adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59,798 Commits 27 Branches 1,043 Tags
e30d8db082c82980eaf58a43b3ab70070e6c14ff
Commit Graph

2277 Commits

Author SHA1 Message Date
Brendan Coles e30d8db082 nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes 
Resolve Rubocop violations
Fix off-by-one in array index triggered when no file upload succeeds
Fix cleanup: ensure files are removed when upload succeeds but execution fails
Add AutoCheck
Add module notes
Add error handling and associated operator feedback
Add additional writable paths required for some old Nagios versions
Add fallback to session as `apache` if privlege escalation fails
Update documentation in line with above changes and fix software download links
 2021-03-16 07:13:55 +00:00
Grant Willcox 6d939c16ce Land #14783, Update KarjaSoft Sami FTP Server v2.0.2 USER Overflow module 2021-02-26 11:17:05 -06:00
Brendan Coles 743248d993 Update KarjaSoft Sami FTP Server v2.0.2 USER Overflow module 2021-02-25 20:53:30 +00:00
Spencer McIntyre 1d5a6e4a0b Land #14771, Add Apache Flink JAR Upload Java Code Execution 2021-02-23 09:19:56 -05:00
Brendan Coles 69031fa91f Add Apache Flink JAR Upload Java Code Execution 2021-02-22 23:00:57 +00:00
Tim W edea755096 Land #14740, CVE-2021-3156 Sudo LPE (AKA: Baron Samedit) Improvements 2021-02-22 17:48:33 +00:00
A Galway f227e82600 Land #14730, OBM Local PrivEsc to SYSTEM 2021-02-15 10:24:34 +00:00
Shelby Pace c1e2cfd9e7 Land #14744, add Klog Server unauth cmd injection 2021-02-12 11:40:57 -06:00
Brendan Coles bdc2041c83 Add Klog Server authenticate.php user Unauthenticated Command Injection 2021-02-12 17:07:52 +00:00
Spencer McIntyre 77cc799974 Fix a target version discrepancy in the CVE-2020-17132 docs 2021-02-11 18:04:03 -05:00
Spencer McIntyre cb8cd89a90 Update the module docs for cve-2021-3156 2021-02-11 11:57:05 -05:00
Christophe De La Fuente 88eaf97e79 Land #14607, Updates for Exchange ECP DLP Policy Exploit 2021-02-11 15:15:34 +01:00
Christophe De La Fuente 85b7e85d0b Land #14671, Micro Focus Multiple Products Authenticated RCE (CVE-2020-11853) 2021-02-09 18:24:57 +01:00
Pedro Ribeiro d884df96e2 fix msftidy docs 2021-02-09 14:37:35 +07:00
Pedro Ribeiro 79cac47ba3 add suggestions by cdelafuente-r7 2021-02-09 14:24:49 +07:00
Spencer McIntyre 7281d00938 Implement feedback from PR review 2021-02-04 09:25:40 -05:00
Spencer McIntyre c33c08bae9 Add a check method using the version information 2021-02-03 18:16:13 -05:00
Spencer McIntyre c590d7b1bb Add module docs and be more permissive with Length formatting 2021-02-03 18:16:13 -05:00
Pedro Ribeiro 90f8c1f7b9 add tested for 2019.11 too 2021-01-30 21:54:48 +07:00
Pedro Ribeiro 33edfaa8f6 mention that it has been tested on 2019.11 too 2021-01-30 21:47:31 +07:00
Pedro Ribeiro 137664818d add obm windows privesc sploit 2021-01-29 18:45:33 +07:00
Pedro Ribeiro b8fe5fabf8 fix typo another typo 2021-01-28 22:50:05 +07:00
Pedro Ribeiro 446316ef6c fix typo at the end of app list 2021-01-28 22:49:32 +07:00
Pedro Ribeiro dcd9a6a214 add more clarification regarding affected products 2021-01-28 20:41:08 +07:00
Pedro Ribeiro 7ea5c3ffce add clarification about c3p0 2021-01-28 18:23:20 +07:00
Pedro Ribeiro c73fa70543 do the rubocop thing and add docs 2021-01-28 18:21:51 +07:00
bwatters 9174958489 Land #14627, Add PRTG Network Monitor RCE (CVE-2018-9276) 
Merge branch 'land-14627' into upstream-master
 2021-01-27 15:48:27 -06:00
Spencer McIntyre 74898461b4 Land #14654, Add exploit for Micro Focus UCMDB unauthenticated RCE 2021-01-27 10:00:22 -05:00
Spencer McIntyre fc6957fbf6 Fix a couple of issues in the markdown formatting 2021-01-27 10:00:02 -05:00
adfoster-r7 ba730d5c3c Land #14618, Add exploit for CVE-2020-28949: Archive_Tar PEAR plugin arbitrary file write 2021-01-25 12:12:12 +00:00
Pedro Ribeiro 7220dc3ff6 add new note on broken payloads 2021-01-24 22:39:01 +07:00
Pedro Ribeiro 12157163f7 Merge branch 'obm_deser' into ucmdb 2021-01-24 22:25:57 +07:00
Pedro Ribeiro bf4ac7b1a8 add UCMDB sploit 2021-01-24 22:25:45 +07:00
Grant Willcox 0ec99c03f9 Clean up documentation formatting a little bit 2021-01-22 14:27:57 -06:00
William Vu 00cbc33ebb Add module doc 2021-01-22 01:06:14 -06:00
William Vu 7ce10f68ae RuboCop for great justice 
And update docs.
 2021-01-21 10:44:18 -06:00
William Vu a336ee483a Update exploit/unix/smtp/opensmtpd_mail_from_rce 
Failure was caused by POSIX read requiring an argument.
 2021-01-21 03:56:19 -06:00
JulienBedel 8f6dd43025 Add documentation 2021-01-18 12:02:46 +01:00
Grant Willcox 95d3bd98ac Do msftidy_docs and rubocop changes 2021-01-15 18:10:23 -06:00
Grant Willcox 2f0abe4900 Add in documentation and fix up small issues with module 2021-01-15 18:06:07 -06:00
Christophe De La Fuente c8819259ae Land #14414, CVE-2020-1337 - patch bypass for CVE-2020-1048 2021-01-15 19:13:14 +01:00
Spencer McIntyre 7936ce8b5e Update the documentation with additional information 2021-01-13 09:53:10 -05:00
bwatters d8e68e6487 Specify you must be SYSTEM for dll removal in docs and removed unused variable in the module 2021-01-12 11:45:53 -06:00
Spencer McIntyre 33bd712e0a Land #14585, Create module for CVE-2020-17136: Cloud Filter Arbitrary File Creation EoP 2021-01-11 17:16:40 -05:00
bwatters 50e115b414 Cleanup and edits per review from Christophe 
Removed unused method from ps script
Cleaned up some code in the module
Added removal instructions to the documentation
 2021-01-11 16:02:58 -06:00
Shelby Pace 7aef731267 Land #14572, add AIT CSV import rce 2021-01-11 15:37:05 -06:00
h00die 7d7263cf1f spelling 2021-01-09 08:13:19 -05:00
Grant Willcox 3072391d00 Make second round of review edits to fix Spencer's comments 2021-01-08 12:50:52 -06:00
Grant Willcox 3e52debd8b Update the exploit a bit more to remove excess options and also update the documentation accordingly. 2021-01-06 12:16:06 -06:00
Christophe De La Fuente 17c393f101 Land #14046, Adding juicypotato-like privilege escalation exploit for windows 2021-01-06 16:02:05 +01:00