afeded56aa
Land #20384 , adds module for malicious Windows Registration Entries files
...
Add Malicious Windows Registration Entries (.reg) File module
2025-07-24 12:29:34 +02:00
05f2012ccc
Merge pull request #20338 from Chocapikk/xorcom
...
Add auxiliary and exploit modules for Xorcom CompletePBX 5.2.35 CVEs (2025-2292, 30004, 30005)
2025-07-22 08:19:36 -07:00
8fe815da6f
Merge pull request #20394 from cgranleese-r7/update-docs-to-reflect-new-default-prompt
...
Updates docs to reflect new default prompt
2025-07-17 12:53:02 +01:00
adff497bd2
Updates msf5 as well
2025-07-17 11:51:29 +01:00
18d61d3763
Merge pull request #20356 from msutovsky-r7/exploit/pandorafms_netflow_rce
...
Add module for authenticated PandoraFMS command injection (CVE-2025-5306)
2025-07-17 11:58:54 +02:00
ca9535e39a
Update pandora_fms_auth_netflow_rce.md
2025-07-17 11:29:07 +02:00
469f102596
Updates docs to reflect new default prompt
2025-07-17 09:53:40 +01:00
b06903810c
feat(xorcom): add shared CompletePBX mixin, refactor modules, update docs
2025-07-16 21:25:17 +02:00
f773e3aef9
Updates docs
2025-07-16 12:25:28 +02:00
c5ec45452a
Add Malicious Windows Registration Entries (.reg) File module
2025-07-13 23:41:59 +10:00
ffdfa07954
Land #20354 , adds module for ISPConfig code injection (CVE-2023-46818)
...
Add module for ISPConfig Code Injection (CVE-2023-46818)
2025-07-09 07:47:56 +02:00
ffa2152a6a
Updates docs
2025-07-07 11:56:53 +02:00
b9ee9ba88c
Update wingftp_null_byte_rce.md
2025-07-03 19:43:06 +02:00
ef3ddec3dd
Update documentation/modules/exploit/multi/http/wingftp_null_byte_rce.md
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2025-07-03 19:41:34 +02:00
5b268bd4b4
Fix documentation and typos
2025-07-01 22:50:01 +02:00
1a4a15e83b
Add WingFTP unauthenticated RCE (CVE-2025-47812)
2025-07-01 19:15:15 +02:00
5c8d918e3d
Fixes documentation
2025-06-28 17:07:44 +02:00
840ae0f317
resolved: issues
2025-06-27 19:42:35 +05:30
a7b038b822
Merge pull request #20341 from msutovsky-r7/exploit/skyvern_ssti_rce
...
Adds module for Skyvern SSTI (CVE-2025-49619)
2025-06-27 14:14:40 +02:00
37e8780a6b
Code refactor, docs
2025-06-27 10:26:31 +02:00
7b845fa3df
Fixed documentation issues
2025-06-26 12:08:51 +02:00
240bc828f1
Removing header
2025-06-26 12:08:51 +02:00
d787444137
Add exploit module for ISPConfig language_edit.php PHP Code Injection (CVE-2023-46818)
...
- Adds modules/exploits/linux/http/ispconfig_lang_edit_php_code_injection.rb
- Adds documentation for the module in documentation/modules/exploit/linux/http/ispconfig_lang_edit_php_code_injection.md
- Module targets ISPConfig < 3.2.11p1 with admin_allow_langedit enabled
- References and implementation based on PoC and advisories at https://github.com/SyFi/CVE-2023-46818
2025-06-25 22:27:52 +05:30
fdc78b40bb
Add more clear installation steps
...
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com >
2025-06-25 15:17:58 +02:00
fde78bf73f
Land #20324 , adds exploit for UNC path in .url files (CVE-2025-33053)
...
Adds exploit module for Internet Shortcut UNC path vulnerability (CVE-2025-33053)
2025-06-25 11:23:23 +02:00
6d843385ec
Merge pull request #20301 from msutovsky-r7/exploit/cve-2021-25094
...
Adds module for Tatsu WP plugin (CVE-2021-25094)
2025-06-25 10:58:22 +02:00
afdad8ed4c
chore(wp_tatsu_rce): msftidy_docs fix
2025-06-25 10:16:49 +02:00
13cd2d2e51
Minor code changes, updates documentation
2025-06-24 16:22:42 +02:00
a67c883e0c
Removes unnecessary header
...
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com >
2025-06-24 15:48:38 +02:00
be8864fe84
Merge pull request #20339 from bcoles/exploit-windows-fileformat-ms_visual_basic_vbp
...
exploit/windows/fileformat/ms_visual_basic_vbp: Add offsets, cleanup, document
2025-06-23 10:41:14 +01:00
ca142599e8
Module init
2025-06-23 10:27:27 +02:00
e1dec29ef9
exploit/windows/browser/ms08_070_visual_studio_msmask: Cleanup and add documentation
2025-06-23 00:38:44 +10:00
c0baf1888b
exploit/windows/fileformat/ms_visual_basic_vbp: Add offsets, cleanup, document
2025-06-23 00:11:54 +10:00
2a008c83d1
Add auxiliary and exploit modules for Xorcom CompletePBX 5.2.35 CVEs (2025-2292, 30004, 30005, 30006)
2025-06-22 09:07:20 +02:00
c0dfbf43f2
Merge pull request #20235 from Chocapikk/vbulletin_replace_ad_template_rce
...
vBulletin replaceAdTemplate Remote Code Execution
2025-06-19 14:20:16 +02:00
ec5ba0bd0d
Final code for CVE-2025-33053 exploit module
2025-06-17 23:03:36 -04:00
20b8a9fcd3
Add some features and fix bugs for CVE-2025-33053 exploit module
2025-06-17 22:59:34 -04:00
20629fe6b8
Add some features and fix all errors for CVE-2025-33053 exploit module
2025-06-17 02:49:10 -04:00
f81ddf82f1
Add some features for CVE-2025-33053 exploit module
2025-06-17 01:00:35 -04:00
4fe750a946
Removing redundant comment
2025-06-13 10:33:58 +02:00
3abe9b46c0
Addressing comments
2025-06-13 10:32:39 +02:00
0b2e4bc337
Adds module for CVE-2021-25094
2025-06-11 19:03:00 +02:00
f2920f868a
Land #20291 , adds Roundcube post-authentication RCE (CVE-2025-49113)
...
Add Remote for Roundсube CVE-2025-49113 post-authentication RCE module
2025-06-11 10:48:58 +02:00
ed643c3bc6
Update roundcube_auth_rce_cve_2025_49113.md
2025-06-09 18:42:52 +03:00
f20e72b6c8
Land #20256 , adds RCE module for Remote For Mac 2025.7
...
Add Remote for Mac 2025.6 unauthenticated RCE module
2025-06-08 16:03:58 +02:00
d97b09a898
Rename roundcube_unauth_rce_cve_2025_49113.md to roundcube_auth_rce_cve_2025_49113.md
2025-06-07 16:46:30 +03:00
bd811a3cd1
Update roundcube_unauth_rce_cve_2025_49113.md
2025-06-07 04:45:54 +03:00
a4638ad632
Update Documentation
2025-06-07 05:35:18 +04:00
96d7929972
Add Documentation for Roundcube CVE-2025-49113 unauthenticated RCE module
2025-06-07 05:28:45 +04:00
19e8e6cdf8
Merge pull request #20187 from Chocapikk/wp_ottokit
...
Add CVE-2025-27007 in existing `exploit(multi/http/wp_suretriggers_auth_bypass)` module
2025-06-05 11:03:00 -05:00
msutovsky-r7