adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,886 Commits 27 Branches 1,043 Tags
f8a94de6710abe3042a26a9dca38dcccff2c93be
Commit Graph

10172 Commits

Author SHA1 Message Date
sinn3r d1523c59a9 Land #3965 - BMC Track-It! Arbitrary File Upload 2014-10-17 19:47:42 -05:00
sinn3r 8b5a33c23f Land #4044 - MS14-060 "Sandworm" 2014-10-17 16:46:32 -05:00
William Vu d5b698bf2d Land #3944, pkexec exploit 2014-10-17 16:30:55 -05:00
jvazquez-r7 70f8e8d306 Update description 2014-10-17 16:17:00 -05:00
jvazquez-r7 e52241bfe3 Update target info 2014-10-17 16:14:54 -05:00
jvazquez-r7 7652b580cd Beautify description 2014-10-17 15:31:37 -05:00
jvazquez-r7 d831a20629 Add references and fix typos 2014-10-17 15:29:28 -05:00
sinn3r ef1556eb62 Another update 2014-10-17 13:56:37 -05:00
jvazquez-r7 8fa648744c Add @wchen-r7's unc regex 2014-10-17 13:46:13 -05:00
William Vu 10f3969079 Land #4043, s/http/http:/ splat 
What is a splat?
 2014-10-17 13:41:07 -05:00
William Vu dbfe398e35 Land #4037, Drupageddon exploit 2014-10-17 12:39:59 -05:00
William Vu a514e3ea16 Fix bad indent (should be spaces) 
msftidy is happy now.
 2014-10-17 12:39:25 -05:00
URI Assassin 35d3bbf74d Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
jvazquez-r7 e5903562ee Delete bad/incomplete validation method 2014-10-17 10:36:01 -05:00
sinn3r a79427a659 I shoulda checked before git commit 2014-10-17 00:54:45 -05:00
sinn3r 4c0048f26a Update description 2014-10-17 00:46:17 -05:00
sinn3r 3a63fa12b8 'ppsx_module_smaller' to branch cve_2014_4114 2014-10-17 00:10:57 -05:00
William Vu e242bf914f Land #4031, fixes for pureftpd_bash_env_exec 2014-10-16 19:55:09 -05:00
jvazquez-r7 1d16bd5c77 Fix vulnerability discoverer 2014-10-16 18:01:45 -05:00
jvazquez-r7 807f1e3560 Fix target name 2014-10-16 17:58:45 -05:00
jvazquez-r7 c1f9ccda64 Fix ruby 2014-10-16 17:55:00 -05:00
jvazquez-r7 e40642799e Add sandworm module 2014-10-16 16:37:37 -05:00
Brandon Perry 353d2f79cc tweak pw generation 2014-10-16 12:06:19 -07:00
Brandon Perry 5f8c0cb4f3 Merge branch 'drupal' of https://github.com/FireFart/metasploit-framework into drupageddon 2014-10-16 11:53:54 -07:00
Christian Mehlmauer c8dd08f605 password hashing 2014-10-17 15:52:47 +02:00
Brandon Perry 23b7b8e400 fix for version 7.0-7.31 2014-10-16 11:53:48 -07:00
Brandon Perry 9bab77ece6 add urls 2014-10-16 10:36:37 -07:00
Brandon Perry b031ce4df3 Create drupal_drupageddon.rb 2014-10-16 16:42:47 -05:00
Brandon Perry 5c4ac48db7 update the drupal module a bit with error checking 2014-10-16 10:32:39 -07:00
Spencer McIntyre 09069f75c2 Fix #4019, fix NameError peer and disconnect in check 2014-10-16 08:32:20 -04:00
Fernando Munoz 4c2ae1a753 Fix jenkins when CSRF is enabled 2014-10-14 19:33:23 -05:00
Tod Beardsley 9f6008e275 A couple OSVDB updates for recent modules 2014-10-14 13:39:36 -05:00
Tod Beardsley 4f8801eeba Land #3651, local Bluetooth exploit a @KoreLogic 
This started life as #3653. I'll take this out of unstable as well,
since it got there on commit b10cbe4f
 2014-10-14 13:13:34 -05:00
Tod Beardsley b1223165d4 Trivial grammar fixes 2014-10-14 12:00:50 -05:00
jvazquez-r7 39a09ad750 Use ARCH_CMD on Windows target 2014-10-14 10:24:32 -05:00
jvazquez-r7 a0fc0cf87f Update ranking 2014-10-13 17:44:00 -05:00
jvazquez-r7 ca05c4c2f4 Fix @wchen-r7's feedback 
* use vprint_* on check
* rescue get_once
 2014-10-12 17:44:33 -05:00
us3r777 444b01c4b0 Typo + shorten php serialized object 2014-10-12 21:29:04 +02:00
jvazquez-r7 46bf8f28e0 Fix regex 2014-10-11 21:37:05 -05:00
jvazquez-r7 6092e84067 Add module for ZDI-14-344 2014-10-11 21:33:23 -05:00
0a2940 e689a0626d Use Rex.sleep :-) 
"Right is right even if no one is doing it; wrong is wrong even if everyone is doing it"

user@x:/opt/metasploit$ grep -nr "select(nil, nil, nil" . | wc -l
189
user@x:/opt/metasploit$ grep -nr "Rex.sleep" . | wc -l
25
 2014-10-10 10:05:46 +01:00
Pedro Ribeiro 4b7a446547 ... and restore use of the complicated socket 2014-10-09 18:30:45 +01:00
Pedro Ribeiro c78651fccc Use numbers for version tracking 2014-10-09 18:29:27 +01:00
us3r777 2428688565 CVE-2014-7228 Joomla/Akeeba Kickstart RCE 
Exploit via serialiazed PHP object injection. The Joomla! must be
updating more precisely, the file $JOOMLA_WEBROOT/administrator/
components/com_joomlaupdate/restoration.php must be present
 2014-10-09 18:51:24 +02:00
Christian Mehlmauer 1584c4781c Add reference 2014-10-09 06:58:15 +02:00
jvazquez-r7 4f96d88a2f Land #3949, @us3r777's exploit for CVE-2014-6446, wordpress infusionsoft plugin php upload 2014-10-08 16:35:49 -05:00
jvazquez-r7 66a8e7481b Fix description 2014-10-08 16:35:14 -05:00
jvazquez-r7 8ba8402be3 Update timeout 2014-10-08 16:32:05 -05:00
jvazquez-r7 bbf180997a Do minor cleanup 2014-10-08 16:29:11 -05:00
Jay Smith 7dd6a4d0d9 Merge in changes from @todb-r7. 2014-10-08 13:25:44 -04:00