adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
76,852 Commits 27 Branches 1,043 Tags
f5aafdcfdfd153695d91890cf7ed0fab9d3df1bd
Commit Graph

1072 Commits

Author SHA1 Message Date
msutovsky-r7 140b93e802 Land #20022, Langflow RCE module 
Add Langflow unauth RCE module (CVE-2025-3248)
 2025-04-14 08:24:44 +02:00
Takah1ro c7fdcc8e91 Update the document 2025-04-12 10:21:13 +09:00
Takah1ro f67dfe6a62 Update check 2025-04-11 21:51:45 +09:00
Takahiro Yokoyama 0c20606c8c Update documentation/modules/exploit/multi/http/langflow_unauth_rce_cve_2025_3248.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-11 20:44:03 +09:00
msutovsky-r7 0b4e133001 Land #20018, pgAdmin Authenticated RCE (CVE-2025-2945) 
pgAdmin Query Tool Authenticated RCE (CVE-2025-2945)
 2025-04-11 10:34:02 +02:00
Takah1ro 718a0bc5c7 Change directory from linux to multi 2025-04-11 14:45:10 +09:00
Jack Heysel 4cec129e1c Responded to comments 2025-04-10 10:53:05 -07:00
Jack Heysel ddb29d6181 Removed unnecessary method 2025-04-10 07:18:42 -07:00
Jack Heysel 290a35b0f6 pgAdmin Query Tool Authenticated RCE (CVE-2025-2945) 2025-04-09 17:32:10 -07:00
Brendan 4da78bd550 Merge pull request #19994 from sfewer-r7/CVE-2021-35587 
Adds exploit module for CVE-2021-35587, an unauthenticated deserialization vulnerability affecting Oracle Access Manager (OAM).
 2025-04-08 08:59:18 -05:00
Stephen Fewer 03f5291bcc Improve the documentation, fix typo in console commands, add comment to wait for DB container to complete setup (Thanks Brendan). 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-04-08 09:41:47 +01:00
Stephen Fewer 16e374750f Improve the documentation, add steps to create /opt/oracle/user_projects (thanks Brendan). 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-04-08 09:40:21 +01:00
jheysel-r7 d16eeab32c Merge pull request #19995 from chutton-r7/cve-2025-24813 
Module for CVE-2025-24813
 2025-04-02 14:20:52 -07:00
Jack Heysel b85faf9440 Update documentation 2025-04-02 14:10:46 -07:00
Jack Heysel 6816589378 Added FileDropper for cleanup 2025-04-02 13:37:39 -07:00
Jack Heysel fefb954827 Correct Tomcat version listed in Scenarios section 2025-04-02 13:02:26 -07:00
Jack Heysel 4058173a1c Correct spelling 2025-04-02 12:57:20 -07:00
sfewer-r7 b44540bc35 update docs to give some more detail on the testing setup 2025-04-02 20:51:39 +01:00
Jack Heysel 1e58d419f6 Updated docs, added Setup steps 2025-04-02 12:03:21 -07:00
sfewer-r7 dc74b37577 add in a scenario for the Unix Command target to the docs 2025-04-02 15:32:18 +01:00
chutton-r7 917aaeb027 Add module docs 2025-04-02 10:22:01 +01:00
sfewer-r7 c5d3512659 update docs 2025-04-01 13:05:28 +01:00
sfewer-r7 acafd884b5 add in the initial exploit for CVE-2021-35587, only tested on 12.2.1.4.0 so far. 2025-04-01 12:56:38 +01:00
tastyrce 8479350b3e Update documentation 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
 2025-03-28 03:17:47 +11:00
tastyrce 8423d6ff87 Update removal of default page while installation 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-03-27 22:11:21 +11:00
tastyrce 9bdff3e803 Add extra dependencies during installation 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-03-27 22:10:32 +11:00
tastyrce 162e73a62e add module documentation 2025-03-22 04:57:38 -04:00
Brendan 9bd8590b99 Merge pull request #19793 from sfewer-r7/CVE-2024-55956 
Cleo LexiCom, VLTrader, and Harmony Unauthenticated Remote Code Execution (CVE-2024-55956)
 2025-01-15 15:04:45 -06:00
h00die 1a839c0b33 move acronis_cyber_protect_unauth_rce_cve_2022_3405 inside the http folder 2025-01-09 16:30:51 -05:00
sfewer-r7 3ff685b70e fix three typos 2025-01-06 09:42:21 +00:00
sfewer-r7 fe7334fae2 add in CVE-2024-55956 exploit 2025-01-06 09:26:44 +00:00
jheysel-r7 f436f44d83 Merge pull request #19698 from h00die/obsidian 
obsidian community plugin persistence module
 2024-12-30 09:06:58 -08:00
Martin Sutovsky 531ed162db Land #19733, exploit module for CVE-2022-40471 - unauthenticated RCE 2024-12-18 12:44:34 +01:00
jheysel-r7 6f9982db54 Land #19647 Added module for WSO2 API Manager RCE 
Adds an exploit module for a vulnerability in the 'Add API Documentation' feature of WSO2 API Manager and allows malicious users with specific permissions to upload arbitrary files to a user-controlled server location. This flaw allows for RCE on the target system.
 2024-12-16 07:27:23 -08:00
aaryan-11-x d196591845 Modified documentation 2024-12-16 15:47:30 +05:30
aaryan-11-x 06528abe05 Added documentation 2024-12-16 15:33:29 +05:30
h00die 77d0292be3 additional review for obsidian plugin 2024-12-14 17:38:29 -05:00
Chocapikk e06dd6deea Update documentation 2024-12-12 22:10:11 +01:00
h00die 7cf942ca30 peer review 2024-12-11 17:49:43 -05:00
Chocapikk 7d559e0b34 Add exploit module for CVE-2024-8856 - WP Time Capsule RCE 2024-12-11 01:14:17 +01:00
jheysel-r7 0b5e221620 Land #19533, Update werkzeug rce module 2024-12-09 12:56:35 -08:00
Graeme Robinson 4ce4cf472e Update werkzeug_debug_rce.md 
Added note about python3 version in verification steps because the version may change when a newer docker image becomes available.

Added report.txt as a file because I apparently forgot it before and the containers fail to build without it.
 2024-12-08 21:11:03 +00:00
jheysel-r7 0e5cf3f7ba Land #19649, Primefaces RCE (CVE-2017-1000486) 2024-12-06 16:22:06 -08:00
h00die 6723c585f2 obsidian plugin module 2024-12-05 17:54:07 -05:00
Chocapikk 5290750cca Update doc 2024-12-05 16:19:14 +01:00
Chocapikk a123234141 Add CVE-2024-10924 2024-12-05 16:19:09 +01:00
Heyder Andrade fabced539d Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-12-04 16:44:48 +01:00
h00die-gr3y a945a54fc3 Merge remote-tracking branch 'origin/master' into acronis-rce 2024-11-27 21:50:53 +00:00
h00die 492ccca1aa review 2024-11-23 12:43:35 -05:00
Heyder Andrade dc445ed1ac Apply suggestions from code review 2024-11-23 00:57:08 +01:00