fix URLs not resolving
fix URLs not resolving add csv export to references fix URLs not resolving pdf not pd missed a url change remove extra recirectedfrom fields remove extra file fix ovftool url accidental replacement
This commit is contained in:
parent
34ffea9f3c
commit
d5ba1afbec
|
@ -33,8 +33,8 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'Actions' => [[ 'WebServer', 'Description' => 'Serve exploit via web server' ]],
|
||||
'PassiveActions' => [ 'WebServer' ],
|
||||
'References' => [
|
||||
[ 'URL', 'https://blog.rapid7.com/2014/09/15/major-android-bug-is-a-privacy-disaster-cve-2014-6041'],
|
||||
[ 'URL', 'http://1337day.com/exploit/description/22581' ],
|
||||
[ 'URL', 'https://www.rapid7.com/blog/post/2014/09/15/major-android-bug-is-a-privacy-disaster-cve-2014-6041/'],
|
||||
[ 'URL', 'https://web.archive.org/web/20150316151817/http://1337day.com/exploit/description/22581' ],
|
||||
[ 'OSVDB', '110664' ],
|
||||
[ 'CVE', '2014-6041' ]
|
||||
],
|
||||
|
|
|
@ -25,13 +25,13 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'License' => MSF_LICENSE,
|
||||
'References' =>
|
||||
[
|
||||
['URL', 'https://blog.rapid7.com/2015/01/22/the-internet-of-gas-station-tank-gauges'],
|
||||
['URL', 'http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/the-gaspot-experiment'],
|
||||
['URL', 'https://www.rapid7.com/blog/post/2015/01/22/the-internet-of-gas-station-tank-gauges/'],
|
||||
['URL', 'https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/the-gaspot-experiment'],
|
||||
['URL', 'https://github.com/sjhilt/GasPot'],
|
||||
['URL', 'https://github.com/mushorg/conpot'],
|
||||
['URL', 'http://www.veeder.com/us/automatic-tank-gauge-atg-consoles'],
|
||||
['URL', 'http://www.chipkin.com/files/liz/576013-635.pdf'],
|
||||
['URL', 'http://www.veeder.com/gold/download.cfm?doc_id=6227']
|
||||
['URL', 'https://www.veeder.com/us/automatic-tank-gauge-atg-consoles'],
|
||||
['URL', 'https://cdn.chipkin.com/files/liz/576013-635.pdf'],
|
||||
['URL', 'https://docs.veeder.com/gold/download.cfm?doc_id=6227']
|
||||
],
|
||||
'DefaultAction' => 'INVENTORY',
|
||||
'Actions' =>
|
||||
|
|
|
@ -24,7 +24,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
['CVE', '2005-2611'],
|
||||
['OSVDB', '18695'],
|
||||
['BID', '14551'],
|
||||
['URL', 'http://www.fpns.net/willy/msbksrc.lzh'],
|
||||
['URL', 'https://web.archive.org/web/20120227144337/http://www.fpns.net/willy/msbksrc.lzh'],
|
||||
],
|
||||
'Actions' =>
|
||||
[
|
||||
|
|
|
@ -23,7 +23,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[
|
||||
[ 'OSVDB', '17627' ],
|
||||
[ 'CVE', '2005-0771' ],
|
||||
[ 'URL', 'http://www.idefense.com/application/poi/display?id=269&type=vulnerabilities'],
|
||||
[ 'URL', 'https://web.archive.org/web/20110801042138/http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=269'],
|
||||
],
|
||||
'Actions' =>
|
||||
[
|
||||
|
|
|
@ -40,7 +40,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
['CVE', '2021-1675'],
|
||||
['CVE', '2021-34527'],
|
||||
['URL', 'https://github.com/cube0x0/CVE-2021-1675'],
|
||||
['URL', 'https://github.com/afwu/PrintNightmare'],
|
||||
['URL', 'https://web.archive.org/web/20210701042336/https://github.com/afwu/PrintNightmare'],
|
||||
['URL', 'https://github.com/calebstewart/CVE-2021-1675/blob/main/CVE-2021-1675.ps1'],
|
||||
['URL', 'https://github.com/byt3bl33d3r/ItWasAllADream']
|
||||
],
|
||||
|
|
|
@ -19,10 +19,10 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'Brent Cook <brent_cook[at]rapid7.com>'
|
||||
],
|
||||
'References' => [
|
||||
['URL', 'http://www.tenable.com/plugins/index.php?view=single&id=35372'],
|
||||
['URL', 'https://www.tenable.com/plugins/nessus/35372'],
|
||||
['URL', 'https://github.com/KINGSABRI/CVE-in-Ruby/tree/master/NONE-CVE/DNSInject'],
|
||||
['URL', 'https://www.christophertruncer.com/dns-modification-dnsinject-nessus-plugin-35372/'],
|
||||
['URL', 'https://github.com/ChrisTruncer/PenTestScripts/blob/master/DNSInject.py']
|
||||
['URL', 'https://github.com/ChrisTruncer/PenTestScripts/blob/master/HostScripts/DNSInject.py']
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'Actions' => [
|
||||
|
|
|
@ -17,8 +17,8 @@ class MetasploitModule < Msf::Auxiliary
|
|||
},
|
||||
'Author' => ['wvu'],
|
||||
'References' => [
|
||||
['URL', 'http://www.amazon.com/dp/B00CX5P8FC?_encoding=UTF8&showFS=1'],
|
||||
['URL', 'http://www.amazon.com/dp/B00GDQ0RMG/ref=fs_ftvs']
|
||||
['URL', 'https://www.amazon.com/dp/B00CX5P8FC?_encoding=UTF8&showFS=1'],
|
||||
['URL', 'https://www.amazon.com/dp/B00GDQ0RMG/ref=fs_ftvs']
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'Actions' => [
|
||||
|
|
|
@ -30,7 +30,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[ 'CVE', '2011-0923' ],
|
||||
[ 'OSVDB', '72526' ],
|
||||
[ 'ZDI', '11-055' ],
|
||||
[ 'URL', 'http://hackarandas.com/blog/2011/08/04/hp-data-protector-remote-shell-for-hpux' ]
|
||||
[ 'URL', 'https://hackarandas.com/blog/2011/08/04/hp-data-protector-remote-shell-for-hpux/' ]
|
||||
],
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
@ -19,8 +19,8 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[
|
||||
[ 'CVE', '2017-12542' ],
|
||||
[ 'BID', '100467' ],
|
||||
[ 'URL', 'https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03769en_us' ],
|
||||
[ 'URL', 'https://www.synacktiv.com/posts/exploit/hp-ilo-talk-at-recon-brx-2018.html' ]
|
||||
[ 'URL', 'https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-hpesbhf03769en_us' ],
|
||||
[ 'URL', 'https://www.synacktiv.com/en/publications/hp-ilo-talk-at-recon-brx-2018.html' ]
|
||||
],
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
@ -23,7 +23,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[ 'OSVDB', '98249' ],
|
||||
[ 'BID', '62902' ],
|
||||
[ 'ZDI', '13-240' ],
|
||||
[ 'URL', 'https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03943547' ]
|
||||
[ 'URL', 'https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c03943547' ]
|
||||
],
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
@ -25,9 +25,9 @@ class MetasploitModule < Msf::Auxiliary
|
|||
],
|
||||
'References' => [
|
||||
['CVE', '2014-9222'],
|
||||
['URL', 'http://mis.fortunecook.ie'],
|
||||
['URL', 'http://mis.fortunecook.ie/misfortune-cookie-suspected-vulnerable.pdf'], # list of likely vulnerable devices
|
||||
['URL', 'http://mis.fortunecook.ie/too-many-cooks-exploiting-tr069_tal-oppenheim_31c3.pdf'] # 31C3 presentation with POC
|
||||
['URL', 'https://web.archive.org/web/20191006135858/http://mis.fortunecook.ie/'],
|
||||
['URL', 'https://web.archive.org/web/20190207102911/http://mis.fortunecook.ie/misfortune-cookie-suspected-vulnerable.pdf'], # list of likely vulnerable devices
|
||||
['URL', 'https://web.archive.org/web/20190623150837/http://mis.fortunecook.ie/too-many-cooks-exploiting-tr069_tal-oppenheim_31c3.pdf'] # 31C3 presentation with POC
|
||||
],
|
||||
'DisclosureDate' => '2014-12-17',
|
||||
'License' => MSF_LICENSE
|
||||
|
|
|
@ -44,7 +44,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[ 'CVE', '2015-0964' ], # XSS vulnerability
|
||||
[ 'CVE', '2015-0965' ], # CSRF vulnerability
|
||||
[ 'CVE', '2015-0966' ], # "techician/yZgO8Bvj" web interface backdoor
|
||||
[ 'URL', 'https://blog.rapid7.com/2015/06/05/r7-2015-01-csrf-backdoor-and-persistent-xss-on-arris-motorola-cable-modems' ],
|
||||
[ 'URL', 'https://www.rapid7.com/blog/post/2015/06/05/r7-2015-01-csrf-backdoor-and-persistent-xss-on-arris-motorola-cable-modems/' ],
|
||||
]
|
||||
))
|
||||
|
||||
|
|
|
@ -32,7 +32,7 @@ metadata = {
|
|||
'date': '2020-06-02',
|
||||
'license': 'GPL_LICENSE',
|
||||
'references': [
|
||||
{'type': 'url', 'ref': 'https://blacklanternsecurity.com/2020-08-07-Cisco-Unified-IP-Conference-Station-7937G/'},
|
||||
{'type': 'url', 'ref': 'https://web.archive.org/web/20200921054955/https://www.blacklanternsecurity.com/2020-08-07-Cisco-Unified-IP-Conference-Station-7937G/'},
|
||||
{'type': 'cve', 'ref': '2020-16137'}
|
||||
],
|
||||
'type': 'single_scanner',
|
||||
|
|
|
@ -22,7 +22,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
['CVE', '2017-5259'],
|
||||
['URL', 'https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities']
|
||||
['URL', 'https://www.rapid7.com/blog/post/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/']
|
||||
],
|
||||
'License' => MSF_LICENSE
|
||||
)
|
||||
|
|
|
@ -21,7 +21,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
['CVE', '2017-5261'],
|
||||
['URL', 'https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities']
|
||||
['URL', 'https://www.rapid7.com/blog/post/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/']
|
||||
],
|
||||
'License' => MSF_LICENSE
|
||||
)
|
||||
|
|
|
@ -23,7 +23,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[
|
||||
[ 'OSVDB', '89861' ],
|
||||
[ 'EDB', '24453' ],
|
||||
[ 'URL', 'http://www.dlink.com/uk/en/home-solutions/connect/routers/dir-600-wireless-n-150-home-router' ],
|
||||
[ 'URL', 'https://eu.dlink.com/uk/en/products/dir-600-wireless-n-150-home-router' ],
|
||||
[ 'URL', 'http://www.s3cur1ty.de/home-network-horror-days' ],
|
||||
[ 'URL', 'http://www.s3cur1ty.de/m1adv2013-003' ]
|
||||
],
|
||||
|
|
|
@ -25,7 +25,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
['CWE', '915'],
|
||||
['OSVDB', '94655'],
|
||||
['URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=966804'],
|
||||
['URL', 'http://projects.theforeman.org/issues/2630']
|
||||
['URL', 'https://projects.theforeman.org/issues/2630']
|
||||
],
|
||||
'DisclosureDate' => 'Jun 6 2013'
|
||||
)
|
||||
|
|
|
@ -19,7 +19,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[ 'CVE', '2010-2731' ],
|
||||
[ 'OSVDB', '66160' ],
|
||||
[ 'MSB', 'MS10-065' ],
|
||||
[ 'URL', 'http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/' ]
|
||||
[ 'URL', 'https://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/' ]
|
||||
],
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
@ -22,7 +22,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[
|
||||
[ 'CVE', '2010-0738' ], # using a VERB other than GET/POST
|
||||
[ 'OSVDB', '64171' ],
|
||||
[ 'URL', 'http://www.redteam-pentesting.de/publications/jboss' ],
|
||||
[ 'URL', 'https://www.redteam-pentesting.de/en/publications/jboss/-bridging-the-gap-between-the-enterprise-and-you-or-whos-the-jboss-now' ],
|
||||
[ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=574105' ]
|
||||
],
|
||||
'Actions' =>
|
||||
|
|
|
@ -21,7 +21,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[
|
||||
[ 'CVE', '2010-0738' ], # using a VERB other than GET/POST
|
||||
[ 'OSVDB', '64171' ],
|
||||
[ 'URL', 'http://www.redteam-pentesting.de/publications/jboss' ],
|
||||
[ 'URL', 'https://www.redteam-pentesting.de/en/publications/jboss/-bridging-the-gap-between-the-enterprise-and-you-or-whos-the-jboss-now' ],
|
||||
[ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=574105' ]
|
||||
],
|
||||
'Actions' =>
|
||||
|
|
|
@ -26,8 +26,8 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'License' => MSF_LICENSE,
|
||||
'References' =>
|
||||
[
|
||||
['URL', 'https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151022-0_Lime_Survey_multiple_critical_vulnerabilities_v10.txt'],
|
||||
['URL', 'https://www.limesurvey.org/en/blog/76-limesurvey-news/security-advisories/1836-limesurvey-security-advisory-10-2015'],
|
||||
['URL', 'https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-lime-survey/'],
|
||||
['URL', 'https://www.limesurvey.org/blog/22-security/136-limesurvey-security-advisory-10-2015'],
|
||||
['URL', 'https://github.com/LimeSurvey/LimeSurvey/compare/2.06_plus_151014...2.06_plus_151016?w=1']
|
||||
],
|
||||
'DisclosureDate' => '2015-10-12'))
|
||||
|
|
|
@ -25,7 +25,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[
|
||||
[ 'EDB', '31758' ],
|
||||
[ 'OSVDB', '103521' ],
|
||||
[ 'URL', 'http://www.devttys0.com/2014/02/wrt120n-fprintf-stack-overflow/' ] # a huge amount of details about this vulnerability and the original exploit
|
||||
[ 'URL', 'https://web.archive.org/web/20210424073058/http://www.devttys0.com/2014/02/wrt120n-fprintf-stack-overflow/' ] # a huge amount of details about this vulnerability and the original exploit
|
||||
],
|
||||
'DisclosureDate' => '2014-02-19'))
|
||||
end
|
||||
|
|
|
@ -27,7 +27,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[
|
||||
[ 'CVE', '2013-0136' ],
|
||||
[ 'US-CERT-VU', '701572' ],
|
||||
[ 'URL', 'https://blog.rapid7.com/2013/05/15/new-1day-exploits-mutiny-vulnerabilities' ]
|
||||
[ 'URL', 'https://www.rapid7.com/blog/post/2013/05/15/new-1day-exploits-mutiny-vulnerabilities/' ]
|
||||
],
|
||||
'Actions' =>
|
||||
[
|
||||
|
|
|
@ -30,7 +30,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[
|
||||
[ 'BID', '72640' ],
|
||||
[ 'OSVDB', '118316' ],
|
||||
[ 'URL', 'https://github.com/darkarnium/secpub/tree/master/NetGear/SOAPWNDR' ]
|
||||
[ 'URL', 'https://github.com/darkarnium/secpub/tree/master/Vulnerabilities/NetGear/SOAPWNDR' ]
|
||||
],
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
@ -33,7 +33,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
['CVE', '2016-10176'],
|
||||
['URL', 'https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt'],
|
||||
['URL', 'https://seclists.org/fulldisclosure/2016/Dec/72'],
|
||||
['URL', 'http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability']
|
||||
['URL', 'https://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability']
|
||||
],
|
||||
'DisclosureDate' => '2016-12-20'))
|
||||
register_options(
|
||||
|
|
|
@ -27,7 +27,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'License' => MSF_LICENSE,
|
||||
'References' =>
|
||||
[
|
||||
[ 'URL', 'https://blog.rapid7.com/2013/08/16/r7-vuln-2013-07-24' ]
|
||||
[ 'URL', 'https://www.rapid7.com/blog/post/2013/08/16/r7-vuln-2013-07-24/' ]
|
||||
],
|
||||
'DefaultOptions' => {
|
||||
'SSL' => true
|
||||
|
|
|
@ -29,7 +29,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
['CVE', '2013-3617'],
|
||||
['OSVDB', '99141'],
|
||||
['BID', '63431'],
|
||||
['URL', 'https://blog.rapid7.com/2013/10/30/seven-tricks-and-treats']
|
||||
['URL', 'https://www.rapid7.com/blog/post/2013/10/30/seven-tricks-and-treats']
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'DisclosureDate' => '2013-10-30'
|
||||
|
|
|
@ -29,8 +29,8 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[ 'OSVDB', '91953' ],
|
||||
[ 'BID', '58833' ],
|
||||
[ 'EDB', '24932' ],
|
||||
[ 'URL', 'http://www.sophos.com/en-us/support/knowledgebase/118969.aspx' ],
|
||||
[ 'URL', 'https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt' ]
|
||||
[ 'URL', 'https://web.archive.org/web/20130603041204/http://www.sophos.com/en-us/support/knowledgebase/118969.aspx' ],
|
||||
[ 'URL', 'https://web.archive.org/web/20140701204340/https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt' ]
|
||||
],
|
||||
'DefaultOptions' => {
|
||||
'SSL' => true
|
||||
|
|
|
@ -32,7 +32,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
['URL', 'http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx'],
|
||||
['URL', 'https://labs.mwrinfosecurity.com/blog/2014/12/16/digging-into-ms14-068-exploitation-and-defence/'],
|
||||
['URL', 'https://github.com/bidord/pykek'],
|
||||
['URL', 'https://blog.rapid7.com/2014/12/25/12-days-of-haxmas-ms14-068-now-in-metasploit']
|
||||
['URL', 'https://www.rapid7.com/blog/post/2014/12/25/12-days-of-haxmas-ms14-068-now-in-metasploit']
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'DisclosureDate' => '2014-11-18'
|
||||
|
|
|
@ -24,7 +24,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'antti <antti.rantasaari[at]netspi.com>'
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'References' => [[ 'URL','http://msdn.microsoft.com/en-us/library/ms174427.aspx']]
|
||||
'References' => [[ 'URL','https://docs.microsoft.com/en-us/sql/t-sql/functions/suser-sname-transact-sql']]
|
||||
))
|
||||
|
||||
register_options(
|
||||
|
|
|
@ -25,7 +25,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'antti <antti.rantasaari[at]netspi.com>'
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'References' => [[ 'URL','http://msdn.microsoft.com/en-us/library/ms174427.aspx']]
|
||||
'References' => [[ 'URL','https://docs.microsoft.com/en-us/sql/t-sql/functions/suser-sname-transact-sql']]
|
||||
))
|
||||
|
||||
register_options(
|
||||
|
|
|
@ -22,7 +22,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
},
|
||||
'Author' => ['nullbind <scott.sutherland[at]netspi.com>'],
|
||||
'License' => MSF_LICENSE,
|
||||
'References' => [['URL','http://msdn.microsoft.com/en-us/library/ms174427.aspx']]
|
||||
'References' => [['URL','https://docs.microsoft.com/en-us/sql/t-sql/functions/suser-sname-transact-sql']]
|
||||
))
|
||||
|
||||
register_options(
|
||||
|
|
|
@ -28,7 +28,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
},
|
||||
'Author' => [ 'nullbind <scott.sutherland[at]netspi.com>' ],
|
||||
'License' => MSF_LICENSE,
|
||||
'References' => [[ 'URL', 'http://en.wikipedia.org/wiki/SMBRelay' ]]
|
||||
'References' => [[ 'URL', 'https://en.wikipedia.org/wiki/SMBRelay' ]]
|
||||
))
|
||||
|
||||
register_options(
|
||||
|
|
|
@ -30,7 +30,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'Antti <antti.rantasaari[at]netspi.com>'
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'References' => [[ 'URL', 'http://en.wikipedia.org/wiki/SMBRelay' ]]
|
||||
'References' => [[ 'URL', 'https://en.wikipedia.org/wiki/SMBRelay' ]]
|
||||
))
|
||||
|
||||
register_options(
|
||||
|
|
|
@ -21,7 +21,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
[ 'CVE', '2014-5208' ],
|
||||
[ 'URL', 'https://blog.rapid7.com/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access']
|
||||
[ 'URL', 'https://www.rapid7.com/blog/post/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access']
|
||||
],
|
||||
'Actions' =>
|
||||
[
|
||||
|
|
|
@ -23,7 +23,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
['OSVDB', '30172'],
|
||||
['BID', '20858'],
|
||||
['CVE', '2006-5702'],
|
||||
['URL', 'http://secunia.com/advisories/22678/'],
|
||||
['URL', 'https://web.archive.org/web/20080211225557/http://secunia.com/advisories/22678/'],
|
||||
],
|
||||
'DisclosureDate' => '2006-11-01',
|
||||
'Actions' =>
|
||||
|
|
|
@ -27,7 +27,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[
|
||||
['BID', '17978'],
|
||||
['OSVDB', '25479'],
|
||||
['URL', 'http://secunia.com/advisories/20107/'],
|
||||
['URL', 'https://web.archive.org/web/20080102163013/http://secunia.com/advisories/20107/'],
|
||||
['CVE', '2006-2369'],
|
||||
],
|
||||
'DisclosureDate' => '2006-05-15'))
|
||||
|
|
|
@ -22,7 +22,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
['OSVDB', '66842'],
|
||||
['URL', 'http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html'],
|
||||
['URL', 'https://www.rapid7.com/blog/post/2010/08/02/new-vxworks-vulnerabilities/'],
|
||||
['US-CERT-VU', '362332']
|
||||
]
|
||||
))
|
||||
|
|
|
@ -22,7 +22,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
['OSVDB', '66842'],
|
||||
['URL', 'http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html'],
|
||||
['URL', 'https://www.rapid7.com/blog/post/2010/08/02/new-vxworks-vulnerabilities/'],
|
||||
['US-CERT-VU', '362332']
|
||||
]
|
||||
))
|
||||
|
|
|
@ -17,7 +17,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
['OSVDB', '66842'],
|
||||
['URL', 'http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html'],
|
||||
['URL', 'https://www.rapid7.com/blog/post/2010/08/02/new-vxworks-vulnerabilities/'],
|
||||
['US-CERT-VU', '362332']
|
||||
],
|
||||
'Actions' =>
|
||||
|
|
|
@ -19,7 +19,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
['OSVDB', '66842'],
|
||||
['URL', 'http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html'],
|
||||
['URL', 'https://www.rapid7.com/blog/post/2010/08/02/new-vxworks-vulnerabilities/'],
|
||||
['US-CERT-VU', '362332']
|
||||
],
|
||||
'Actions' =>
|
||||
|
|
|
@ -26,7 +26,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
['BID', '18744'],
|
||||
['CVE', '2006-3392'],
|
||||
['US-CERT-VU', '999601'],
|
||||
['URL', 'http://secunia.com/advisories/20892/'],
|
||||
['URL', 'https://web.archive.org/web/20060722192501/http://secunia.com/advisories/20892/'],
|
||||
],
|
||||
'DisclosureDate' => '2006-06-30',
|
||||
'Actions' =>
|
||||
|
|
|
@ -27,8 +27,8 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
['CVE', '2014-0050'],
|
||||
['URL', 'http://tomcat.apache.org/security-8.html'],
|
||||
['URL', 'http://tomcat.apache.org/security-7.html']
|
||||
['URL', 'https://tomcat.apache.org/security-8.html'],
|
||||
['URL', 'https://tomcat.apache.org/security-7.html']
|
||||
],
|
||||
'DisclosureDate' => '2014-02-06'
|
||||
))
|
||||
|
|
|
@ -43,8 +43,8 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[ 'CVE', '2010-0425' ],
|
||||
[ 'OSVDB', '62674'],
|
||||
[ 'BID', '38494' ],
|
||||
[ 'URL', 'https://issues.apache.org/bugzilla/show_bug.cgi?id=48509' ],
|
||||
[ 'URL', 'http://www.gossamer-threads.com/lists/apache/cvs/381537' ],
|
||||
[ 'URL', 'https://bz.apache.org/bugzilla/show_bug.cgi?id=48509' ],
|
||||
[ 'URL', 'https://web.archive.org/web/20100715032229/http://www.gossamer-threads.com/lists/apache/cvs/381537' ],
|
||||
[ 'URL', 'http://www.senseofsecurity.com.au/advisories/SOS-10-002' ],
|
||||
[ 'EDB', '11650' ]
|
||||
],
|
||||
|
|
|
@ -24,7 +24,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
],
|
||||
'References' => [
|
||||
[ 'CVE', '2017-16249' ],
|
||||
[ 'URL', 'https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-017/?fid=10211']
|
||||
[ 'URL', 'https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18730']
|
||||
],
|
||||
'DisclosureDate' => '2017-11-02'))
|
||||
end
|
||||
|
|
|
@ -23,7 +23,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
],
|
||||
'References' => [
|
||||
[ 'CVE', '2013-4615' ],
|
||||
[ 'URL', 'http://www.mattandreko.com/2013/06/canon-y-u-no-security.html']
|
||||
[ 'URL', 'https://www.mattandreko.com/2013/06/canon-y-u-no-security.html']
|
||||
],
|
||||
'DisclosureDate' => '2013-06-18'))
|
||||
end
|
||||
|
|
|
@ -33,11 +33,11 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'License' => MSF_LICENSE,
|
||||
'References' =>
|
||||
[
|
||||
['URL', 'http://www.ocert.org/advisories/ocert-2011-003.html'],
|
||||
['URL', 'http://www.nruns.com/_downloads/advisory28122011.pdf'],
|
||||
['URL', 'http://events.ccc.de/congress/2011/Fahrplan/events/4680.en.html'],
|
||||
['URL', 'http://events.ccc.de/congress/2011/Fahrplan/attachments/2007_28C3_Effective_DoS_on_web_application_platforms.pdf'],
|
||||
['URL', 'http://www.youtube.com/watch?v=R2Cq3CLI6H8'],
|
||||
['URL', 'http://ocert.org/advisories/ocert-2011-003.html'],
|
||||
['URL', 'https://web.archive.org/web/20120105151644/http://www.nruns.com/_downloads/advisory28122011.pdf'],
|
||||
['URL', 'https://fahrplan.events.ccc.de/congress/2011/Fahrplan/events/4680.en.html'],
|
||||
['URL', 'https://fahrplan.events.ccc.de/congress/2011/Fahrplan/attachments/2007_28C3_Effective_DoS_on_web_application_platforms.pdf'],
|
||||
['URL', 'https://www.youtube.com/watch?v=R2Cq3CLI6H8'],
|
||||
['CVE', '2011-5034'],
|
||||
['CVE', '2011-5035'],
|
||||
['CVE', '2011-4885'],
|
||||
|
|
|
@ -30,7 +30,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[
|
||||
['CVE', '2015-1635'],
|
||||
['MSB', 'MS15-034'],
|
||||
['URL', 'http://pastebin.com/ypURDPc4'],
|
||||
['URL', 'https://pastebin.com/ypURDPc4'],
|
||||
['URL', 'https://github.com/rapid7/metasploit-framework/pull/5150'],
|
||||
['URL', 'https://community.qualys.com/blogs/securitylabs/2015/04/20/ms15-034-analyze-and-remote-detection'],
|
||||
['URL', 'http://www.securitysift.com/an-analysis-of-ms15-034/']
|
||||
|
|
|
@ -28,7 +28,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[ 'CVE', '2013-4450' ],
|
||||
[ 'OSVDB', '98724' ],
|
||||
[ 'BID' , '63229' ],
|
||||
[ 'URL', 'http://blog.nodejs.org/2013/10/22/cve-2013-4450-http-server-pipeline-flood-dos' ]
|
||||
[ 'URL', 'https://nodejs.org/ja/blog/vulnerability/http-server-pipeline-flood-dos/' ]
|
||||
],
|
||||
'DisclosureDate' => '2013-10-18'))
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'License' => MSF_LICENSE,
|
||||
'References' => [
|
||||
[ 'CVE', '2012-4956' ],
|
||||
[ 'URL', 'https://blog.rapid7.com/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959' ]
|
||||
[ 'URL', 'https://www.rapid7.com/blog/post/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959/' ]
|
||||
],
|
||||
'DisclosureDate' => '2012-11-16'))
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
['EDB', '44842'],
|
||||
['CVE', '2018-11646'],
|
||||
['URL', 'https://bugs.webkit.org/show_bug.cgi?id=186164'],
|
||||
['URL', 'https://datarift.blogspot.com/2018/06/cve-2018-11646-webkit.html']
|
||||
['URL', 'https://www.inputzero.io/2018/06/cve-2018-11646-webkit.html']
|
||||
],
|
||||
'DisclosureDate' => '2018-06-03',
|
||||
'Actions' => [[ 'WebServer', 'Description' => 'Serve exploit via web server' ]],
|
||||
|
|
|
@ -25,7 +25,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
['CVE', '2014-9016'],
|
||||
['URL', 'http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9034'],
|
||||
['URL', 'https://nvd.nist.gov/vuln/detail/CVE-2014-9034'],
|
||||
['OSVDB', '114857'],
|
||||
['WPVDB', '7681']
|
||||
],
|
||||
|
|
|
@ -24,9 +24,9 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
['CVE', '2014-5266'],
|
||||
['URL', 'http://wordpress.org/news/2014/08/wordpress-3-9-2/'],
|
||||
['URL', 'https://wordpress.org/news/2014/08/wordpress-3-9-2/'],
|
||||
['URL', 'http://www.breaksec.com/?p=6362'],
|
||||
['URL', 'http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/'],
|
||||
['URL', 'https://mashable.com/archive/wordpress-xml-blowup-dos'],
|
||||
['URL', 'https://core.trac.wordpress.org/changeset/29404'],
|
||||
['WPVDB', '7526']
|
||||
],
|
||||
|
|
|
@ -16,7 +16,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
},
|
||||
'References' =>
|
||||
[
|
||||
[ 'URL', 'https://code.google.com/p/memcached/issues/detail?id=192' ],
|
||||
[ 'URL', 'https://code.google.com/archive/p/memcached/issues/192' ],
|
||||
[ 'CVE', '2011-4971' ],
|
||||
[ 'OSVDB', '92867' ]
|
||||
],
|
||||
|
|
|
@ -27,7 +27,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[ 'BID', '37255' ],
|
||||
[ 'CVE', '2009-3563' ],
|
||||
[ 'OSVDB', '60847' ],
|
||||
[ 'URL', 'https://support.ntp.org/bugs/show_bug.cgi?id=1331' ]
|
||||
[ 'URL', 'https://bugs.ntp.org/show_bug.cgi?id=1331' ]
|
||||
],
|
||||
'DisclosureDate' => '2009-10-04'))
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' => [
|
||||
[ 'OSVDB', '74780' ],
|
||||
[ 'URL', 'http://dsecrg.com/pages/vul/show.php?id=331' ],
|
||||
[ 'URL', 'https://service.sap.com/sap/support/notes/1554030' ]
|
||||
[ 'URL', 'https://launchpad.support.sap.com/#/notes/1554030' ]
|
||||
],
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
@ -29,8 +29,8 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
[ 'CVE', '2017-7924' ],
|
||||
[ 'URL', 'https://ics-cert.us-cert.gov/advisories/ICSA-17-138-03' ],
|
||||
[ 'URL', 'http://dl.acm.org/citation.cfm?doid=3174776.3174780']
|
||||
[ 'URL', 'https://www.cisa.gov/uscert/ics/advisories/ICSA-17-138-03' ],
|
||||
[ 'URL', 'https://dl.acm.org/doi/10.1145/3174776.3174780']
|
||||
])
|
||||
register_options([Opt::RPORT(44818),])
|
||||
end
|
||||
|
|
|
@ -24,7 +24,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[
|
||||
[ 'CVE', '2011-4050' ],
|
||||
[ 'OSVDB', '77976' ],
|
||||
[ 'URL', 'http://www.us-cert.gov/control_systems/pdf/ICSA-11-335-01.pdf' ]
|
||||
[ 'URL', 'https://www.cisa.gov/uscert/ics/advisories/ICSA-11-335-01' ]
|
||||
],
|
||||
'DisclosureDate' => '2011-12-20'
|
||||
))
|
||||
|
|
|
@ -22,7 +22,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[
|
||||
[ 'CVE' '2015-5374' ],
|
||||
[ 'EDB', '44103' ],
|
||||
[ 'URL', 'https://ics-cert.us-cert.gov/advisories/ICSA-15-202-01' ]
|
||||
[ 'URL', 'https://www.cisa.gov/uscert/ics/advisories/ICSA-15-202-01' ]
|
||||
])
|
||||
register_options([Opt::RPORT(50000),])
|
||||
end
|
||||
|
|
|
@ -26,7 +26,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
[ 'URL', 'http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf' ],
|
||||
[ 'URL', 'https://blog.rapid7.com/2014/03/10/yokogawa-centum-cs3000-vulnerabilities' ],
|
||||
[ 'URL', 'https://www.rapid7.com/blog/post/2014/03/10/yokogawa-centum-cs3000-vulnerabilities/' ],
|
||||
[ 'CVE', '2014-0781']
|
||||
],
|
||||
'DisclosureDate' => '2014-03-10',
|
||||
|
|
|
@ -32,7 +32,8 @@ metadata = {
|
|||
],
|
||||
date: '2017-06-29',
|
||||
references: [
|
||||
{ type: 'url', ref: 'http://smbloris.com/' }
|
||||
{ type: 'url', ref: 'https://web.archive.org/web/20170804072329/https://smbloris.com/' },
|
||||
{ type: 'aka', ref: 'SMBLoris'}
|
||||
],
|
||||
type: 'dos',
|
||||
options: {
|
||||
|
|
|
@ -23,7 +23,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
[ 'CVE', '2011-3200'],
|
||||
[ 'URL', 'http://www.rsyslog.com/potential-dos-with-malformed-tag/' ],
|
||||
[ 'URL', 'https://www.rsyslog.com/potential-dos-with-malformed-tag/' ],
|
||||
[ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=727644' ],
|
||||
],
|
||||
'DisclosureDate' => 'Sep 01 2011')
|
||||
|
|
|
@ -25,7 +25,8 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[ 'CVE', '2013-0229' ],
|
||||
[ 'OSVDB', '89625' ],
|
||||
[ 'BID', '57607' ],
|
||||
[ 'URL', 'https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf' ]
|
||||
[ 'URL', 'https://www.rapid7.com/blog/post/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play/' ],
|
||||
[ 'URL', 'https://www.hdm.io/writing/SecurityFlawsUPnP.pdf' ]
|
||||
],
|
||||
'DisclosureDate' => '2013-03-27',
|
||||
))
|
||||
|
|
|
@ -31,7 +31,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[ 'BID', '45542' ],
|
||||
[ 'MSB', 'MS11-004' ],
|
||||
[ 'EDB', '15803' ],
|
||||
[ 'URL', 'http://blogs.technet.com/b/srd/archive/2010/12/22/assessing-an-iis-ftp-7-5-unauthenticated-denial-of-service-vulnerability.aspx' ]
|
||||
[ 'URL', 'https://msrc-blog.microsoft.com/2010/12/22/assessing-an-iis-ftp-7-5-unauthenticated-denial-of-service-vulnerability/' ]
|
||||
],
|
||||
'DisclosureDate' => '2010-12-21'))
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[ 'URL', 'http://pastie.org/private/feg8du0e9kfagng4rrg' ],
|
||||
[ 'URL', 'http://stratsec.blogspot.com.au/2012/03/ms12-020-vulnerability-for-breakfast.html' ],
|
||||
[ 'EDB', '18606' ],
|
||||
[ 'URL', 'https://blog.rapid7.com/2012/03/21/metasploit-update' ]
|
||||
[ 'URL', 'https://www.rapid7.com/blog/post/2012/03/21/metasploit-update/' ]
|
||||
],
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
@ -25,7 +25,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
['BID', '36299'],
|
||||
['OSVDB', '57799'],
|
||||
['MSB', 'MS09-050'],
|
||||
['URL', 'https://seclists.org/fulldisclosure/2009/Sep/0039.html']
|
||||
['URL', 'https://seclists.org/fulldisclosure/2009/Sep/39']
|
||||
]
|
||||
))
|
||||
register_options([
|
||||
|
|
|
@ -19,7 +19,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
[ 'OSVDB', '92081'],
|
||||
[ 'URL', 'http://www.mattandreko.com/2013/04/sysax-multi-server-610-ssh-dos.html']
|
||||
[ 'URL', 'https://www.mattandreko.com/2013/04/sysax-multi-server-610-ssh-dos.html']
|
||||
],
|
||||
'DisclosureDate' => '2013-03-17'))
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[
|
||||
[ 'CVE', '2011-1140'],
|
||||
[ 'OSVDB', '71552'],
|
||||
[ 'URL', 'http://www.wireshark.org/security/wnpa-sec-2011-04.html' ],
|
||||
[ 'URL', 'https://www.wireshark.org/security/wnpa-sec-2011-04.html' ],
|
||||
[ 'URL', 'https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5717' ],
|
||||
],
|
||||
'DisclosureDate' => '2011-03-01'))
|
||||
|
|
|
@ -25,7 +25,7 @@ metadata = {
|
|||
'date': '2018-03-22',
|
||||
'license': 'MSF_LICENSE',
|
||||
'references': [
|
||||
{'type': 'url', 'ref': 'https://blog.rapid7.com/2017/12/28/regifting-python-in-metasploit/'},
|
||||
{'type': 'url', 'ref': 'https://www.rapid7.com/blog/post/2017/12/28/regifting-python-in-metasploit/'},
|
||||
{'type': 'aka', 'ref': 'Coldstone'}
|
||||
],
|
||||
'type': 'single_scanner',
|
||||
|
|
|
@ -27,7 +27,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[
|
||||
# patch for file redirection, 2014
|
||||
['URL', 'https://android.googlesource.com/platform/packages/apps/Browser/+/d2391b492dec778452238bc6d9d549d56d41c107%5E%21/#F0'],
|
||||
['URL', 'https://code.google.com/p/chromium/issues/detail?id=90222'] # the UXSS
|
||||
['URL', 'https://bugs.chromium.org/p/chromium/issues/detail?id=90222'] # the UXSS
|
||||
],
|
||||
'DefaultAction' => 'WebServer'
|
||||
))
|
||||
|
|
|
@ -35,7 +35,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' => [
|
||||
[ 'URL', 'http://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html'],
|
||||
[ 'URL', 'https://android.googlesource.com/platform/external/webkit/+/109d59bf6fe4abfd001fc60ddd403f1046b117ef' ],
|
||||
[ 'URL', 'http://trac.webkit.org/changeset/96826' ]
|
||||
[ 'URL', 'http://trac.webkit.org/changeset/96826/webkit' ]
|
||||
],
|
||||
'DefaultAction' => 'WebServer',
|
||||
'DisclosureDate' => '2014-10-04'
|
||||
|
|
|
@ -28,7 +28,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'Author' => 'joev',
|
||||
'References' =>
|
||||
[
|
||||
['URL', 'https://blog.rapid7.com/2013/04/25/abusing-safaris-webarchive-file-format']
|
||||
['URL', 'https://www.rapid7.com/blog/post/2013/04/25/abusing-safaris-webarchive-file-format/']
|
||||
],
|
||||
'DisclosureDate' => '2013-02-22',
|
||||
'Actions' => [[ 'WebServer', 'Description' => 'Serve exploit via web server' ]],
|
||||
|
|
|
@ -23,7 +23,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' => [
|
||||
[ 'CVE', '2018-6849' ],
|
||||
[ 'URL', 'http://net.ipcalf.com/' ],
|
||||
[ 'URL', 'https://datarift.blogspot.in/p/private-ip-leakage-using-webrtc.html' ]
|
||||
[ 'URL', 'https://www.inputzero.io/p/private-ip-leakage-using-webrtc.html' ]
|
||||
],
|
||||
'DisclosureDate' => '2013-09-05',
|
||||
'Actions' => [[ 'WebServer', 'Description' => 'Serve exploit via web server' ]],
|
||||
|
|
|
@ -26,7 +26,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
# aushack - None? Stumbled across, probably an old bug/feature but unsure.
|
||||
[ 'URL', 'http://www.osisecurity.com.au/advisories/checkpoint-firewall-securemote-hostname-information-disclosure' ],
|
||||
[ 'URL', 'https://web.archive.org/web/20120508142715/http://www.osisecurity.com.au/advisories/checkpoint-firewall-securemote-hostname-information-disclosure' ],
|
||||
[ 'URL', 'https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk69360' ]
|
||||
]
|
||||
))
|
||||
|
|
|
@ -32,7 +32,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
['CVE', '2019-1653'],
|
||||
['URL', 'https://seclists.org/fulldisclosure/2019/Jan/52'],
|
||||
['URL', 'https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg42801'],
|
||||
['URL', 'http://www.cisco.com/en/US/products/csa/cisco-sa-20110330-acs.html']
|
||||
['URL', 'https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20110330-acs.html']
|
||||
],
|
||||
'DisclosureDate' => '2019-01-24',
|
||||
'DefaultOptions' =>
|
||||
|
|
|
@ -22,7 +22,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
],
|
||||
'References' =>
|
||||
[
|
||||
[ 'URL', 'https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/PEST-CONTROL.pdf' ],
|
||||
[ 'URL', 'https://www.nccgroup.com/globalassets/our-research/us/whitepapers/PEST-CONTROL.pdf' ],
|
||||
[ 'URL', 'http://samvartaka.github.io/exploitation/2016/06/03/dead-rats-exploiting-malware' ]
|
||||
],
|
||||
'DisclosureDate' => '2012-10-08',
|
||||
|
|
|
@ -30,8 +30,8 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[ 'OSVDB', '86429' ],
|
||||
[ 'BID', '56103' ],
|
||||
[ 'URL', 'https://drupal.org/node/1815912' ],
|
||||
[ 'URL', 'http://drupalcode.org/project/drupal.git/commit/b912710' ],
|
||||
[ 'URL', 'http://www.ubercomp.com/posts/2014-01-16_facebook_remote_code_execution' ]
|
||||
[ 'URL', 'https://github.com/drupal/drupal/commit/b9127101ffeca819e74a03fa9f5a48d026c562e5' ],
|
||||
[ 'URL', 'https://www.ubercomp.com/posts/2014-01-16_facebook_remote_code_execution' ]
|
||||
],
|
||||
'DisclosureDate' => '2012-10-17'
|
||||
))
|
||||
|
|
|
@ -21,7 +21,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
['OSVDB', '83199'],
|
||||
['URL', 'http://secunia.com/advisories/49103/']
|
||||
['URL', 'https://web.archive.org/web/20121014000855/http://secunia.com/advisories/49103/']
|
||||
],
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
@ -35,7 +35,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
['CVE', '2021-26855'],
|
||||
['LOGO', 'https://proxylogon.com/images/logo.jpg'],
|
||||
['URL', 'https://proxylogon.com/'],
|
||||
['URL', 'https://aka.ms/exchangevulns'],
|
||||
['URL', 'https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/'],
|
||||
['URL', 'https://docs.microsoft.com/en-us/exchange/client-developer/web-service-reference/distinguishedfolderid'],
|
||||
['URL', 'https://github.com/3gstudent/Homework-of-Python/blob/master/ewsManage.py']
|
||||
],
|
||||
|
|
|
@ -31,7 +31,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
['CVE', '2014-4671'],
|
||||
['URL', 'http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/'],
|
||||
['URL', 'https://github.com/mikispag/rosettaflash'],
|
||||
['URL', 'http://quaxio.com/jsonp_handcrafted_flash_files/']
|
||||
['URL', 'https://www.quaxio.com/jsonp_handcrafted_flash_files/']
|
||||
],
|
||||
'DisclosureDate' => '2014-07-08',
|
||||
'Actions' => [[ 'WebServer', 'Description' => 'Serve exploit via web server' ]],
|
||||
|
|
|
@ -16,7 +16,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'Author' => 'Chris John Riley',
|
||||
'References' =>
|
||||
[
|
||||
['URL', 'http://www.slideshare.net/ChrisJohnRiley/ssl-certificate-impersonation-for-shits-andgiggles']
|
||||
['URL', 'https://www.slideshare.net/ChrisJohnRiley/ssl-certificate-impersonation-for-shits-andgiggles']
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'Description' => %q{
|
||||
|
|
|
@ -21,7 +21,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'License' => MSF_LICENSE,
|
||||
'References' =>
|
||||
[
|
||||
['URL', 'http://docs.oracle.com/javase/8/docs/platform/rmi/spec/rmiTOC.html']
|
||||
['URL', 'https://docs.oracle.com/javase/8/docs/platform/rmi/spec/rmiTOC.html']
|
||||
]
|
||||
)
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
[ 'EDB', '38664' ],
|
||||
[ 'URL', 'http://www.th3r3p0.com/vulns/jenkins/jenkinsVuln.html' ]
|
||||
[ 'URL', 'https://www.th3r3p0.com/vulns/jenkins/jenkinsVuln.html' ]
|
||||
],
|
||||
'DefaultOptions' =>
|
||||
{
|
||||
|
|
|
@ -17,7 +17,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
['CVE', '2015-7297'],
|
||||
['URL', 'https://www.trustwave.com/Resources/SpiderLabs-Blog/Joomla-SQL-Injection-Vulnerability-Exploit-Results-in-Full-Administrative-Access/']
|
||||
['URL', 'https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/joomla-sql-injection-vulnerability-exploit-results-in-full-administrative-access/']
|
||||
],
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
@ -23,7 +23,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
['EDB', '31459'],
|
||||
['URL', 'http://developer.joomla.org/security/578-20140301-core-sql-injection.html']
|
||||
['URL', 'https://developer.joomla.org/security/578-20140301-core-sql-injection.html']
|
||||
],
|
||||
'DisclosureDate' => '2014-03-02'
|
||||
))
|
||||
|
|
|
@ -24,7 +24,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
['CVE', '2014-2238'],
|
||||
['URL', 'http://www.mantisbt.org/bugs/view.php?id=17055']
|
||||
['URL', 'https://www.mantisbt.org/bugs/view.php?id=17055']
|
||||
],
|
||||
'Platform' => ['win', 'linux'],
|
||||
'Privileged' => false,
|
||||
|
|
|
@ -19,7 +19,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
['Brandon Perry <bperry.volatile[at]gmail.com>'],
|
||||
'References' =>
|
||||
[
|
||||
['URL', 'http://nosql.mypopescu.com/post/14453905385/attacking-nosql-and-node-js-server-side-javascript']
|
||||
['URL', 'https://nosql.mypopescu.com/post/14453905385/attacking-nosql-and-nodejs-server-side#_=_']
|
||||
],
|
||||
'Platform' => ['linux', 'win'],
|
||||
'Privileged' => false,
|
||||
|
|
|
@ -28,7 +28,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[ 'CVE', '2013-7331'],
|
||||
[ 'MSB', 'MS14-052' ],
|
||||
[ 'URL', 'https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/' ],
|
||||
[ 'URL', 'https://www.alienvault.com/open-threat-exchange/blog/attackers-abusing-internet-explorer-to-enumerate-software-and-detect-securi' ]
|
||||
[ 'URL', 'https://cybersecurity.att.com/blogs/labs-research/attackers-abusing-internet-explorer-to-enumerate-software-and-detect-securi' ]
|
||||
],
|
||||
'Platform' => 'win',
|
||||
'DisclosureDate' => '2014-09-09', # MSB. Used in the wild since Feb 2014
|
||||
|
|
|
@ -26,10 +26,10 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
[ 'CVE', '2017-5521' ],
|
||||
[ 'URL', 'https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-003/?fid=8911' ],
|
||||
[ 'URL', 'http://thehackernews.com/2017/01/Netgear-router-password-hacking.html'],
|
||||
[ 'URL', 'https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2017-5521--Bypassing-Authentication-on-NETGEAR-Routers/'],
|
||||
[ 'URL', 'http://pastebin.com/dB4bTgxz'],
|
||||
[ 'URL', 'https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18758' ],
|
||||
[ 'URL', 'https://thehackernews.com/2017/01/Netgear-router-password-hacking.html'],
|
||||
[ 'URL', 'https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/'],
|
||||
[ 'URL', 'https://pastebin.com/dB4bTgxz'],
|
||||
[ 'EDB', '41205']
|
||||
],
|
||||
'License' => MSF_LICENSE
|
||||
|
|
|
@ -24,9 +24,9 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'wvu' # Metasploit module
|
||||
],
|
||||
'References' => [
|
||||
['URL', 'https://tools.ietf.org/html/rfc1831'],
|
||||
['URL', 'https://tools.ietf.org/html/rfc4506'],
|
||||
['URL', 'http://pentestmonkey.net/blog/nis-domain-name']
|
||||
['URL', 'https://datatracker.ietf.org/doc/html/rfc1831'],
|
||||
['URL', 'https://datatracker.ietf.org/doc/html/rfc4506'],
|
||||
['URL', 'https://pentestmonkey.net/blog/nis-domain-name']
|
||||
],
|
||||
'License' => MSF_LICENSE
|
||||
))
|
||||
|
|
|
@ -29,8 +29,8 @@ class MetasploitModule < Msf::Auxiliary
|
|||
},
|
||||
'Author' => 'wvu',
|
||||
'References' => [
|
||||
['URL', 'https://tools.ietf.org/html/rfc1831'],
|
||||
['URL', 'https://tools.ietf.org/html/rfc4506']
|
||||
['URL', 'https://datatracker.ietf.org/doc/html/rfc1831'],
|
||||
['URL', 'https://datatracker.ietf.org/doc/html/rfc4506']
|
||||
],
|
||||
'License' => MSF_LICENSE
|
||||
))
|
||||
|
|
|
@ -32,7 +32,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
[ 'CVE', '2018-17888' ],
|
||||
[ 'URL', 'https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02' ],
|
||||
[ 'URL', 'https://www.cisa.gov/uscert/ics/advisories/ICSA-18-284-02' ],
|
||||
[ 'URL', 'https://seclists.org/fulldisclosure/2019/Jan/51' ],
|
||||
[ 'URL', 'https://raw.githubusercontent.com/pedrib/PoC/master/advisories/NUUO/nuuo-cms-ownage.txt' ]
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
[ 'CVE', '2018-17934' ],
|
||||
[ 'URL', 'https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02' ],
|
||||
[ 'URL', 'https://www.cisa.gov/uscert/ics/advisories/ICSA-18-284-02' ],
|
||||
[ 'URL', 'https://seclists.org/fulldisclosure/2019/Jan/51' ],
|
||||
[ 'URL', 'https://raw.githubusercontent.com/pedrib/PoC/master/advisories/NUUO/nuuo-cms-ownage.txt' ]
|
||||
|
||||
|
|
|
@ -37,7 +37,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[
|
||||
['CVE', '2019-2557'],
|
||||
['URL', 'https://srcincite.io/advisories/src-2019-0033/'],
|
||||
['URL', 'https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html']
|
||||
['URL', 'https://www.oracle.com/security-alerts/cpuapr2019.html']
|
||||
],
|
||||
'DisclosureDate' => '2019-04-16'
|
||||
))
|
||||
|
|
|
@ -34,7 +34,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
['CVE', '2019-7194'],
|
||||
['CVE', '2019-7195'],
|
||||
['EDB', '48531'],
|
||||
['URL', 'https://medium.com/bugbountywriteup/qnap-pre-auth-root-rce-affecting-450k-devices-on-the-internet-d55488d28a05'],
|
||||
['URL', 'https://infosecwriteups.com/qnap-pre-auth-root-rce-affecting-450k-devices-on-the-internet-d55488d28a05'],
|
||||
['URL', 'https://www.qnap.com/en-us/security-advisory/nas-201911-25'],
|
||||
['URL', 'https://github.com/Imanfeng/QNAP-NAS-RCE']
|
||||
],
|
||||
|
|
|
@ -27,7 +27,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
[ 'MSDN', 'http://technet.microsoft.com/en-us/library/cc749415(v=ws.10).aspx'],
|
||||
[ 'URL', 'http://rewtdance.blogspot.co.uk/2012/11/windows-deployment-services-clear-text.html'],
|
||||
[ 'URL', 'http://rewtdance.blogspot.com/2012/11/windows-deployment-services-clear-text.html'],
|
||||
],
|
||||
))
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
['WPVDB', '7857'],
|
||||
['URL', 'http://www.pritect.net/blog/all-in-one-wp-migration-2-0-4-security-vulnerability']
|
||||
['URL', 'https://www.pritect.net/blog/all-in-one-wp-migration-2-0-4-security-vulnerability']
|
||||
],
|
||||
'DisclosureDate' => '2015-03-19'
|
||||
))
|
||||
|
|
|
@ -23,9 +23,9 @@ class MetasploitModule < Msf::Auxiliary
|
|||
],
|
||||
'References' =>
|
||||
[
|
||||
['URL', 'http://forum.xbmc.org/showthread.php?tid=144110&pid=1227348'],
|
||||
['URL', 'https://forum.kodi.tv/showthread.php?tid=144110&pid=1227348'],
|
||||
['URL', 'https://github.com/xbmc/xbmc/commit/bdff099c024521941cb0956fe01d99ab52a65335'],
|
||||
['URL', 'http://www.ioactive.com/pdfs/Security_Advisory_XBMC.pdf'],
|
||||
['URL', 'https://ioactive.com/pdfs/Security_Advisory_XBMC.pdf'],
|
||||
],
|
||||
'DisclosureDate' => '2012-11-04'
|
||||
))
|
||||
|
|
|
@ -32,7 +32,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'Grant Willcox' # Additional fixes to refine searches, improve quality of info saved and improve error handling.
|
||||
],
|
||||
'References' => [
|
||||
['URL', 'https://github.com/zoomeye/SDK'],
|
||||
['URL', 'https://github.com/knownsec/ZoomEye-python'],
|
||||
['URL', 'https://www.zoomeye.org/api/doc'],
|
||||
['URL', 'https://www.zoomeye.org/help/manual']
|
||||
],
|
||||
|
|
|
@ -21,9 +21,9 @@ class MetasploitModule < Msf::Auxiliary
|
|||
],
|
||||
'References' =>
|
||||
[
|
||||
['URL', 'http://technet.microsoft.com/en-us/library/ff715801'],
|
||||
['URL', 'http://technet.microsoft.com/en-us/library/cc749415(v=ws.10).aspx'],
|
||||
['URL', 'http://technet.microsoft.com/en-us/library/c026170e-40ef-4191-98dd-0b9835bfa580']
|
||||
['URL', 'https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-8.1-and-8/ff715801(v=win.10)'],
|
||||
['URL', 'https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-vista/cc749415(v=ws.10)'],
|
||||
['URL', 'https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732280(v=ws.10)']
|
||||
],
|
||||
))
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue