adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
76,835 Commits 27 Branches 1,043 Tags
d4001ef5587f486cdc7a6019d3fe2f2cd2d94bdd
Commit Graph

4140 Commits

Author SHA1 Message Date
Brendan 98702a6326 Merge pull request #20044 from jheysel-r7/cve_2025_21293 
Updated service_permissions with action to exploit CVE-2025-21293
 2025-04-17 13:24:46 -05:00
Jack Heysel 3ead0fdf42 Add check for is_uac_enabled? 2025-04-16 17:59:53 -07:00
Jack Heysel 9a95f60df6 Updated service_permissions with action to exploit CVE-2025-21293 2025-04-16 10:55:05 -07:00
Takah1ro edcc30699a Make user be able to specify a particular endpoint 2025-04-16 21:47:31 +09:00
Takahiro Yokoyama 8dc4beba7f Update documentation/modules/exploit/linux/http/bentoml_rce_cve_2025_27520.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-16 20:48:34 +09:00
Takah1ro a33a8d91fe Update the document 2025-04-16 12:52:15 +09:00
Takah1ro e51cd24383 Add BentoML RCE module (CVE-2025-27520) 2025-04-15 22:46:42 +09:00
msutovsky-r7 140b93e802 Land #20022, Langflow RCE module 
Add Langflow unauth RCE module (CVE-2025-3248)
 2025-04-14 08:24:44 +02:00
Takah1ro c7fdcc8e91 Update the document 2025-04-12 10:21:13 +09:00
Takah1ro f67dfe6a62 Update check 2025-04-11 21:51:45 +09:00
Takahiro Yokoyama 0c20606c8c Update documentation/modules/exploit/multi/http/langflow_unauth_rce_cve_2025_3248.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-11 20:44:03 +09:00
msutovsky-r7 0b4e133001 Land #20018, pgAdmin Authenticated RCE (CVE-2025-2945) 
pgAdmin Query Tool Authenticated RCE (CVE-2025-2945)
 2025-04-11 10:34:02 +02:00
Takah1ro 718a0bc5c7 Change directory from linux to multi 2025-04-11 14:45:10 +09:00
Takah1ro b613b0a41b Add Langflow unauth RCE module (CVE-2025-3248) 2025-04-11 14:07:54 +09:00
Jack Heysel 4cec129e1c Responded to comments 2025-04-10 10:53:05 -07:00
Jack Heysel ddb29d6181 Removed unnecessary method 2025-04-10 07:18:42 -07:00
Jack Heysel 290a35b0f6 pgAdmin Query Tool Authenticated RCE (CVE-2025-2945) 2025-04-09 17:32:10 -07:00
Brendan 4da78bd550 Merge pull request #19994 from sfewer-r7/CVE-2021-35587 
Adds exploit module for CVE-2021-35587, an unauthenticated deserialization vulnerability affecting Oracle Access Manager (OAM).
 2025-04-08 08:59:18 -05:00
Stephen Fewer 03f5291bcc Improve the documentation, fix typo in console commands, add comment to wait for DB container to complete setup (Thanks Brendan). 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-04-08 09:41:47 +01:00
Stephen Fewer 16e374750f Improve the documentation, add steps to create /opt/oracle/user_projects (thanks Brendan). 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-04-08 09:40:21 +01:00
msutovsky-r7 fe9a0ad25b Land #20008, PandoraFMS Auth RCE module 
Pandora FMS authenticated RCE [CVE-2024-12971]
 2025-04-08 07:50:28 +02:00
h00die-gr3y 76fb34a5db small update in description of the module and documentation 2025-04-06 10:49:03 +00:00
h00die-gr3y 8a72fd6861 init module and documentation 2025-04-06 10:33:56 +00:00
Takah1ro 139dd50333 Add Appsmith RCE module (CVE-2024-55964) 2025-04-05 14:56:04 +09:00
jheysel-r7 d16eeab32c Merge pull request #19995 from chutton-r7/cve-2025-24813 
Module for CVE-2025-24813
 2025-04-02 14:20:52 -07:00
Jack Heysel b85faf9440 Update documentation 2025-04-02 14:10:46 -07:00
Jack Heysel 6816589378 Added FileDropper for cleanup 2025-04-02 13:37:39 -07:00
Jack Heysel fefb954827 Correct Tomcat version listed in Scenarios section 2025-04-02 13:02:26 -07:00
Jack Heysel 4058173a1c Correct spelling 2025-04-02 12:57:20 -07:00
sfewer-r7 b44540bc35 update docs to give some more detail on the testing setup 2025-04-02 20:51:39 +01:00
Jack Heysel 1e58d419f6 Updated docs, added Setup steps 2025-04-02 12:03:21 -07:00
sfewer-r7 dc74b37577 add in a scenario for the Unix Command target to the docs 2025-04-02 15:32:18 +01:00
chutton-r7 917aaeb027 Add module docs 2025-04-02 10:22:01 +01:00
sfewer-r7 c5d3512659 update docs 2025-04-01 13:05:28 +01:00
sfewer-r7 acafd884b5 add in the initial exploit for CVE-2021-35587, only tested on 12.2.1.4.0 so far. 2025-04-01 12:56:38 +01:00
jheysel-r7 5505bb5ef1 Merge pull request #19947 from machang-r7/machang-r7-module-cve-2025-27218 
Create sitecore_xp_cve_2025_27218.rb
 2025-03-28 07:40:28 -07:00
Diego Ledda 985cea3278 Land #19980, Add CMSMadeSimple (CMSMS) File Manager Auth RCE (CVE-2023-36969) 
Land #19980, Add CMSMadeSimple (CMSMS) File Manager Auth RCE (CVE-2023-36969)
 2025-03-28 12:24:30 +01:00
jheysel-r7 08e227faca Merge pull request #19934 from sfewer-r7/bugfix-cisco-iosxe-rce 
Improve exploit/linux/misc/cisco_ios_xe_rce (CVE-2023-20198 + CVE-2023-20273)
 2025-03-27 16:51:16 -07:00
Jack Heysel fa0c29837e Update author, rubocop, msftidy_docs 2025-03-27 09:36:10 -07:00
Jack Heysel 74cc1d313c Add documentation 2025-03-27 09:28:44 -07:00
tastyrce 8479350b3e Update documentation 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
 2025-03-28 03:17:47 +11:00
tastyrce 8423d6ff87 Update removal of default page while installation 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-03-27 22:11:21 +11:00
tastyrce 9bdff3e803 Add extra dependencies during installation 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-03-27 22:10:32 +11:00
Spencer McIntyre bf1f919d9f Merge pull request #19957 from msutovsky-r7/auxmodule-eramba-update 
Auxmodule eramba update
 2025-03-25 13:54:24 -04:00
tastyrce 162e73a62e add module documentation 2025-03-22 04:57:38 -04:00
Martin Sutovsky d922976ea4 Adding more clear installation steps 2025-03-20 19:54:57 +01:00
Martin Sutovsky df027f3fdd Update documentation, adding more precise check, removing unnecessary characters 2025-03-20 15:18:55 +01:00
bwatters-r7 ec67435de9 Rebase and squash for CVE-2024-30085 2025-03-20 09:03:28 -05:00
Martin Sutovsky 9886f78575 Upgrade Eramba RCE module 2025-03-13 12:34:50 +01:00
h00die-gr3y e341398871 small update on module and documentation 2025-03-10 19:35:37 +00:00