fb7a97077f
Land #14875,CVE-2021-21978 - VMWare View Planner Harness 4.6.x < 4.6 Security Patch 1 Arbitrary File Upload RCE
...
Merge branch 'land-14875' into upstream-master
2021-03-18 12:06:12 -05:00
b1c3c49eb5
Land #14757 , nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes
2021-03-16 17:43:43 -05:00
e30d8db082
nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes
...
Resolve Rubocop violations
Fix off-by-one in array index triggered when no file upload succeeds
Fix cleanup: ensure files are removed when upload succeeds but execution fails
Add AutoCheck
Add module notes
Add error handling and associated operator feedback
Add additional writable paths required for some old Nagios versions
Add fallback to session as `apache` if privlege escalation fails
Update documentation in line with above changes and fix software download links
2021-03-16 07:13:55 +00:00
4f2e299d8f
Update the exploit to use Python as its payload since this is a lot more flexible, allows Meterpreter, returns a shell faster, and we are already injecting into and executing a Python file
2021-03-14 00:00:06 -06:00
c2c5db95d8
Add in documentation and fix some mistakes in the description of the module
2021-03-14 00:00:05 -06:00
d580e7d122
Fix some documentation, remove unnecessary code and fix a filename typo
2021-03-11 12:09:29 -06:00
8d2e644f4f
Add a new Java Deserialization mixin and use it to set the shell
2021-03-11 12:09:29 -06:00
bdc2041c83
Add Klog Server authenticate.php user Unauthenticated Command Injection
2021-02-12 17:07:52 +00:00
00cbc33ebb
Add module doc
2021-01-22 01:06:14 -06:00
9b8b4621df
Land #14368 , Pulse Connect Secure gzip RCE: cve-2020-8260
2020-12-17 17:43:55 -05:00
d208e441ba
Update the documentation
2020-12-07 10:54:20 -05:00
f73a88a39c
Land #14396 , hadoop_unauth_exec clarification
2020-11-16 12:44:13 -06:00
0feff932f2
Change docs to reflect the truth of the "vuln"
2020-11-16 11:38:00 -06:00
fcb507e412
Fix AutoCheck
...
I'm a big dummy.
2020-11-11 15:57:38 -06:00
04bcbd0253
Update module doc
2020-11-11 15:57:29 -06:00
42bdae919b
Add SaltStack Salt REST API RCE (CVE-2020-16846)
...
Leveraging CVE-2020-25592.
2020-11-11 13:09:26 -06:00
da70b74954
fix version numbers
2020-11-08 22:38:53 -05:00
3c4962e9b0
working and clean
2020-11-08 22:31:26 -05:00
2d1b378a18
Land #14122 , Jenkins Deserialization RCE (CVE-2017-1000353)
2020-09-22 12:32:09 +02:00
2ae50e9304
Land #14025 , add Artica Proxy auth bypass / rce
2020-09-21 15:27:53 -05:00
74669f4052
Land #14135 , add tp-link command injection
2020-09-18 09:47:02 -05:00
f4bfad0439
msftidy_docs changes
2020-09-18 09:42:14 -05:00
5f204257a5
Remove unnecessary comma, fix docs
2020-09-18 10:15:23 -04:00
d3f68d0fe4
Fix double shell issue
2020-09-18 09:23:02 -04:00
510d119579
add steps for producing serialized object
2020-09-17 13:58:48 -05:00
f5f010a1b0
Update documentation/modules/exploit/linux/http/jenkins_cli_deserialization.md
...
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com >
2020-09-17 09:11:43 -05:00
072f35c270
-Updated module to work using CmdStager
...
-Updated documentation accordingly
-Removed unnecessary includes and simplified code
2020-09-16 19:51:15 -04:00
0f0d6a233b
Land #14074 , add Mida eFramework command injection
2020-09-16 10:24:51 -05:00
b0f329a238
Update documentation/modules/exploit/linux/http/tp_link_ncxxx_bonjour_command_injection.md
...
improved documentation
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-09-15 21:00:06 +02:00
a987065eae
Update documentation/modules/exploit/linux/http/tp_link_ncxxx_bonjour_command_injection.md
...
improved documentation
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-09-15 20:59:31 +02:00
5ba3301d16
Fix nexus_repo_manager_el_injection.md scenario
...
Missed in 966194d2b7
2020-09-15 13:14:36 -05:00
19d8527275
Added module documentation
2020-09-15 12:32:27 -04:00
3a09337935
Remove AUTH_BYPASS target
2020-09-15 01:51:34 +02:00
febe38e1ce
resolve qa comments
2020-09-11 17:16:10 +00:00
d86f9427c9
change version check and add sleep
2020-09-11 11:49:14 -05:00
926398dd6f
add remaining docs info
2020-09-10 18:25:34 -05:00
89d07c472a
add documentation
2020-09-09 18:55:23 -05:00
f5717e2a17
Add software URL
2020-08-31 15:50:37 +00:00
82d8b92e24
add module documentation
2020-08-30 16:57:01 +02:00
9d33ebd54a
Add Mida Solutions eFramework ajaxreq.php Command Injection
2020-08-30 12:46:00 +00:00
27ae6c4edd
Land #13986 , Add CVE-2020-16205 exploit for Geutebruck G-CAM
2020-08-17 09:24:32 -05:00
8f80d9b8b6
Minor updates to the documentation to reflect the fact that the username and password could be something other than root/admin
2020-08-17 09:12:02 -05:00
ea1f3d60f1
Adjust XML whitespace and add commands to the setup docs
2020-08-17 10:03:44 -04:00
eda222434f
Execute commands in a shell
2020-08-14 21:46:34 -05:00
d3febe3284
Set SSL as a DefaultOption and update RPORT
2020-08-14 21:46:34 -05:00
46b6368597
Add Apache OFBiz XML-RPC Java deserialization
2020-08-14 21:46:34 -05:00
5e7c821d6d
Update geutebruck_testaction_exec.md
2020-08-14 23:15:12 +02:00
dc21773f10
Apply updates to make the English a bit neater r.e affected versions. Also applied updates to make the markdown have bullet points so it displays better. Finally modified up the module description to explain the actual issue a bit more, but it might still need work
2020-08-13 15:13:55 -05:00
42a2a77a7e
Update geutebruck_testaction_exec.md
...
or now... (forgot the msftidy_docs just before)
2020-08-13 14:29:29 -05:00
e4f760691e
Update geutebruck_testaction_exec.md
...
it should be better now :)
2020-08-13 14:29:29 -05:00
bwatters