94e5e49052
ubuntu needrestart lpe
2024-11-22 15:44:45 -05:00
502e415344
Merge pull request #19630 from remmons-r7/cups_ipp_rce
...
Exploit module for IPP attributes remote code execution - OpenPrinting CUPS
2024-11-22 09:22:21 -05:00
d95d549992
Land #19531 ProjectSend r1335 - r1605 RCE module
2024-11-21 09:53:36 -08:00
68eb6599fd
Create projectsend_unauth_rce
2024-11-21 09:34:58 -08:00
afbbba09e8
Land #19584 Judge0 sandbox escape CVE-2024-28185, CVE-2024-28189
2024-11-20 14:35:38 -08:00
da6f8cd552
Add Judge0 module and document
2024-11-20 14:15:38 -08:00
05cbd1d9a3
Land #19593 Add exploit for CVE-2023-28324 (Unauthenticated RCE in Ivanti EPM)
...
This exploits an unauthenticated RCE in Ivanti's EPM where a .NET remoting client can invoke a method that results in an OS command being executed in the context of NT AUTHORITY\SYSTEM.
2024-11-20 11:18:58 -08:00
e52edf447c
Implement feedback from the PR
2024-11-20 13:51:39 -05:00
5d9add4450
Merge pull request #19640 from jheysel-r7/pyload_js2py_cve_2024_39205
...
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
2024-11-15 09:24:37 -05:00
d2ef3cb6a9
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
2024-11-12 16:05:07 -08:00
19e182ce65
Land #19557 , Add Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module
...
Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module
2024-11-12 16:42:06 -06:00
a09ca39dee
Update documentation/modules/exploit/linux/http/paloalto_expedition_rce.md
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2024-11-12 09:03:51 -06:00
61486cd877
Update documentation/modules/exploit/linux/http/paloalto_expedition_rce.md
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2024-11-12 09:03:35 -06:00
b712f9a745
Create cups_ipp_remote_code_execution.md
2024-11-11 15:53:14 -06:00
222df0bfdf
Land #19527 Add bypass for GiveWP RCE (CVE-2024-8353)
...
This updates the exploit module wp_giveup_rce_bypass to incorporate the bypass CVE, allowing the payload to work on all affected versions of the GiveWP plugin.
2024-10-30 16:29:14 -04:00
094250f7e7
Land #19489 Add WordPress wp-automatic SQLi to RCE module
2024-10-30 09:05:03 -04:00
9f41937c7a
Finish up the exploit module
2024-10-28 17:20:35 -04:00
661075a45c
handling additional case
...
handling additional case when autocheck is disabled and no credentials are provided
2024-10-22 03:42:39 +01:00
59d026acd3
Land #19544 , Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow iconv() of GLIBC (CVE-2024-2961)
2024-10-18 14:39:54 +02:00
7b400f18fe
Fix metabase rce to support older versions
2024-10-17 10:10:50 +01:00
9a245e6e06
Land #19485 , Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257)
...
Land #19485 , Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257)
2024-10-15 17:13:15 +02:00
6c099f2b73
Add WordPress wp-automatic SQLi to RCE module (CVE-2024-27956)
2024-10-14 18:13:17 +02:00
34538df83c
PoC and Documentation
...
PoC and Documentation
2024-10-14 05:09:29 +01:00
44b33b8010
Fixed multiple sessions and instability
2024-10-10 11:36:16 -07:00
dab5d66e37
Test and respond to comments
2024-10-09 22:52:55 -07:00
a4ef40a233
Updated docs with Options section
2024-10-09 13:08:20 -07:00
e8711c5b20
Magento XXE to GLIBC buffer overflow
2024-10-09 12:53:29 -07:00
3211edd83c
docs: review changes
2024-10-09 12:18:35 -04:00
2762132830
docs: adding motd_persistence docs
2024-10-08 11:22:13 -04:00
48e740d1fc
Update documentation/modules/exploit/multi/http/wp_givewp_rce.md
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2024-10-03 16:34:24 +02:00
1cdaeac843
Land #19463 Add Acronis Cyber Default Password RCE
...
This adds an RCE module Acronis Cyber Infrastructure Default Password [CVE-2023-45249]
2024-10-02 16:02:50 -04:00
58878db970
update doc
2024-10-02 19:56:22 +02:00
fbb74a6d2d
Add bypass for GiveWP RCE (CVE-2024-8353)
2024-10-02 19:53:20 +02:00
8761226b97
Land #19456 VICIdial Auth RCE module
...
This adds a module to exploit CVE-2024-8504 an authenticated RCE in VICIdial
2024-09-30 17:13:33 -04:00
10a4b24ed7
Better file clean
2024-09-27 01:17:07 +02:00
c43a4f4b0b
Fixed cluster ID issue
2024-09-26 21:53:27 +00:00
dbc020a745
Merge pull request #19441 from Takahiro-Yoko/cve_2023_0386_priv_esc
...
Land #19441 , Add module: Linux Priv Esc (OverlayFS copying bug) CVE-2023-0386
2024-09-26 14:07:17 -05:00
8e2dbbbd56
Land #19416 , Add Traccar RCE module
...
This module exploits two vulnerabilities in Traccar v5.1 - v5.12 to
obtain remote code execution: A path traversal vulnerability
CVE-2024-24809 and an unrestricted file upload vulnerability
CVE-2024-31214.
2024-09-23 15:25:02 -07:00
5408d0b5ac
Update documentation/modules/exploit/unix/webapp/byob_unauth_rce.md
2024-09-23 18:40:26 +02:00
b18cb3ecac
Update documentation/modules/exploit/unix/webapp/byob_unauth_rce.md
2024-09-23 18:40:19 +02:00
9e6adea0dc
Add BYOB Unauthenticated RCE module exploiting arbitrary file write and command injection (CVE-2024-45256, CVE-2024-45257)
2024-09-21 04:00:56 +02:00
589b0f8331
updated documentation
2024-09-20 10:29:17 +00:00
8e62f22315
fifth release with the option to use your own SSH private key
2024-09-20 09:50:13 +00:00
8b197a60f9
fourth release addressing review comments of jheysel-r7
2024-09-19 20:54:55 +00:00
ae8df6c34b
Add working documentation + working exploit
2024-09-18 17:00:18 +02:00
9971aed96f
third release addressing majority of the review comments
2024-09-17 19:23:38 +00:00
d7fa23f30f
Apply suggestions from code review
...
Co-authored-by: bcoles <bcoles@gmail.com >
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-09-17 19:00:48 +02:00
0bf524482c
Land #19345 , Post module Windows LPE CVE-2024-30088
2024-09-17 08:13:21 -04:00
6e696e24e5
Land #19457 , WP Plugin LiteSpeed Cache Account Take Over Module
2024-09-17 06:30:33 -04:00
86c8879270
Added documentation
2024-09-16 19:54:59 +00:00
h00die