:25:31 -05:00
2ca508c08e
Further edits for RuboCop and msftidy_docs.rb compliance
2020-08-06 11:18:39 -05:00
5c6530d9e5
Update module description and documentation to have a better description of what is going on and to also fix further copies of the typos that were pointed out.
2020-08-06 10:50:47 -05:00
35017886b8
Land #13935 , Preliminary Version 6
2020-08-06 10:19:34 -05:00
ba7f1ea486
Land #13897 , Fix dangling reference issue in cve_2020_0688_service_tracing.rb
...
and filesystem.rb
Merge branch 'land-13897' into upstream-master
2020-08-05 17:04:15 -05:00
41e22992ff
typo and touch-ups to desc
...
typo and touch-ups to desc
2020-08-04 16:59:57 -06:00
fade2c76b5
Land #13904 , Added Module: priviledged docker container escape
...
Merge branch 'land-13904' into upstream-master
2020-08-04 14:39:17 -05:00
6ed05df308
Land #13517 , Documalis Free PDF Editor and Free PDF Scanner JPEG PDF Stack Buffer Overflow
2020-08-03 14:11:50 -05:00
Brendan Coles