adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,820 Commits 27 Branches 1,043 Tags
fe4da472f01eda22abf9cbc75eb2f5efbbeecdee
Commit Graph

7155 Commits

Author SHA1 Message Date
Valentin Lobstein b9ee9ba88c Update wingftp_null_byte_rce.md 2025-07-03 19:43:06 +02:00
Valentin Lobstein ef3ddec3dd Update documentation/modules/exploit/multi/http/wingftp_null_byte_rce.md 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2025-07-03 19:41:34 +02:00
Chocapikk 5b268bd4b4 Fix documentation and typos 2025-07-01 22:50:01 +02:00
Chocapikk 1a4a15e83b Add WingFTP unauthenticated RCE (CVE-2025-47812) 2025-07-01 19:15:15 +02:00
Diego Ledda a7b038b822 Merge pull request #20341 from msutovsky-r7/exploit/skyvern_ssti_rce 
Adds module for Skyvern SSTI (CVE-2025-49619)
 2025-06-27 14:14:40 +02:00
Martin Sutovsky 7b845fa3df Fixed documentation issues 2025-06-26 12:08:51 +02:00
Martin Sutovsky 240bc828f1 Removing header 2025-06-26 12:08:51 +02:00
msutovsky-r7 fdc78b40bb Add more clear installation steps 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-06-25 15:17:58 +02:00
msutovsky-r7 fde78bf73f Land #20324, adds exploit for UNC path in .url files (CVE-2025-33053) 
Adds exploit module for Internet Shortcut UNC path vulnerability (CVE-2025-33053)
 2025-06-25 11:23:23 +02:00
Diego Ledda 6d843385ec Merge pull request #20301 from msutovsky-r7/exploit/cve-2021-25094 
Adds module for Tatsu WP plugin (CVE-2021-25094)
 2025-06-25 10:58:22 +02:00
Diego Ledda afdad8ed4c chore(wp_tatsu_rce): msftidy_docs fix 2025-06-25 10:16:49 +02:00
Martin Sutovsky 13cd2d2e51 Minor code changes, updates documentation 2025-06-24 16:22:42 +02:00
msutovsky-r7 a67c883e0c Removes unnecessary header 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-06-24 15:48:38 +02:00
adfoster-r7 be8864fe84 Merge pull request #20339 from bcoles/exploit-windows-fileformat-ms_visual_basic_vbp 
exploit/windows/fileformat/ms_visual_basic_vbp: Add offsets, cleanup, document
 2025-06-23 10:41:14 +01:00
Martin Sutovsky ca142599e8 Module init 2025-06-23 10:27:27 +02:00
bcoles e1dec29ef9 exploit/windows/browser/ms08_070_visual_studio_msmask: Cleanup and add documentation 2025-06-23 00:38:44 +10:00
bcoles c0baf1888b exploit/windows/fileformat/ms_visual_basic_vbp: Add offsets, cleanup, document 2025-06-23 00:11:54 +10:00
Diego Ledda c0dfbf43f2 Merge pull request #20235 from Chocapikk/vbulletin_replace_ad_template_rce 
vBulletin replaceAdTemplate Remote Code Execution
 2025-06-19 14:20:16 +02:00
DevBuiHieu ec5ba0bd0d Final code for CVE-2025-33053 exploit module 2025-06-17 23:03:36 -04:00
DevBuiHieu 20b8a9fcd3 Add some features and fix bugs for CVE-2025-33053 exploit module 2025-06-17 22:59:34 -04:00
DevBuiHieu 20629fe6b8 Add some features and fix all errors for CVE-2025-33053 exploit module 2025-06-17 02:49:10 -04:00
DevBuiHieu 540d18126d Add some features and delete old files for CVE-2025-33053 exploit module 2025-06-17 01:11:16 -04:00
DevBuiHieu f81ddf82f1 Add some features for CVE-2025-33053 exploit module 2025-06-17 01:00:35 -04:00
DevBuiHieu 98389f2889 Add module documentation for CVE-2025-33053 URL generator 2025-06-13 20:35:38 -04:00
Martin Sutovsky 4fe750a946 Removing redundant comment 2025-06-13 10:33:58 +02:00
Martin Sutovsky 3abe9b46c0 Addressing comments 2025-06-13 10:32:39 +02:00
Martin Sutovsky 0b2e4bc337 Adds module for CVE-2021-25094 2025-06-11 19:03:00 +02:00
msutovsky-r7 f2920f868a Land #20291, adds Roundcube post-authentication RCE (CVE-2025-49113) 
Add Remote for Roundсube CVE-2025-49113 post-authentication RCE module
 2025-06-11 10:48:58 +02:00
Maksim Rogov ed643c3bc6 Update roundcube_auth_rce_cve_2025_49113.md 2025-06-09 18:42:52 +03:00
msutovsky-r7 f20e72b6c8 Land #20256, adds RCE module for Remote For Mac 2025.7 
Add Remote for Mac 2025.6 unauthenticated RCE module
 2025-06-08 16:03:58 +02:00
Maksim Rogov d97b09a898 Rename roundcube_unauth_rce_cve_2025_49113.md to roundcube_auth_rce_cve_2025_49113.md 2025-06-07 16:46:30 +03:00
Maksim Rogov bd811a3cd1 Update roundcube_unauth_rce_cve_2025_49113.md 2025-06-07 04:45:54 +03:00
Vognik a4638ad632 Update Documentation 2025-06-07 05:35:18 +04:00
Vognik 96d7929972 Add Documentation for Roundcube CVE-2025-49113 unauthenticated RCE module 2025-06-07 05:28:45 +04:00
msutovsky-r7 0f522220d4 Land #20072, adds Maldoc in PDF fileformat module 
Add Maldoc in PDF polyglot fileformat module
 2025-06-06 14:36:24 +02:00
Spencer McIntyre a1e3a23eb4 Merge pull request #20262 from bwatters-r7/fix/vcenter_vmdir_gather 
Fix references to LDAP Datastore Options
 2025-06-05 17:44:21 -04:00
Brendan 19e8e6cdf8 Merge pull request #20187 from Chocapikk/wp_ottokit 
Add CVE-2025-27007 in existing `exploit(multi/http/wp_suretriggers_auth_bypass)` module
 2025-06-05 11:03:00 -05:00
Brendan cc98ef58d4 Merge pull request #20140 from h4x-x0r/CVE-2023-2915 
ThinManager Path Traversal Delete (CVE-2023-2915) Module
 2025-06-05 10:08:42 -05:00
Spencer McIntyre 602212fe9c Merge pull request #20282 from SweilemCodes/docs/Jenkins_enum 
Jenkins Enum Documentation Added
 2025-06-05 10:50:39 -04:00
Spencer McIntyre 166db38e67 Add missing newlines to render the markdown properly 2025-06-05 10:49:47 -04:00
Brendan 312d052a5c Merge pull request #20141 from h4x-x0r/CVE-2023-2917 
ThinManager Path Traversal Upload (CVE-2023-2917) Module
 2025-06-04 16:48:39 -05:00
Brendan 2a7f40dcc9 Merge pull request #20139 from h4x-x0r/CVE-2023-27856 
ThinManager Path Traversal Download (CVE-2023-27856) Module
 2025-06-04 14:03:21 -05:00
Brendan 10d443d5d9 Merge pull request #20138 from h4x-x0r/CVE-2023-27855 
ThinManager Path Traversal Upload (CVE-2023-27855) Module
 2025-06-04 12:41:34 -05:00
Brendan 26156dfac2 Merge pull request #20265 from remmons-r7/cve_2025_4427_4428 
Exploit module for CVE-2025-4427/CVE-2025-4428 - Ivanti EPMM (AKA MobileIron Core) Authentication Bypass to EL Injection
 2025-06-04 09:05:04 -05:00
remmons-r7 97f308386b Update documentation/modules/exploit/multi/http/ivanti_epmm_rce_cve_2025_4427_4428.md 
Update docs to reflect the new Python payload approach

Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-06-04 08:30:11 -05:00
msutovsky-r7 5fbf46ba7f Land #19472, adds exploits/linux/local/udev_persistence 
Add modules/exploits/linux/local/udev_persistence.rb
 2025-06-04 13:21:04 +02:00
Theo Sweilem ff78d179a3 Edited jenkins_enum Documentation 2025-06-03 23:36:13 -07:00
Theo Sweilem ac4e574eea Added jenkins_enum Documentation 2025-06-03 23:25:15 -07:00
Simon Janusz d497156f84 Merge pull request #20258 from zeroSteiner/fix/issue/20251 
Update the ldap options for shadow credentials
 2025-06-03 17:45:18 +01:00
Simon Janusz 043f8cb6b4 Merge pull request #20260 from zeroSteiner/fix/issue/20252 
Update the ldap/change_password module
 2025-06-03 17:44:26 +01:00