 William Vu
|
fed2ed444f
|
Remove deprecated modules
psexec_psh is undeprecated because users have been reporting
idiosyncrasies between it and psexec in the field.
|
2016-09-03 12:43:01 -05:00 |
|
|
Pearce Barry
|
226ded8d7e
|
Land #6921, Support basic and form auth at the same time
|
2016-08-25 16:31:26 -05:00 |
|
|
wchen-r7
|
c64e1b8fe6
|
Land #7181, NUUO NVRmini 2 / Crystal / NETGEAR ReadyNAS Surveillance
|
2016-08-08 16:04:33 -05:00 |
|
|
wchen-r7
|
cb04ff48bc
|
Land #7180, Add exploit for CVE 2016-5674 / Nuuo / Netgear unauth RCE
|
2016-08-08 15:55:39 -05:00 |
|
|
Pedro Ribeiro
|
3b64b891a6
|
Update nuuo_nvrmini_unauth_rce.rb
|
2016-08-05 21:53:25 +01:00 |
|
|
Pedro Ribeiro
|
746ba4d76c
|
Add bugtraq reference
|
2016-08-05 21:53:08 +01:00 |
|
|
Pedro Ribeiro
|
2aca610095
|
Add github link
|
2016-08-04 17:38:31 +01:00 |
|
|
Pedro Ribeiro
|
7d8dc9bc82
|
Update nuuo_nvrmini_unauth_rce.rb
|
2016-08-04 17:38:14 +01:00 |
|
|
Pedro Ribeiro
|
b48518099c
|
add exploit for CVE 2016-5674
|
2016-08-04 16:55:21 +01:00 |
|
|
Pedro Ribeiro
|
0deac80d61
|
add exploit for CVE 2016-5675
|
2016-08-04 16:54:38 +01:00 |
|
|
wchen-r7
|
1e1866f583
|
Fix #7158, tiki_calendar_exec incorrectly reports successful login
Fix #7158
|
2016-07-28 17:03:31 -05:00 |
|
|
Brendan
|
4720d77c3a
|
Land #6965, centreon useralias exec
|
2016-07-26 15:02:36 -07:00 |
|
|
Brent Cook
|
b08d1ad8d8
|
Revert "Land #6812, remove broken OSVDB references"
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
|
2016-07-15 12:00:31 -05:00 |
|
|
Brent Cook
|
2b016e0216
|
Land #6812, remove broken OSVDB references
|
2016-07-11 22:59:11 -05:00 |
|
|
William Webb
|
52c6daa0f2
|
Land #7048, Riverbed SteelCentral NetProfiler and NetExpress Remote
Command Injection
|
2016-07-10 18:54:12 -05:00 |
|
|
Francesco
|
b75084249a
|
Removed duplicate 'Privileged' key
|
2016-07-10 01:37:03 -04:00 |
|
|
Francesco
|
4ed12d7077
|
Added: support for credentials saving using report_cred method as suggested
Added: support for detection of valid user credentials to skip login SQLi if not necessary.
|
2016-07-02 01:41:13 -04:00 |
|
|
William Vu
|
9663f88fdc
|
Download profile.zip instead of including it
profile.zip is GPL-licensed...
|
2016-07-01 01:17:23 -05:00 |
|
|
Francesco
|
068a4007de
|
Riverbed SteelCentral NetProfiler & NetExpress Exploit Module
Changes to be committed:
new file: modules/exploits/linux/http/riverbed_netprofiler_netexpress_exec.rb
|
2016-06-29 22:27:40 -04:00 |
|
|
William Vu
|
68bd4e2375
|
Fire and forget the shell
Edge case where reverse_perl returns 302 when app is unconfigured.
|
2016-06-29 14:51:05 -05:00 |
|
|
William Vu
|
5f08591fef
|
Add Nagios XI exploit
|
2016-06-27 15:17:18 -05:00 |
|
|
wchen-r7
|
de5152401a
|
Land #6992, Add tiki calendar exec exploit
|
2016-06-22 11:18:14 -05:00 |
|
|
wchen-r7
|
8697d3d6fb
|
Update tiki_calendar_exec module and documentation
|
2016-06-22 11:17:45 -05:00 |
|
|
h00die
|
9cb57d78d7
|
updated check and docs that 14.2 may not be vuln
|
2016-06-21 16:48:09 -04:00 |
|
|
h00die
|
15a3d739c0
|
fix per wchen
|
2016-06-20 17:57:10 -04:00 |
|
|
h00die
|
6fe7698b13
|
follow redirect automatically
|
2016-06-19 20:24:54 -04:00 |
|
|
h00die
|
3f25c27e34
|
2 void-in fixes of 3
|
2016-06-19 14:35:27 -04:00 |
|
|
h00die
|
ddfd015310
|
functionalized calendar call, updated docs
|
2016-06-19 08:53:22 -04:00 |
|
|
h00die
|
3feff7533b
|
tiki calendar
|
2016-06-18 13:11:11 -04:00 |
|
|
h00die
|
ebde552982
|
gem version
|
2016-06-16 21:09:56 -04:00 |
|
|
Brendan Watters
|
9ea0b8f944
|
Land #6934, Adds exploit for op5 configuration command execution
|
2016-06-16 14:36:10 -05:00 |
|
|
William Vu
|
ea988eaa72
|
Add setsid to persist the shell
Prevents the watchdog from killing our session.
|
2016-06-16 11:31:35 -05:00 |
|
|
h00die
|
cfb034fa95
|
fixes all previously identified issues
|
2016-06-15 20:58:04 -04:00 |
|
|
h00die
|
81fa068ef0
|
pulling out the get params
|
2016-06-15 12:27:31 -04:00 |
|
|
h00die
|
52db99bfae
|
vars_post for post request
|
2016-06-15 07:24:41 -04:00 |
|
|
h00die
|
625d60b52a
|
fix the other normalize_uri
|
2016-06-14 15:03:07 -04:00 |
|
|
h00die
|
afc942c680
|
fix travis
|
2016-06-13 19:07:14 -04:00 |
|
|
h00die
|
bd4dacdbc3
|
added Rank
|
2016-06-13 19:04:06 -04:00 |
|
|
h00die
|
72ed478b59
|
added exploit rank
|
2016-06-13 18:56:33 -04:00 |
|
|
h00die
|
40f7fd46f9
|
changes outlined by wvu-r7
|
2016-06-13 18:52:25 -04:00 |
|
|
h00die
|
f63273b172
|
email change
|
2016-06-11 21:05:34 -04:00 |
|
|
h00die
|
bd6eecf7b0
|
centreon useralias first add
|
2016-06-11 20:57:18 -04:00 |
|
|
William Vu
|
ec1248d7af
|
Convert to CmdStager
|
2016-06-10 20:42:01 -05:00 |
|
|
William Vu
|
46239d5b0d
|
Add Apache Continuum exploit
|
2016-06-09 22:35:38 -05:00 |
|
|
h00die
|
d63dc5845e
|
wvu-r7 comment fixes
|
2016-06-09 21:52:21 -04:00 |
|
|
h00die
|
6f5edb08fe
|
pull uri from datastore consistently
|
2016-06-08 20:28:36 -04:00 |
|
|
Brendan Watters
|
c4aa99fdac
|
Land #6925, ipfire proxy exec
|
2016-06-07 10:24:59 -05:00 |
|
|
Brendan Watters
|
7e84c808b2
|
Merge remote-tracking branch 'upstream/pr/6924' into dev
|
2016-06-07 09:24:25 -05:00 |
|
|
h00die
|
c2699ef194
|
rubocop fixes
|
2016-06-03 17:43:11 -04:00 |
|
|
h00die
|
2f837d5d60
|
fixed EDB spelling
|
2016-06-03 17:17:36 -04:00 |
|