9caa2be9a2
Land #20399 , adds module for Pandora ITSM authenticated RCE (CVE-2025-4653)
...
Pandora ITSM auth RCE [CVE-2025-4653]
2025-08-07 08:37:45 +02:00
b6dc0860e7
Merge pull request #20409 from sfewer-r7/sharepoint-hax
...
Exploit module for Microsoft SharePoint ToolPane Unauthenticated RCE (CVE-2025-53770 and CVE-2025-53771)
2025-08-06 14:24:28 -05:00
0a923a611d
reword the language around our usage of CVE-2025-53770 to make it clear that this module is leveraging the authentication bypass for both CVE-2025-49706 and CVE-2025-53771, and the unsafe deserialization for CVE-2025-49704.
2025-08-06 15:33:57 +01:00
c99702c8bf
Land #20446 , adds module for ICTBroadcast Unauthenticated RCE (CVE-2025-2611)
...
Add ICTBroadcast Unauthenticated Remote Code Execution (CVE-2025-2611)
2025-08-05 09:29:36 +02:00
6ff04da954
Add LPE suggestions in documentation
2025-08-04 18:33:28 +02:00
7d744c2a45
Update documentation
2025-08-04 17:51:42 +02:00
c8f756dd37
Update documentation/modules/exploit/linux/http/ictbroadcast_unauth_cookie.md
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-08-04 17:02:12 +02:00
5fd6184494
Land #20423 , adds malicious XDG Desktop fileformat module
...
Add Malicious XDG Desktop File module
2025-08-04 11:44:02 +02:00
a7ab23d083
Add Malicious XDG Desktop File module
2025-08-04 19:23:02 +10:00
50ef5edd90
Add Unauthenticated ICTBroadcast Remote Code Execution (CVE-2025-2611)
2025-08-02 19:46:14 +02:00
4b52708357
update module + documentation based on review comments
2025-07-30 11:39:20 +00:00
f4622d802e
Land #20406 , adds malicious Windows Script Host VBScript fileformat module
...
Add Malicious Windows Script Host VBScript (.vbs) File module
2025-07-28 13:58:07 +02:00
12340ef6b5
Land #20398 , adds malicious Windows Script Host JScript fileformat module
...
Add Malicious Windows Script Host JScript (.js) File module
2025-07-28 13:51:26 +02:00
3237151512
add in the documentation
2025-07-25 14:40:12 +01:00
cbc03eaeeb
Add Malicious Windows Script Host VBScript (.vbs) File module
2025-07-25 18:46:47 +10:00
44c61a7e4d
Add Malicious Windows Script Host JScript (.js) File module
2025-07-25 18:43:33 +10:00
afeded56aa
Land #20384 , adds module for malicious Windows Registration Entries files
...
Add Malicious Windows Registration Entries (.reg) File module
2025-07-24 12:29:34 +02:00
05f2012ccc
Merge pull request #20338 from Chocapikk/xorcom
...
Add auxiliary and exploit modules for Xorcom CompletePBX 5.2.35 CVEs (2025-2292, 30004, 30005)
2025-07-22 08:19:36 -07:00
58704e9eab
init module + documentation
2025-07-20 19:06:01 +00:00
8fe815da6f
Merge pull request #20394 from cgranleese-r7/update-docs-to-reflect-new-default-prompt
...
Updates docs to reflect new default prompt
2025-07-17 12:53:02 +01:00
adff497bd2
Updates msf5 as well
2025-07-17 11:51:29 +01:00
18d61d3763
Merge pull request #20356 from msutovsky-r7/exploit/pandorafms_netflow_rce
...
Add module for authenticated PandoraFMS command injection (CVE-2025-5306)
2025-07-17 11:58:54 +02:00
ca9535e39a
Update pandora_fms_auth_netflow_rce.md
2025-07-17 11:29:07 +02:00
469f102596
Updates docs to reflect new default prompt
2025-07-17 09:53:40 +01:00
b06903810c
feat(xorcom): add shared CompletePBX mixin, refactor modules, update docs
2025-07-16 21:25:17 +02:00
f773e3aef9
Updates docs
2025-07-16 12:25:28 +02:00
c5ec45452a
Add Malicious Windows Registration Entries (.reg) File module
2025-07-13 23:41:59 +10:00
ffdfa07954
Land #20354 , adds module for ISPConfig code injection (CVE-2023-46818)
...
Add module for ISPConfig Code Injection (CVE-2023-46818)
2025-07-09 07:47:56 +02:00
ffa2152a6a
Updates docs
2025-07-07 11:56:53 +02:00
b9ee9ba88c
Update wingftp_null_byte_rce.md
2025-07-03 19:43:06 +02:00
ef3ddec3dd
Update documentation/modules/exploit/multi/http/wingftp_null_byte_rce.md
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2025-07-03 19:41:34 +02:00
5b268bd4b4
Fix documentation and typos
2025-07-01 22:50:01 +02:00
1a4a15e83b
Add WingFTP unauthenticated RCE (CVE-2025-47812)
2025-07-01 19:15:15 +02:00
5c8d918e3d
Fixes documentation
2025-06-28 17:07:44 +02:00
840ae0f317
resolved: issues
2025-06-27 19:42:35 +05:30
a7b038b822
Merge pull request #20341 from msutovsky-r7/exploit/skyvern_ssti_rce
...
Adds module for Skyvern SSTI (CVE-2025-49619)
2025-06-27 14:14:40 +02:00
37e8780a6b
Code refactor, docs
2025-06-27 10:26:31 +02:00
7b845fa3df
Fixed documentation issues
2025-06-26 12:08:51 +02:00
240bc828f1
Removing header
2025-06-26 12:08:51 +02:00
d787444137
Add exploit module for ISPConfig language_edit.php PHP Code Injection (CVE-2023-46818)
...
- Adds modules/exploits/linux/http/ispconfig_lang_edit_php_code_injection.rb
- Adds documentation for the module in documentation/modules/exploit/linux/http/ispconfig_lang_edit_php_code_injection.md
- Module targets ISPConfig < 3.2.11p1 with admin_allow_langedit enabled
- References and implementation based on PoC and advisories at https://github.com/SyFi/CVE-2023-46818
2025-06-25 22:27:52 +05:30
fdc78b40bb
Add more clear installation steps
...
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com >
2025-06-25 15:17:58 +02:00
fde78bf73f
Land #20324 , adds exploit for UNC path in .url files (CVE-2025-33053)
...
Adds exploit module for Internet Shortcut UNC path vulnerability (CVE-2025-33053)
2025-06-25 11:23:23 +02:00
6d843385ec
Merge pull request #20301 from msutovsky-r7/exploit/cve-2021-25094
...
Adds module for Tatsu WP plugin (CVE-2021-25094)
2025-06-25 10:58:22 +02:00
afdad8ed4c
chore(wp_tatsu_rce): msftidy_docs fix
2025-06-25 10:16:49 +02:00
13cd2d2e51
Minor code changes, updates documentation
2025-06-24 16:22:42 +02:00
a67c883e0c
Removes unnecessary header
...
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com >
2025-06-24 15:48:38 +02:00
be8864fe84
Merge pull request #20339 from bcoles/exploit-windows-fileformat-ms_visual_basic_vbp
...
exploit/windows/fileformat/ms_visual_basic_vbp: Add offsets, cleanup, document
2025-06-23 10:41:14 +01:00
ca142599e8
Module init
2025-06-23 10:27:27 +02:00
e1dec29ef9
exploit/windows/browser/ms08_070_visual_studio_msmask: Cleanup and add documentation
2025-06-23 00:38:44 +10:00
c0baf1888b
exploit/windows/fileformat/ms_visual_basic_vbp: Add offsets, cleanup, document
2025-06-23 00:11:54 +10:00
msutovsky-r7