automatic module_metadata_base.json update

2019-04-24 11:19:11 -07:00 · 2019-04-24 11:19:11 -07:00 · 8a218f60a9
parent 470255cb2b
commit 8a218f60a9
1 changed files with 27 additions and 15 deletions
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@ -55804,7 +55804,7 @@
      "Unix In-Memory",
      "Linux Dropper"
    ],
-    "mod_time": "2019-04-03 19:10:27 +0000",
+    "mod_time": "2019-04-24 11:39:34 +0000",
    "path": "/modules/exploits/linux/upnp/belkin_wemo_upnp_exec.rb",
    "is_install_path": true,
    "ref_name": "linux/upnp/belkin_wemo_upnp_exec",
@ -55812,16 +55812,16 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "NOCVE": "Patched in 2.00.8643 without vendor disclosure",
      "Stability": [
        "crash-safe"
      ],
      "SideEffects": [
        "artifacts-on-disk"
      ],
-      "Reliablity": [
+      "Reliability": [
        "repeatable-session"
-      ],
-      "NOCVE": "Patched in 2.00.8643"
+      ]
    }
  },
  "exploit_linux/upnp/dlink_upnp_msearch_exec": {
@ -57944,7 +57944,7 @@
      "Tavis Ormandy",
      "wvu <wvu@metasploit.com>"
    ],
-    "description": "This module exploits a -dSAFER bypass in Ghostscript to execute\n        arbitrary commands by handling a failed restore (grestore) in\n        PostScript to disable LockSafetyParams and avoid invalidaccess.\n\n        This vulnerability is reachable via libraries such as ImageMagick,\n        and this module provides the latest vector for Ghostscript.\n\n        For previous Ghostscript vectors, please see the following modules:\n          exploit/unix/fileformat/ghostscript_type_confusion\n          exploit/unix/fileformat/imagemagick_delegate",
+    "description": "This module exploits a -dSAFER bypass in Ghostscript to execute\n        arbitrary commands by handling a failed restore (grestore) in\n        PostScript to disable LockSafetyParams and avoid invalidaccess.\n\n        This vulnerability is reachable via libraries such as ImageMagick.",
    "references": [
      "CVE-2018-16509",
      "URL-https://seclists.org/oss-sec/2018/q3/142",
@ -57964,7 +57964,7 @@
      "PowerShell (In-Memory)",
      "Linux (Dropper)"
    ],
-    "mod_time": "2018-11-16 12:18:28 +0000",
+    "mod_time": "2019-04-24 11:34:42 +0000",
    "path": "/modules/exploits/multi/fileformat/ghostscript_failed_restore.rb",
    "is_install_path": true,
    "ref_name": "multi/fileformat/ghostscript_failed_restore",
@ -57972,6 +57972,10 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "RelatedModules": [
+        "exploit/unix/fileformat/ghostscript_type_confusion",
+        "exploit/unix/fileformat/imagemagick_delegate"
+      ]
    }
  },
  "exploit_multi/fileformat/js_unpacker_eval_injection": {
@ -72039,7 +72043,7 @@
      "Atlassian Security Team",
      "hdm <x@hdm.io>"
    ],
-    "description": "This module exploits a type confusion vulnerability in Ghostscript that can\n        be exploited to obtain arbitrary command execution. This vulnerability affects\n        Ghostscript versions 9.21 and earlier and can be exploited through libraries\n        such as ImageMagick and Pillow.\n\n        For more recent Ghostscript vectors, please see the following modules:\n          exploit/multi/fileformat/ghostscript_failed_restore",
+    "description": "This module exploits a type confusion vulnerability in Ghostscript that can\n        be exploited to obtain arbitrary command execution. This vulnerability affects\n        Ghostscript versions 9.21 and earlier and can be exploited through libraries\n        such as ImageMagick and Pillow.",
    "references": [
      "CVE-2017-8291",
      "URL-https://bugs.ghostscript.com/show_bug.cgi?id=697808",
@ -72059,7 +72063,7 @@
    "targets": [
      "EPS file"
    ],
-    "mod_time": "2018-09-17 22:29:20 +0000",
+    "mod_time": "2019-04-24 11:34:42 +0000",
    "path": "/modules/exploits/unix/fileformat/ghostscript_type_confusion.rb",
    "is_install_path": true,
    "ref_name": "unix/fileformat/ghostscript_type_confusion",
@ -72069,6 +72073,10 @@
    "notes": {
      "AKA": [
        "ghostbutt"
+      ],
+      "RelatedModules": [
+        "exploit/multi/fileformat/ghostscript_failed_restore",
+        "exploit/unix/fileformat/imagemagick_delegate"
      ]
    }
  },
@ -72085,7 +72093,7 @@
      "wvu <wvu@metasploit.com>",
      "hdm <x@hdm.io>"
    ],
-    "description": "This module exploits a shell command injection in the way \"delegates\"\n        (commands for converting files) are processed in ImageMagick versions\n        <= 7.0.1-0 and <= 6.9.3-9 (legacy).\n\n        Since ImageMagick uses file magic to detect file format, you can create\n        a .png (for example) which is actually a crafted SVG (for example) that\n        triggers the command injection.\n\n        The PostScript (PS) target leverages a Ghostscript -dSAFER bypass\n        (discovered by taviso) to achieve RCE in the Ghostscript delegate.\n        Ghostscript versions 9.18 and later are affected. This target is\n        provided as is and will not be updated to track additional vulns.\n\n        For more recent Ghostscript vectors, please see the following modules:\n          exploit/multi/fileformat/ghostscript_failed_restore\n          exploit/unix/fileformat/ghostscript_type_confusion\n\n        If USE_POPEN is set to true, a |-prefixed command will be used for the\n        exploit. No delegates are involved in this exploitation.",
+    "description": "This module exploits a shell command injection in the way \"delegates\"\n        (commands for converting files) are processed in ImageMagick versions\n        <= 7.0.1-0 and <= 6.9.3-9 (legacy).\n\n        Since ImageMagick uses file magic to detect file format, you can create\n        a .png (for example) which is actually a crafted SVG (for example) that\n        triggers the command injection.\n\n        The PostScript (PS) target leverages a Ghostscript -dSAFER bypass\n        (discovered by taviso) to achieve RCE in the Ghostscript delegate.\n        Ghostscript versions 9.18 and later are affected. This target is\n        provided as is and will not be updated to track additional vulns.\n\n        If USE_POPEN is set to true, a |-prefixed command will be used for the\n        exploit. No delegates are involved in this exploitation.",
    "references": [
      "CVE-2016-3714",
      "CVE-2016-7976",
@ -72110,7 +72118,7 @@
      "MVG file",
      "PS file"
    ],
-    "mod_time": "2018-11-16 12:18:28 +0000",
+    "mod_time": "2019-04-24 11:34:42 +0000",
    "path": "/modules/exploits/unix/fileformat/imagemagick_delegate.rb",
    "is_install_path": true,
    "ref_name": "unix/fileformat/imagemagick_delegate",
@ -72120,6 +72128,10 @@
    "notes": {
      "AKA": [
        "ImageTragick"
+      ],
+      "RelatedModules": [
+        "exploit/unix/fileformat/ghostscript_type_confusion",
+        "exploit/multi/fileformat/ghostscript_failed_restore"
      ]
    }
  },
@ -74754,7 +74766,7 @@
      "PHP In-Memory",
      "Unix In-Memory"
    ],
-    "mod_time": "2019-04-11 12:15:06 +0000",
+    "mod_time": "2019-04-24 11:41:30 +0000",
    "path": "/modules/exploits/unix/webapp/drupal_restws_unserialize.rb",
    "is_install_path": true,
    "ref_name": "unix/webapp/drupal_restws_unserialize",
@ -74762,17 +74774,17 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "AKA": [
+        "SA-CORE-2019-003"
+      ],
      "Stability": [
        "crash-safe"
      ],
      "SideEffects": [
        "ioc-in-logs"
      ],
-      "Reliablity": [
+      "Reliability": [
        "unreliable-session"
-      ],
-      "AKA": [
-        "SA-CORE-2019-003"
      ]
    }
  },