dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
metasploit-framework/modules/exploits/linux/http
History
Jack Heysel 2b90d33aef
Land #18618, Add OpenNMS privesc and auth RCE 
This module exploits built-in functionality in OpenNMS Horizon in order
to execute arbitrary commands as the opennms user. For versions 32.0.2
and higher, this module requires valid credentials for a user with
ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST.
For versions 32.0.1 and lower, credentials are required for a user with
ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges.
 		2024-03-20 12:54:16 -07:00
..
accellion_fta_getstatus_oauth.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
advantech_switch_bash_env_exec.rb tests passing 2023-04-04 10:24:09 +01:00
airties_login_cgi_bof.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
alcatel_omnipcx_mastercgi_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
alienvault_exec.rb Making SSH defaults widely used 2022-04-14 17:27:19 +02:00
alienvault_sqli_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
apache_airflow_dag_rce.rb Move module and documentation from multi/http to linux/http 2023-09-17 22:42:26 +08:00
apache_continuum_cmd_exec.rb Update DisclosureDate to ISO 8601 in my modules 2018-11-16 12:18:28 -06:00
apache_couchdb_cmd_exec.rb Update modules/exploits/linux/http/apache_couchdb_cmd_exec.rb 2023-04-07 09:55:00 +09:00
apache_druid_js_rce.rb Modules: Prefer CVE references over cve.mitre.org URL references 2022-04-19 20:42:23 +00:00
apache_nifi_h2_rce.rb review comments 2023-08-28 17:39:02 -04:00
apache_ofbiz_deserialization.rb fix ofbiz auto detection 2024-02-06 16:45:02 -05:00
apache_ofbiz_deserialization_soap.rb remove spare comma 2021-04-05 09:33:20 -05:00
apache_spark_rce_cve_2022_33891.rb add curl cmd stager flavor 2022-09-07 12:45:13 -05:00
apache_superset_cookie_sig_rce.rb Raise a more specific error message 2023-10-10 15:21:35 -04:00
artica_proxy_auth_bypass_service_cmds_peform_command_injection.rb Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
astium_sqli_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
asuswrt_lan_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
atutor_filemanager_traversal.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
axis_app_install.rb Run rubocop on exploit modules 2023-02-08 15:20:32 +00:00
axis_srv_parhand_rce.rb Fix typo 2021-04-30 23:29:24 -05:00
belkin_login_bof.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
bitbucket_git_cmd_injection.rb Modules: Fix Stability/SideEffects/Reliability notes for several modules 2022-10-01 17:54:59 +10:00
bludit_upload_images_exec.rb Fix typos and format 2019-11-11 14:47:56 -06:00
cacti_unauthenticated_cmd_injection.rb specify command stager flavors 2023-01-23 11:53:19 -06:00
cayin_cms_ntp.rb Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
centreon_pollers_auth_rce.rb Rubocop recently landed modules 2021-02-16 15:08:08 +00:00
centreon_sqli_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
centreon_useralias_exec.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
cfme_manageiq_evm_upload_exec.rb use https for metaploit.com links 2017-07-24 06:26:21 -07:00
chamilo_unauth_rce_cve_2023_34960.rb Final minor updates 2023-08-23 11:38:07 +00:00
cisco_asax_sfr_rce.rb Updated default creds. Properly used fail_with. Set meterpreter to fork. Some wording and code cleanup. 2022-09-02 08:44:04 -07:00
cisco_firepower_useradd.rb Making SSH defaults widely used 2022-04-14 17:27:19 +02:00
cisco_hyperflex_file_upload_rce.rb Fix for file clean up in the Cisco Hyperflex file upload RCE module 2021-07-30 14:59:52 -04:00
cisco_hyperflex_hx_data_platform_cmd_exec.rb Backport print changes to recent modules 2021-07-08 21:26:35 -05:00
cisco_prime_inf_rce.rb fix cisco advisory links 2022-01-13 18:55:39 +00:00
cisco_rv32x_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
cisco_rv340_lan.rb Modified BadChars and FailWith codes 2023-02-13 17:49:09 -05:00
cisco_rv_series_authbypass_and_rce.rb Added exploit for CVE-2021-1472/CVE-2021-1473 2022-01-29 18:56:53 -08:00
cisco_ucs_cloupia_script_rce.rb Rubocop recently landed modules 2021-02-16 15:08:08 +00:00
cisco_ucs_rce.rb Add the missing full disclosure URL reference 2022-02-01 17:06:37 -05:00
control_web_panel_login_cmd_exec.rb Fix a typo 2023-01-25 13:45:18 -05:00
cpi_tararchive_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
craftcms_unauth_rce_cve_2023_41892.rb Final update to the module based on cdelafuente-r7 comments 2023-12-21 12:06:21 +00:00
crypttech_cryptolog_login_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
cve_2019_1663_cisco_rmi_rce.rb Add Meterpreter compatibility metadata 2021-10-06 13:54:51 +01:00
dcos_marathon.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
ddwrt_cgibin_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
denyall_waf_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dlink_authentication_cgi_bof.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dlink_command_php_exec_noauth.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dlink_dcs931l_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dlink_dcs_930l_authenticated_remote_command_execution.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dlink_diagnostic_exec_noauth.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dlink_dir300_exec_telnet.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dlink_dir605l_captcha_bof.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dlink_dir615_up_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dlink_dir850l_unauth_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dlink_dsl2750b_exec_noauth.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dlink_dspw110_cookie_noauth_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dlink_dspw215_info_cgi_bof.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dlink_dwl_2600_command_injection.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
dlink_hedwig_cgi_bof.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dlink_hnap_bof.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dlink_hnap_header_exec_noauth.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dlink_hnap_login_bof.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dlink_upnp_exec_noauth.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dnalims_admin_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
docker_daemon_tcp.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dolibarr_cmd_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
dreambox_openpli_shell.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
efw_chpasswd_exec.rb Modules: Prefer CVE references over cve.mitre.org URL references 2022-04-19 20:42:23 +00:00
elfinder_archive_cmd_injection.rb check contents of json after attempted upload 2021-09-14 11:36:28 -05:00
empire_skywalker.rb Update uses of open ssl 2021-08-10 15:40:23 +01:00
esva_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
eyesofnetwork_autodiscovery_rce.rb reduces code duplication 2023-04-04 10:27:11 +01:00
f5_bigip_tmui_rce_cve_2020_5902.rb Rename the other TMUI RCE module 2023-11-01 16:55:42 -04:00
f5_bigip_tmui_rce_cve_2023_46747.rb Fix a stability issue with the module 2023-11-02 17:10:20 -04:00
f5_icall_cmd.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
f5_icontrol_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
f5_icontrol_rce.rb Change default target to 1 so we get benefit of avoiding some timeout issues since Unix Command may still cause server's REST API to time out at times. 2022-05-11 16:43:37 -05:00
f5_icontrol_rest_ssrf_rce.rb Clean up f5_icontrol_rest_ssrf_rce 2021-06-02 20:32:47 -05:00
f5_icontrol_rpmspec_rce_cve_2022_41800.rb Remove non-functioning Arch'es 2022-11-23 10:42:07 -08:00
f5_icontrol_soap_csrf_rce_cve_2022_41622.rb remove CmdStager inclusion 2022-11-18 16:18:25 -06:00
flir_ax8_unauth_rce_cve_2022_37061.rb updated module with code suggestions space-r7 2022-10-25 16:38:15 +00:00
foreman_openstack_satellite_code_exec.rb use https for metaploit.com links 2017-07-24 06:26:21 -07:00
fortinac_keyupload_file_write.rb Correct architecture and do final fixes 2023-03-13 15:46:42 -05:00
fortinet_authentication_bypass_cve_2022_40684.rb Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb 2022-10-18 00:51:28 +02:00
fritzbox_echo_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
froxlor_log_path_rce.rb Check method enhancement 2023-02-24 13:33:10 -05:00
geutebruck_cmdinject_cve_2021_335xx.rb Modules: Fix Stability/SideEffects/Reliability notes for several modules 2022-10-01 17:54:59 +10:00
geutebruck_instantrec_bof.rb Modules: Fix Stability/SideEffects/Reliability notes for several modules 2022-10-01 17:54:59 +10:00
geutebruck_testaction_exec.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
github_enterprise_secret.rb Update uses of open ssl 2021-08-10 15:40:23 +01:00
gitlist_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
glinet_unauth_rce_cve_2023_50445.rb Capitalize remaining references to Meterpreter 2024-01-23 13:11:03 -05:00
glpi_htmlawed_php_injection.rb Add fetch payloads for Windows and Linux x64 2023-05-18 10:47:29 -05:00
goahead_ldpreload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
goautodial_3_rce_command_injection.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
gpsd_format_string.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
grandstream_gxv31xx_settimezone_unauth_cmd_exec.rb Add support for GXV3140 models and ARCH_CMD busybox telnetd payload 2022-01-29 19:38:57 +00:00
grandstream_ucm62xx_sendemail_rce.rb Minor langauge fix and final typo 2022-01-24 21:01:34 -06:00
gravcms_exec.rb Fix typos: Replace 'the the' with 'the' 2022-12-04 17:41:24 +11:00
groundwork_monarch_cmd_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
h2_webinterface_rce.rb review comments 2023-08-08 17:15:22 -04:00
hadoop_unauth_exec.rb Link Hadoop YARN exploit to documentation 2023-02-15 21:17:26 +01:00
hikvision_cve_2021_36260_blind.rb Change CheckCode to Appears 2022-02-25 08:32:06 -08:00
hp_system_management.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
hp_van_sdn_cmd_inject.rb Migrate old uses of manual autocheck to use the new prepend autocheck 2021-02-02 10:15:46 +00:00
huawei_hg532n_cmdinject.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
ibm_drm_rce.rb Add module notes 2023-02-08 15:46:07 +00:00
ibm_qradar_unauth_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
imperva_securesphere_exec.rb Migrate old uses of manual autocheck to use the new prepend autocheck 2021-02-02 10:15:46 +00:00
ipfire_bashbug_exec.rb tests passing 2023-04-04 10:24:09 +01:00
ipfire_oinkcode_exec.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
ipfire_pakfire_exec.rb Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
ipfire_proxy_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
ivanti_connect_secure_rce_cve_2023_46805.rb use get_json_document instead of JSON.parse 2024-01-18 15:35:43 +00:00
ivanti_connect_secure_rce_cve_2024_21893.rb remove the linux and unix targets in favor of a single automatic target 2024-02-09 09:26:08 +00:00
ivanti_csa_unauth_rce_cve_2021_44529.rb Apply fixes per code review 2023-01-17 12:44:22 -06:00
ivanti_sentry_misc_log_service.rb Thanks to Spencer improved execute_command method 2023-09-12 15:14:10 -04:00
jenkins_cli_deserialization.rb Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
kafka_ui_unauth_rce_cve_2023_52251.rb added base64 encoder module of zerosteiner 2024-02-14 21:33:50 +00:00
kaltura_unserialize_cookie_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
kaltura_unserialize_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
kibana_timelion_prototype_pollution_rce.rb review comments 2023-09-01 20:34:35 -04:00
kibana_upgrade_assistant_telemetry_rce.rb kibana telemetry rce rewritten to use fetch payloads 2023-10-06 09:55:10 -04:00
klog_server_authenticate_user_unauth_command_injection.rb Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
kloxo_sqli.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
lexmark_faxtrace_settings.rb rubocop 2023-09-06 15:47:54 -04:00
librenms_addhost_cmd_inject.rb Update date format 2019-06-04 12:24:00 -05:00
librenms_collectd_cmd_inject.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
lifesize_uvc_ping_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
linear_emerge_unauth_rce_cve_2019_7256.rb Fix up missing option in documentation and also add some additional validation on server response. 2023-01-04 17:02:05 -06:00
linksys_apply_cgi.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
linksys_e1500_apply_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
linksys_themoon_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
linksys_wrt54gl_apply_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
linksys_wrt110_cmd_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
linksys_wrt160nv2_apply_exec.rb Zeitwerk `rex` folder 2021-02-08 12:24:12 +00:00
linksys_wvbr0_user_agent_exec_noauth.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
linuxki_rce.rb Add module notes 2023-02-08 15:46:07 +00:00
logsign_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
lucee_admin_imgprocess_file_write.rb Add Lucee Administrator CVE-2021-21307 exploit 2021-08-16 10:09:34 -05:00
magnusbilling_unauth_rce_cve_2023_30258.rb third release module with minor text changes 2023-10-31 09:29:13 +00:00
mailcleaner_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
majordomo_cmd_inject_cve_2023_50917.rb Add suggested changes 2023-12-22 00:04:54 +01:00
metabase_setup_token_rce.rb review comments 2023-08-08 17:16:57 -04:00
microfocus_obr_cmd_injection.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
microfocus_secure_messaging_gateway.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
mida_solutions_eframework_ajaxreq_rce.rb Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
mobileiron_core_log4shell.rb Remove superfluous code and add extra check 2022-08-02 11:04:13 -05:00
mobileiron_mdm_hessian_rce.rb Randomize strings 2021-01-22 16:15:16 -06:00
multi_ncc_ping_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
mutiny_frontend_upload.rb fix URLs not resolving 2022-02-16 17:22:40 -06:00
mvpower_dvr_shell_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
nagios_xi_autodiscovery_webshell.rb PR Review Changes for optimizing the nagiosxi modules 2023-04-01 14:28:37 +05:30
nagios_xi_chained_rce.rb Update form data api defaults 2022-05-10 14:12:17 +01:00
nagios_xi_chained_rce_2_electric_boogaloo.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
nagios_xi_configwizards_authenticated_rce.rb PR Review Changes for optimizing the nagiosxi modules 2023-04-01 14:28:37 +05:30
nagios_xi_magpie_debug.rb nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes 2021-03-16 07:13:55 +00:00
nagios_xi_mibs_authenticated_rce.rb PR Review Changes for optimizing the nagiosxi modules 2023-04-01 14:28:37 +05:30
nagios_xi_plugins_check_plugin_authenticated_rce.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
nagios_xi_plugins_filename_authenticated_rce.rb PR Review Changes for optimizing the nagiosxi modules 2023-04-01 14:28:37 +05:30
nagios_xi_snmptrap_authenticated_rce.rb Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
netgear_dgn1000_setup_unauth_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
netgear_dgn1000b_setup_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
netgear_dgn2200b_pppoe_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
netgear_dnslookup_cmd_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
netgear_r7000_cgibin_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
netgear_readynas_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
netgear_unauth_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
netgear_wnr2000_rce.rb msftidy: Fix exploit module checks for author and stack buffer overflow 2021-02-13 04:10:13 +00:00
netsweeper_webadmin_unixlogin.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
nexus_repo_manager_el_injection.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
nginx_chunked_size.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
nuuo_nvrmini_auth_rce.rb fix NUUO advisory links 2022-01-13 18:54:56 +00:00
nuuo_nvrmini_unauth_rce.rb fix NUUO advisory links 2022-01-13 18:54:56 +00:00
op5_config_exec.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
openfiler_networkcard_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
opennms_horizon_authenticated_rce.rb rubocop 2024-03-20 11:39:19 -07:00
opentsdb_key_cmd_injection.rb add opentsdb_key_cmd_injection exploit module 2023-09-07 17:29:16 +03:00
opentsdb_yrange_cmd_injection.rb Make rubocop happy 2022-12-23 13:38:16 +01:00
optergy_bms_backdoor_rce_cve_2019_7276.rb updated module and documentation with SUDO option 2023-03-26 18:31:25 +00:00
oracle_ebs_rce_cve_2022_21587.rb Merge remote-tracking branch 'origin/CVE-2022-21587' into CVE-2022-21587 2023-02-21 18:02:10 +00:00
pandora_fms_events_exec.rb Add module notes 2023-02-08 15:46:07 +00:00
pandora_fms_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
pandora_fms_sqli.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
pandora_ping_cmd_exec.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
panos_op_cmd_exec.rb string true to bool true 2022-10-03 19:50:04 -04:00
panos_readsessionvars.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
peercast_url.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
php_imap_open_rce.rb trade `URI.encode` & `URI.escape` for Ruby 3 2021-11-22 14:11:03 -06:00
pineapp_ldapsyncnow_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
pineapp_livelog_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
pineapp_test_li_conn_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
pineapple_bypass_cmdinject.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
pineapple_preconfig_cmdinject.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
piranha_passwd_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
pulse_secure_cmd_exec.rb Revert "remove ruby pulse_secure_cmd_exec" 2020-11-09 20:09:12 -05:00
pulse_secure_gzip_rce.rb Fix Gem::Package NameError with Rex::Tar::Writer 2021-04-12 18:50:31 -05:00
pyload_js2py_exec.rb Add module docs 2023-02-15 16:29:42 -05:00
qnap_qcenter_change_passwd_exec.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
qnap_qts_rce_cve_2023_47218.rb Docs plus minor edits 2024-02-15 17:12:11 -05:00
raidsonic_nas_ib5220_exec_noauth.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
railo_cfml_rfi.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
rancher_server.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
rconfig_ajaxarchivefiles_rce.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
rconfig_vendors_auth_file_upload_rce.rb Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
realtek_miniigd_upnp_exec_noauth.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
riverbed_netprofiler_netexpress_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
roxy_wi_exec.rb Remove code that could cause check method to fail, fix up some documentation errors and add in scenario, and generally address some review comments 2022-07-25 13:05:04 -05:00
saltstack_salt_api_cmd_exec.rb Remove unused vprint_status conditional 2020-12-09 22:45:41 -06:00
saltstack_salt_wheel_async_rce.rb Add Meterpreter compatibility metadata 2021-10-06 13:54:51 +01:00
samsung_srv_1670d_upload_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
seagate_nas_php_exec_noauth.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
smt_ipmi_close_window_bof.rb fix URLs not resolving 2022-02-16 17:22:40 -06:00
solarview_unauth_rce_cve_2023_23333.rb Apply grammatical suggestions from code review 2023-09-05 17:06:01 -04:00
sonicwall_cve_2021_20039.rb Added the AttackerKB analysis 2022-01-11 03:17:45 -08:00
sophos_utm_webadmin_sid_cmd_injection.rb Switch to the new Rex stopwatch function 2021-11-16 10:12:57 -05:00
sophos_wpa_iface_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
sophos_wpa_sblistpack_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
sourcegraph_gitserver_sshcmd.rb Use a more reliable check method 2022-07-11 09:48:08 -04:00
spark_unauth_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
spring_cloud_gateway_rce.rb Add in some missing info to examples, set default port, and update IOCs to note we include some IOCs in the logs 2022-10-12 11:19:47 -05:00
suitecrm_log_file_rce.rb Merge branch 'master' into suitecrm_log_file_rce 2021-10-22 22:11:51 -05:00
supervisor_xmlrpc_exec.rb Modules: Prefer CVE references over cve.mitre.org URL references 2022-04-19 20:42:23 +00:00
symantec_messaging_gateway_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
symantec_web_gateway_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
symantec_web_gateway_file_upload.rb Add Meterpreter compatibility metadata 2021-10-06 13:54:51 +01:00
symantec_web_gateway_lfi.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
symantec_web_gateway_pbcontrol.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
symantec_web_gateway_restore.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
symmetricom_syncserver_rce.rb add exploit rank 2023-06-13 17:05:30 -05:00
synology_dsm_sliceupload_exec_noauth.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
synology_dsm_smart_exec_auth.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
terramaster_unauth_rce_cve_2020_35665.rb Updates based on space-r7 comments 2023-06-08 07:39:44 +00:00
terramaster_unauth_rce_cve_2021_45837.rb Latest updates based on reviewers comments 2023-06-08 21:25:40 +00:00
terramaster_unauth_rce_cve_2022_24990.rb Updates based on review comments from space-r7 and jvoisin 2023-06-12 19:28:08 +00:00
tiki_calendar_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
totolink_unauth_rce_cve_2023_30013.rb Updates addressing cdelafuente-r7 comments 2023-09-20 22:14:48 +00:00
tp_link_ncxxx_bonjour_command_injection.rb Add in missing RuboCop note sections 2022-04-19 16:40:57 -05:00
tp_link_sc2020n_authenticated_telnet_injection.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
tr064_ntpserver_cmdinject.rb Update DisclosureDate to ISO 8601 in my modules 2018-11-16 12:18:28 -06:00
trend_micro_imsva_exec.rb Update DisclosureDate to ISO 8601 in my modules 2018-11-16 12:18:28 -06:00
trendmicro_imsva_widget_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
trendmicro_sps_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
trendmicro_websecurity_exec.rb Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
trueonline_billion_5200w_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
trueonline_p660hn_v1_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
trueonline_p660hn_v2_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
ubiquiti_airos_file_upload.rb Rubocop 2022-04-14 17:25:48 +02:00
ueb_api_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
unraid_auth_bypass_exec.rb Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
vap2500_tools_command_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
vcms_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
vestacp_exec.rb Remove another redundant cleanup 2022-03-11 12:17:30 +11:00
vinchin_backup_recovery_cmd_inject.rb Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb 2023-11-28 08:10:56 +01:00
vmware_nsxmgr_xstream_rce_cve_2021_39144.rb addressed code improvement suggestions 2022-11-12 10:21:43 +00:00
vmware_vcenter_analytics_file_upload.rb Comment path traversals 2021-10-20 14:16:46 -05:00
vmware_vcenter_vsan_health_rce.rb Fix edge case in method overloading 2021-07-12 20:29:56 -05:00
vmware_view_planner_4_6_uploadlog_rce.rb Fix bad style again 2021-03-15 01:33:32 -05:00
vmware_vrli_rce.rb Replace the binray blobs 2023-09-12 12:21:10 -04:00
vmware_vrni_rce_cve_2023_20887.rb Rubocop fixes 2023-07-20 16:40:28 -04:00
vmware_vrops_mgr_ssrf_rce.rb Update vmware_vrops_mgr_ssrf_rce documentation 2021-05-06 18:30:20 -05:00
vmware_workspace_one_access_cve_2022_22954.rb Deregister VHOST 2022-05-03 11:52:50 -05:00
vmware_workspace_one_access_vmsa_2022_0011_chain.rb Added missing require builder statement 2023-04-18 18:10:46 -04:00
wanem_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
wd_mycloud_multiupload_upload.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
wd_mycloud_unauthenticated_cmd_injection.rb code review fixes for wd_mycloud_unauthenticated_cmd_injection 2023-07-27 23:09:50 +03:00
webcalendar_settings_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
webid_converter.rb Add Meterpreter compatibility metadata 2021-10-06 13:54:51 +01:00
webmin_backdoor.rb Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
webmin_file_manager_rce.rb Remove unused mix in, add low bound to check 2022-11-01 10:42:43 -05:00
webmin_package_updates_rce.rb Fix from code review 2022-08-09 15:09:25 +02:00
webmin_packageup_rce.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
wepresent_cmd_injection.rb Fix up last of the module that had incorrect disclosure dates 2020-10-07 12:09:35 -05:00
wipg1000_cmd_injection.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
xplico_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
zabbix_sqli.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
zen_load_balancer_exec.rb Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
zenoss_showdaemonxmlconfig_exec.rb trade `URI.encode` & `URI.escape` for Ruby 3 2021-11-22 14:11:03 -06:00
zimbra_cpio_cve_2022_41352.rb Fix an issue where the session handler would close too early on Zimbra modules 2022-11-23 13:09:47 -08:00
zimbra_mboximport_cve_2022_27925.rb Add in changes from review 2022-08-23 11:44:03 -05:00
zimbra_unrar_cve_2022_30333.rb Remove unecessary return statement 2022-12-06 15:07:28 +01:00
zimbra_xxe_rce.rb Fix words because words... 2019-04-01 17:21:23 -05:00
zyxel_lfi_unauth_ssh_rce.rb Updates based on cdelafuente-r7 latest comments 2023-05-10 07:46:11 +00:00
zyxel_ztp_rce.rb Add in edits from review 2022-05-13 15:32:12 -05:00