adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
affd8eec6b9dc0ee83dd2f1cefc200e0e8a7da3f
metasploit-gs/modules/exploits/linux/http
T
History
Tod Beardsley daa3076d42 Add CVE-2018-1000999 to MailCleaner module 
See PR #11148

This adds the new CVE assigned by DWF for this vulnerability.

Note that [CVE-2018-10933](https://www.cvedetails.com/cve/CVE-2018-10933/)
describes a vulnerability in libssh, but this one describes the issue as
it pertains to MailCleaner specifically.
2019-01-23 09:27:12 -06:00
..
accellion_fta_getstatus_oauth.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
advantech_switch_bash_env_exec.rb
Land #10570, AKA Metadata Refactor
2018-09-17 22:29:20 -05:00
airties_login_cgi_bof.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
alcatel_omnipcx_mastercgi_exec.rb
Change author name to nick.
2017-11-09 03:00:24 +11:00
alienvault_exec.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
alienvault_sqli_exec.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
apache_continuum_cmd_exec.rb
Update DisclosureDate to ISO 8601 in my modules
2018-11-16 12:18:28 -06:00
apache_couchdb_cmd_exec.rb
Correct false negative post_auth? status
2018-08-09 23:34:03 -05:00
astium_sqli_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
asuswrt_lan_rce.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
atutor_filemanager_traversal.rb
Correct false negative post_auth? status
2018-08-09 23:34:03 -05:00
axis_srv_parhand_rce.rb
Update DisclosureDate to ISO 8601 in my modules
2018-11-16 12:18:28 -06:00
belkin_login_bof.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
centreon_sqli_exec.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
centreon_useralias_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
cfme_manageiq_evm_upload_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
cisco_firepower_useradd.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
cisco_prime_inf_rce.rb
Add warning about JSP deletion
2018-11-05 00:52:34 +09:00
crypttech_cryptolog_login_exec.rb
40% done
2017-08-28 20:17:58 -04:00
dcos_marathon.rb
40% done
2017-08-28 20:17:58 -04:00
ddwrt_cgibin_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
denyall_waf_exec.rb
Add cve and vendor article to the denyall_waf_exec module
2017-10-04 12:11:58 +03:00
dlink_authentication_cgi_bof.rb
40% done
2017-08-28 20:17:58 -04:00
dlink_command_php_exec_noauth.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
dlink_dcs931l_upload.rb
revisionism
2019-01-10 19:19:14 +00:00
dlink_dcs_930l_authenticated_remote_command_execution.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
dlink_diagnostic_exec_noauth.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
dlink_dir300_exec_telnet.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
dlink_dir605l_captcha_bof.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
dlink_dir615_up_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
dlink_dir850l_unauth_exec.rb
Clean up module
2017-11-10 18:15:22 -06:00
dlink_dsl2750b_exec_noauth.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
dlink_dspw110_cookie_noauth_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
dlink_dspw215_info_cgi_bof.rb
40% done
2017-08-28 20:17:58 -04:00
dlink_hedwig_cgi_bof.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
dlink_hnap_bof.rb
40% done
2017-08-28 20:17:58 -04:00
dlink_hnap_header_exec_noauth.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
dlink_hnap_login_bof.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
dlink_upnp_exec_noauth.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
dnalims_admin_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
docker_daemon_tcp.rb
bypass user namespaces
2017-11-15 15:14:58 +01:00
dolibarr_cmd_exec.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
dreambox_openpli_shell.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
efw_chpasswd_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
empire_skywalker.rb
Add applicable notes to my exploit modules
2018-10-27 20:54:14 -04:00
esva_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
f5_icall_cmd.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
f5_icontrol_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
foreman_openstack_satellite_code_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
fritzbox_echo_exec.rb
Update CVE references for exploit modules
2018-07-08 18:46:04 -05:00
github_enterprise_secret.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
gitlist_exec.rb
40% done
2017-08-28 20:17:58 -04:00
goahead_ldpreload.rb
Small tweaks based on @bcoles feedback. Thanks!
2017-12-29 16:17:53 -06:00
goautodial_3_rce_command_injection.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
gpsd_format_string.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
groundwork_monarch_cmd_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
hadoop_unauth_exec.rb
Update the check method.
2018-08-03 01:39:37 -04:00
hp_system_management.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
hp_van_sdn_cmd_inject.rb
Add WEBUI_PORT to hp_van_sdn_cmd_inject exploit
2018-12-13 12:22:36 -06:00
huawei_hg532n_cmdinject.rb
Correct false negative post_auth? status
2018-08-09 23:34:03 -05:00
ibm_qradar_unauth_rce.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
ipfire_bashbug_exec.rb
Refactor AKA references for modules
2018-08-31 16:56:05 -05:00
ipfire_oinkcode_exec.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
ipfire_proxy_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
kaltura_unserialize_cookie_rce.rb
Use stylistic suggestions from rubocop
2017-11-21 14:30:13 +01:00
kaltura_unserialize_rce.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
kloxo_sqli.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
lifesize_uvc_ping_rce.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
linksys_apply_cgi.rb
40% done
2017-08-28 20:17:58 -04:00
linksys_e1500_apply_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
linksys_themoon_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
linksys_wrt54gl_apply_exec.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
linksys_wrt110_cmd_exec.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
linksys_wrt160nv2_apply_exec.rb
40% done
2017-08-28 20:17:58 -04:00
linksys_wvbr0_user_agent_exec_noauth.rb
Ranking upgrade and uses agent key instead of manually setting user-agent in headers
2017-12-21 23:10:26 -06:00
logsign_exec.rb
40% done
2017-08-28 20:17:58 -04:00
mailcleaner_exec.rb
Add CVE-2018-1000999 to MailCleaner module
2019-01-23 09:27:12 -06:00
microfocus_secure_messaging_gateway.rb
Fixing r and sql variables use same object issue
2018-07-31 00:57:32 +03:00
multi_ncc_ping_exec.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
mutiny_frontend_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
mvpower_dvr_shell_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
nagios_xi_chained_rce_2_electric_boogaloo.rb
Replace WsfDelay with WfsDelay - Fixes #11018
2018-11-25 04:22:11 +00:00
nagios_xi_chained_rce.rb
Update DisclosureDate to ISO 8601 in my modules
2018-11-16 12:18:28 -06:00
netgear_dgn1000_setup_unauth_exec.rb
Clean up module
2017-11-10 18:15:22 -06:00
netgear_dgn1000b_setup_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
netgear_dgn2200b_pppoe_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
netgear_dnslookup_cmd_exec.rb
Correct false negative post_auth? status
2018-08-09 23:34:03 -05:00
netgear_r7000_cgibin_exec.rb
fix msftidy errors
2018-08-28 13:12:43 +02:00
netgear_readynas_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
netgear_unauth_exec.rb
Fixing indentation.
2018-11-12 13:24:00 +08:00
netgear_wnr2000_rce.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
nginx_chunked_size.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
nuuo_nvrmini_auth_rce.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
nuuo_nvrmini_unauth_rce.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
op5_config_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
openfiler_networkcard_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
pandora_fms_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
pandora_fms_sqli.rb
Correct false negative post_auth? status
2018-08-09 23:34:03 -05:00
panos_readsessionvars.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
peercast_url.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
php_imap_open_rce.rb
Add CVE as issued by DWF
2018-12-06 14:59:05 -06:00
pineapp_ldapsyncnow_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
pineapp_livelog_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
pineapp_test_li_conn_exec.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
pineapple_bypass_cmdinject.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
pineapple_preconfig_cmdinject.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
piranha_passwd_exec.rb
Change author name to nick.
2017-11-09 03:00:24 +11:00
qnap_qcenter_change_passwd_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
raidsonic_nas_ib5220_exec_noauth.rb
Remove CommandShell mixin in exploits
2018-12-12 15:43:13 -06:00
railo_cfml_rfi.rb
40% done
2017-08-28 20:17:58 -04:00
rancher_server.rb
Payload space, error handling and style"
2017-10-07 01:12:24 +02:00
realtek_miniigd_upnp_exec_noauth.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
riverbed_netprofiler_netexpress_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
samsung_srv_1670d_upload_exec.rb
Update module and add documentation
2018-01-10 20:13:42 -06:00
seagate_nas_php_exec_noauth.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
smt_ipmi_close_window_bof.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
sophos_wpa_iface_exec.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
sophos_wpa_sblistpack_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
spark_unauth_rce.rb
Add Imran Rashid to CVE-2018-11770 credit
2019-01-14 15:28:08 -06:00
supervisor_xmlrpc_exec.rb
Correct false negative post_auth? status
2018-08-09 23:34:03 -05:00
symantec_messaging_gateway_exec.rb
40% done
2017-08-28 20:17:58 -04:00
symantec_web_gateway_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
symantec_web_gateway_file_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
symantec_web_gateway_lfi.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
symantec_web_gateway_pbcontrol.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
symantec_web_gateway_restore.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
synology_dsm_sliceupload_exec_noauth.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
tiki_calendar_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
tp_link_sc2020n_authenticated_telnet_injection.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
tr064_ntpserver_cmdinject.rb
Update DisclosureDate to ISO 8601 in my modules
2018-11-16 12:18:28 -06:00
trend_micro_imsva_exec.rb
Update DisclosureDate to ISO 8601 in my modules
2018-11-16 12:18:28 -06:00
trendmicro_imsva_widget_exec.rb
Disabling bind type payloads
2017-10-10 09:37:24 +03:00
trendmicro_sps_exec.rb
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
trueonline_billion_5200w_rce.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
trueonline_p660hn_v1_rce.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
trueonline_p660hn_v2_rce.rb
Fix http://seclists.org links to https://
2018-09-15 18:54:45 -05:00
ueb_api_rce.rb
ueb priv esc suggestion
2019-01-09 20:28:53 -05:00
vap2500_tools_command_exec.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
vcms_upload.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
wanem_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
wd_mycloud_multiupload_upload.rb
add cve reference
2017-12-13 18:50:21 -06:00
webcalendar_settings_exec.rb
40% done
2017-08-28 20:17:58 -04:00
webid_converter.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
wipg1000_cmd_injection.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
xplico_exec.rb
Updatig documentation and tweaking initiate_session
2017-11-15 01:04:06 +03:00
zabbix_sqli.rb
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
zen_load_balancer_exec.rb
revisionism
2019-01-10 19:19:14 +00:00
zenoss_showdaemonxmlconfig_exec.rb
revisionism
2019-01-10 19:19:14 +00:00