 msutovsky-r7
|
c598d8b4b0
|
Land #20020, adds module for Nextcloud Workflow Remote Code Execution
Add exploit module for the nextcloud workflow vulnerability CVE-2023-26482
|
2025-05-15 12:31:51 +02:00 |
|
|
whotwagner
|
97ecaa7c30
|
Refactoring indentations
|
2025-05-15 09:16:26 +00:00 |
|
|
whotwagner
|
61dc956bb3
|
Update modules/exploits/unix/webapp/nextcloud_workflows_rce.rb
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
|
2025-05-15 11:15:05 +02:00 |
|
|
whotwagner
|
72c9d5b038
|
Update modules/exploits/unix/webapp/nextcloud_workflows_rce.rb
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
|
2025-05-15 11:14:25 +02:00 |
|
|
whotwagner
|
9b619cbc58
|
Update modules/exploits/unix/webapp/nextcloud_workflows_rce.rb
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
|
2025-05-15 11:12:05 +02:00 |
|
|
whotwagner
|
0e0b84d252
|
Error message if nextcloud-upload fails
|
2025-05-14 13:53:59 +00:00 |
|
|
msutovsky-r7
|
fe5f56cac0
|
Land #20159, adds module for privilege escalation in Wordpress (CVE-2025-2563)
Add Unauthenticated privesc for WP User Registration & Membership plugin (CVE-2025-2563)
|
2025-05-14 15:33:30 +02:00 |
|
|
msutovsky-r7
|
7d8d0230cb
|
Land #20026, adds module for CVE-2024-57487
New Exploit Module & Documentation for CVE-2024-57487
|
2025-05-14 08:00:20 +02:00 |
|
|
Chocapikk
|
88ffe892e0
|
Remove lower bound
|
2025-05-13 21:48:49 +02:00 |
|
|
Valentin Lobstein
|
7f98f2fad7
|
Update modules/exploits/multi/http/wp_user_registration_membership_escalation.rb
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
|
2025-05-13 21:42:10 +02:00 |
|
|
Chocapikk
|
c415675c39
|
Reduce wordpress_version calls
|
2025-05-13 21:42:10 +02:00 |
|
|
Chocapikk
|
a2ff0c1f92
|
Apply suggestion to store created WordPress admin creds
|
2025-05-13 21:42:09 +02:00 |
|
|
Chocapikk
|
e335841bb0
|
Add Unauthenticated privesc for WP User Registration & Membership plugin (CVE-2025-2563)
|
2025-05-13 21:42:09 +02:00 |
|
|
aaryan-11-x
|
1e523e4e0b
|
MsfTidy Fixes again
|
2025-05-13 23:54:36 +05:30 |
|
|
Brendan
|
cb6495e5bc
|
Merge pull request #20146 from Chocapikk/wp_suretriggers_auth_bypass
Add WP SureTriggers ≤1.0.78 admin-creation & RCE module (CVE-2025-3102)
|
2025-05-13 10:53:44 -05:00 |
|
|
whotwagner
|
09aaf5865c
|
Rearranged code and removed wait_for_payload_session
|
2025-05-13 13:48:56 +00:00 |
|
|
whotwagner
|
ad9651db5d
|
Update modules/exploits/unix/webapp/nextcloud_workflows_rce.rb
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
|
2025-05-13 13:48:56 +00:00 |
|
|
whotwagner
|
9b0aee41f4
|
Update modules/exploits/unix/webapp/nextcloud_workflows_rce.rb
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
|
2025-05-13 13:48:56 +00:00 |
|
|
whotwagner
|
83786100b3
|
Update modules/exploits/unix/webapp/nextcloud_workflows_rce.rb
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
|
2025-05-13 13:48:56 +00:00 |
|
|
whotwagner
|
2ba8e1c255
|
Update modules/exploits/unix/webapp/nextcloud_workflows_rce.rb
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
|
2025-05-13 13:48:56 +00:00 |
|
|
whotwagner
|
6aa2170fbc
|
Update modules/exploits/unix/webapp/nextcloud_workflows_rce.rb
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
|
2025-05-13 13:48:56 +00:00 |
|
|
whotwagner
|
c9521a0eab
|
Removed thread from exploit_nextcloud_workflows
|
2025-05-13 13:48:56 +00:00 |
|
|
whotwagner
|
4a5d556671
|
Removed linux_dropper from exploit_nextcloud_workflows
|
2025-05-13 13:48:56 +00:00 |
|
|
whotwagner
|
d0a3eb4332
|
Fixed refacturing-bugs
|
2025-05-13 13:48:56 +00:00 |
|
|
whotwagner
|
92e30b8391
|
Update modules/exploits/unix/webapp/nextcloud_workflows_rce.rb
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
|
2025-05-13 13:48:56 +00:00 |
|
|
whotwagner
|
5a75e0bb2d
|
Reformatting res.code for login-failure
|
2025-05-13 13:48:56 +00:00 |
|
|
whotwagner
|
fde19395ce
|
Update modules/exploits/unix/webapp/nextcloud_workflows_rce.rb
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
|
2025-05-13 13:48:56 +00:00 |
|
|
whotwagner
|
b1e3b0708e
|
Fixed get_html_document in parse_tokens
|
2025-05-13 13:48:56 +00:00 |
|
|
whotwagner
|
2245516a21
|
Update modules/exploits/unix/webapp/nextcloud_workflows_rce.rb
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
|
2025-05-13 13:48:56 +00:00 |
|
|
whotwagner
|
14daed78b2
|
Update modules/exploits/unix/webapp/nextcloud_workflows_rce.rb
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
|
2025-05-13 13:48:56 +00:00 |
|
|
whotwagner
|
4a08b93542
|
Update modules/exploits/unix/webapp/nextcloud_workflows_rce.rb
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
|
2025-05-13 13:48:56 +00:00 |
|
|
whotwagner
|
5f42b3439e
|
Update modules/exploits/unix/webapp/nextcloud_workflows_rce.rb
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
|
2025-05-13 13:48:56 +00:00 |
|
|
whotwagner
|
e6781e60f0
|
Changed ranking to Excellent
|
2025-05-13 13:48:36 +00:00 |
|
|
jenkins-metasploit
|
e819362398
|
automatic module_metadata_base.json update
|
2025-05-13 13:45:30 +00:00 |
|
|
Brendan
|
5faa0a5b6b
|
Merge pull request #19777 from msutovsky-r7/linqpad_deserialization
Linqpad deserialization persistence
|
2025-05-13 08:03:30 -05:00 |
|
|
Chocapikk
|
40002f87f4
|
Apply suggestion to store created WordPress admin creds
|
2025-05-11 17:53:06 +02:00 |
|
|
Valentin Lobstein
|
604672433a
|
Update modules/exploits/multi/http/wp_suretriggers_auth_bypass.rb
Co-authored-by: bcoles <bcoles@gmail.com>
|
2025-05-11 17:19:12 +02:00 |
|
|
Valentin Lobstein
|
ca6e413bea
|
Update modules/exploits/multi/http/wp_suretriggers_auth_bypass.rb
Co-authored-by: bcoles <bcoles@gmail.com>
|
2025-05-11 17:18:51 +02:00 |
|
|
Valentin Lobstein
|
04915c8c95
|
Update modules/exploits/multi/http/wp_suretriggers_auth_bypass.rb
Co-authored-by: bcoles <bcoles@gmail.com>
|
2025-05-11 17:18:37 +02:00 |
|
|
Valentin Lobstein
|
5c8013ad92
|
Update modules/exploits/multi/http/wp_suretriggers_auth_bypass.rb
Co-authored-by: bcoles <bcoles@gmail.com>
|
2025-05-11 17:18:29 +02:00 |
|
|
Chocapikk
|
21a9fa848c
|
Add credits
|
2025-05-07 23:59:06 +02:00 |
|
|
Chocapikk
|
879027bd5a
|
Update
|
2025-05-07 23:50:20 +02:00 |
|
|
Valentin Lobstein
|
2e9d7db238
|
Update modules/exploits/multi/http/wp_suretriggers_auth_bypass.rb
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
|
2025-05-07 23:34:58 +02:00 |
|
|
Valentin Lobstein
|
23809f0d08
|
Update modules/exploits/multi/http/wp_suretriggers_auth_bypass.rb
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
|
2025-05-07 23:34:51 +02:00 |
|
|
Chocapikk
|
4d0c7bb71a
|
Add WP SureTriggers ≤1.0.78 admin-creation & RCE module (CVE-2025-3102)
|
2025-05-07 17:45:30 +02:00 |
|
|
cgranleese-r7
|
49c041f291
|
Land #20137, modules/exploits/unix/dhcp: Resolve RuboCop violations
|
2025-05-07 09:55:41 +01:00 |
|
|
aaryan-11-x
|
30c175675b
|
RuboCop Fixes again
|
2025-05-06 23:53:24 +05:30 |
|
|
aaryan-11-x
|
67942d5159
|
Made changes as requested by moderator
|
2025-05-06 23:35:07 +05:30 |
|
|
bcoles
|
37c52bb4c7
|
modules/exploits/unix/dhcp: Resolve RuboCop violations
|
2025-05-07 00:22:34 +10:00 |
|
|
bcoles
|
e5138fcd01
|
modules/exploits/unix/fileformat: Resolve RuboCop violations
|
2025-05-06 23:30:37 +10:00 |
|