12b78c086d
Update commvault_rce_cve_2025_57790_cve_2025_57791.rb
...
Remove an empty line that msftidy doesn't like
2025-09-15 11:19:49 -05:00
ddc5abf20c
Update commvault_rce_cve_2025_57790_cve_2025_57791.rb
...
Remove a commented out line that isn't needed.
2025-09-15 10:56:30 -05:00
bb3a26cff1
Implement peer review suggestions for Commvault module
...
Implementing commvault_rce_cve_2025_57790_cve_2025_57791.rb changes from peer review.
2025-09-15 10:54:34 -05:00
b754b7027c
Merge branch 'rapid7:master' into commvault_rce_cve_2025_57790_cve_2025_57791
2025-09-15 10:47:38 -05:00
5ab864b9b1
Uses between? for version check, clearer webshell upload
2025-09-11 11:04:34 +02:00
be546af7c0
Revise and move commvault_rce_cve_2025_57790_cve_2025_57791.rb
...
Revised initial module and moved it to windows instead of multi.
2025-09-05 23:04:02 -05:00
d056164d89
Removes redundant definitions
2025-09-01 15:53:14 +02:00
2533ddf441
Rubocoping
2025-08-26 12:42:28 +02:00
b43b4c9f37
Updates library, addressing comments
2025-08-25 17:49:34 +02:00
da5b20faa4
Creating lib file for shared functionality, adding more reliable check method for CVE-2025-34511, docs init
2025-08-20 10:59:22 +02:00
8c28c7dbae
Code changes for 34510, adds module for CVE-2025-34511
2025-08-20 09:58:26 +02:00
7ab12460f1
Fixing payloads
2025-08-19 16:11:25 +02:00
96791403db
Adds malicious zip upload
2025-08-19 09:56:23 +02:00
52efe8d6de
Module init
2025-08-15 14:37:09 +02:00
0a923a611d
reword the language around our usage of CVE-2025-53770 to make it clear that this module is leveraging the authentication bypass for both CVE-2025-49706 and CVE-2025-53771, and the unsafe deserialization for CVE-2025-49704.
2025-08-06 15:33:57 +01:00
228a066521
add a reference to the Kaspersky analysis which covers all 4 CVEs
2025-07-25 12:26:55 +01:00
36fff14466
fix a comment typo
2025-07-25 11:04:18 +01:00
f16f7bf2ad
add in reference to teh LeakIX blog, which shows CVE-2025-53771
2025-07-25 11:02:55 +01:00
ae95d3d4e8
add a comment to clarify what CVE-2025-53771 is
2025-07-25 11:02:08 +01:00
8df7f64e79
add some comments to clarify what CVE-2025-49704 is
2025-07-25 11:01:41 +01:00
6d9d9a70d4
add some comments to clarify what CVE-2025-49706 is
2025-07-25 11:01:22 +01:00
a81710486e
add in a reference to the new technical analysis from the origional finder
2025-07-24 12:15:24 +01:00
899e275155
Make the double quotes optional, reports of Server 2016 not using these, but Server 2019 is. Thanks @w0rk3r for the bug report and fix.
...
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com >
2025-07-23 23:51:42 +01:00
b8cf458706
the check routine was getting the /_layouts/15/error.aspx page, this will not be accessable unless Forms Based Authentication (FBA) is enabled on the site. A better choice is /_layouts/15/start.aspx as this is accessible regardless of FBA being enabled. Thanks @alexey-at-work-bc for identifying this and sugesting a fix.
2025-07-23 23:03:43 +01:00
7838e06f4f
reimplement the gadget chain using the Metasploit Msf::Util::DotNetDeserialization routines
2025-07-23 17:36:56 +01:00
d2a1f7bae9
add in exploit for CVE-2025-53770 and CVE-2025-53771, Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell)
2025-07-23 12:40:14 +01:00
a0bb2d8c89
Merge pull request #20298 from bcoles/modules-SSL
...
Modules: Convert SSL default option to Boolean in several modules
2025-06-26 15:00:59 +01:00
04a18fb3ca
Updates modules to remove non-printable chars
2025-06-25 14:19:56 +01:00
a454217bd4
Update info -d markdown
2025-06-24 11:21:49 +01:00
37388ca1be
Adds sentinel values to modules missing notes
2025-06-23 12:24:58 +01:00
b483312eca
Modules: Convert SSL default option to Boolean in several modules
2025-06-23 19:38:36 +10:00
a4b14d8b64
Runs Rubocop to fix layout in modules
2025-06-20 15:18:01 +01:00
42f31c0fce
Fixes some conditionals in modules
2025-06-20 14:57:03 +01:00
3272ee0f28
Modules: Convert DisableNops property to Boolean in several modules
2025-06-10 23:57:52 +10:00
ce6e0d1164
Merge pull request #20096 from h00die-gr3y/CVE-2025-30406
...
Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization [CVE-2025-30406]
2025-05-28 13:46:13 +02:00
647545c5ef
Update magicinfo_traversal.rb
2025-05-15 22:13:08 +01:00
bd181f8a13
Update magicinfo_traversal.rb
2025-05-15 22:11:23 +01:00
6d2a1e529e
Update magicinfo_traversal.rb
2025-05-15 20:11:59 +01:00
e9c88b55f2
cleanup
2025-05-09 22:39:30 +01:00
803581ab81
CVE-2024-7399
2025-05-09 17:27:22 +01:00
2baabfa17b
update check method to detected other vulnerable services
2025-05-03 14:08:49 +00:00
1c5be6154a
second release including Triofox + documentation
2025-05-02 20:42:14 +00:00
a6aca51230
initial module
2025-04-28 21:00:55 +00:00
4c5e0203dd
Refactor pgAdmin modules to use new lib
2025-04-11 15:55:46 -07:00
fa0c29837e
Update author, rubocop, msftidy_docs
2025-03-27 09:36:10 -07:00
d54e8d8749
Add check method that returns Detected
2025-03-27 09:28:28 -07:00
24a785d6b0
Target and metadata updates
2025-03-25 11:56:15 -07:00
abeeb091fd
Rubocop
2025-03-25 11:18:48 -07:00
a0ca1b10af
Create sitecore_xp_cve_2025_27218.rb
2025-03-05 17:54:54 -05:00
152710403d
Land #19330 , Add SSL opt in start_service
...
The start_service method now allows users to specify their SSL
preferences directly through the opts parameter. If the ssl option is
not provided in opts, it will default to the value in datastore["SSL"]
2024-09-05 09:08:07 -07:00
remmons-r7