Statistics
| Branch: | Tag: | Revision:

root / modules / exploits @ master

# Date Author Comment
f7224ab3 05/24/2012 11:02 am Juan Vazquez

flexnet_lmgrd_bof rand_text fix
50045151 05/24/2012 12:27 am Tod Beardsley

Resolved conflicts merging back from release

Merge branch 'release'

Conflicts:
lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb
modules/exploits/windows/license/flexnet_lmgrd_bof.rb
ac0d2245 05/23/2012 06:34 pm sinn3r .

Merge pull request #414 from wchen-r7/apprain

Add CVE-2012-1153
8d837f5d 05/23/2012 06:33 pm sinn3r

Module description update. TARGETURI description update.
fab3bfce 05/23/2012 05:50 pm sinn3r

Add CVE-2012-1153
0b7b71e2 05/23/2012 10:27 am sinn3r

Correct run-on sentence
94f114b6 05/23/2012 10:22 am sinn3r

Fix typos
7a4f1a11 05/23/2012 10:20 am sinn3r

Merge branch 'cve-2008-0320_openoffice_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-cve-2008-0320_openoffice_bof
287d68f3 05/23/2012 10:14 am Juan Vazquez

added module for CVE-2008-0320
a37e98f1 05/22/2012 02:12 pm Tod Beardsley

Updating release from master.
c4b64a51 05/22/2012 01:22 pm Jeff Jarmoc

Added reference to vendor advisory
87ce3fe2 05/22/2012 11:17 am Tod Beardsley

Adding extra ref from jjarmoc
c823e809 05/22/2012 01:32 am Juan Vazquez

randomization when possible for flexnet_lmgrd_bof
cafe8032 05/21/2012 04:32 pm sinn3r

Fix typos
72b1f113 05/21/2012 04:32 pm Juan Vazquez

Added module for ZDI-12-052
675dfe4e 05/21/2012 11:27 am Tod Beardsley

Don't keep the weblogi return codes secret
1104dccd 05/21/2012 11:19 am Tod Beardsley

Noting rhost/rport, cli.peerhost where appropriate

There's no msftidy check for this, and it's irritating to have to
remember to do this all the time.
7cc90583 05/21/2012 11:14 am Tod Beardsley

Consistent caps on SVG in batik_svg_java exploit

Also, modules should not refer to themselves as "I" or "me." It's
creepy.
5dd866ed 05/21/2012 11:11 am Tod Beardsley

Fixed print_status to include rhost:rport

Also don't let the failed user:pass be a mystery to the user.
1fc7597a 05/21/2012 10:59 am Tod Beardsley

Msftidy fixes.

Fixed up activecollab_chat, batik_svg_java, and foxit_reader_launch

All whitespace fixes.
822e109b 05/20/2012 09:58 am sinn3r .

Merge pull request #398 from wchen-r7/foxit_reader_launch

CVE-2009-0837 by bannedit - Foxit Reader 3 Launch Action BoF
ba2787df 05/20/2012 07:13 am Steve Tornio

add osvdb ref
c95a06e2 05/20/2012 07:13 am Steve Tornio

add osvdb ref
628233d1 05/19/2012 04:14 pm sinn3r .

Merge pull request #399 from wchen-r7/hp_storageworks

Add HP StorageWorks VSA command execution vulnerability
d8c3edd3 05/19/2012 02:53 pm sinn3r

Add HP StorageWorks VSA command execution vulnerability
f9bcb959 05/19/2012 02:24 am sinn3r

Correct EDB references
964a6af4 05/19/2012 02:06 am sinn3r

Add Active Collab chat module PHP injection exploit, by mr_me
e4f80a1f 05/18/2012 05:12 pm sinn3r

Francisco is the the one who found it according to advisory
41aac751 05/18/2012 01:25 pm sinn3r

Add CVE-2009-0837 by bannedit - Foxit Reader 3 Launch Action Buffer Overflow
This was added last year, but yanked due to some reliability issues.
bannedit gave me the updated version recently, and the issue he was having
appears to be resolved.
There is no good P/P/R to use in XP SP3, so that system isn't supported.
bedf0106 05/17/2012 06:23 pm Juan Vazquez

description modified
e7f5bf13 05/17/2012 06:13 pm Juan Vazquez

trying to improve bea weblogic connector bof
c0d17734 05/17/2012 03:00 pm sinn3r

Improve run-on sentences.
32a0596a 05/17/2012 02:52 pm sinn3r

Merge branch 'oracle_bea_post_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_bea_post_bof
c4ab521d 05/17/2012 02:41 pm Juan Vazquez

better tab indentation
0b35ab6a 05/17/2012 12:34 pm sinn3r

If the target isn't support, make sure we warn the user
a21e8323 05/17/2012 12:21 pm Juan Vazquez

fingerprinting bea connector with Transfer-Encoding
952ada17 05/17/2012 11:37 am sinn3r

Fix broken target (variable naming)
2fccf467 05/17/2012 11:04 am sinn3r

Be explicit on what version we've tested
0fd3f967 05/17/2012 10:23 am Juan Vazquez

errata fixed
14d8ba00 05/17/2012 09:48 am Juan Vazquez

Added batik svg java module
9a5e4d65 05/17/2012 04:07 am Juan Vazquez

Added target BEA Weblogic 8.1 SP4
445bd90a 05/17/2012 03:28 am Juan Vazquez

Added module for CVE-2008-3257
fe7928c1 05/16/2012 07:07 pm jlee-r7

Merge pull request #390 from jlee-r7/consolidate-250-254-375

Consolidate #250, #254, #375
0b2a8e0b 05/16/2012 02:40 am sinn3r

Correct e-mail format
b89e77c8 05/15/2012 07:27 pm sinn3r

Add Spanish dir path. Thanks Miguel
42719ab3 05/15/2012 06:00 pm James Lee

Squashed commit of the following:

commit 6a3ad1d887df9d277e4878de94f8700ed8e404f9
Author: James Lee <>
Date: Wed May 9 16:22:49 2012 -0600

Add register_command calls for md5 and sha1

commit dbd52c5a1edfe1818a580d4d46aac0a9ca038e9c...
f5698f4b 05/15/2012 03:45 pm Tod Beardsley

Msftidy on mozilla_attribchildremoved.rb

was executable, had bad spacing.
82885cc6 05/15/2012 03:45 pm Tod Beardsley

Fixing author tags

Ensuring a space between name and email.
898398fd 05/15/2012 03:43 pm Tod Beardsley

Fixing author tags

Ensuring a space between name and email.
9b3f6029 05/15/2012 03:39 pm Tod Beardsley

Msftidy on mozilla_attribchildremoved.rb

was executable, had bad spacing.
d54a228f 05/15/2012 01:16 am sinn3r

Correct version number
7690e86a 05/14/2012 07:14 am Steve Tornio

add osvdb ref
bcfa96ce 05/14/2012 07:13 am Steve Tornio

add osvdb ref
d2c26f98 05/13/2012 04:42 am sinn3r

Cleanup whitespace
c1fbf1f9 05/13/2012 04:37 am sinn3r

Merge branch 'mozilla_attribchildremoved' of https://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-mozilla_attribchildremoved
dd42c309 05/13/2012 04:31 am Peter Van Eeckhoutte

added exploit for Firefox 8&9 AttributeChildRemoved UAF
5d8fbefc 05/11/2012 03:14 pm sinn3r .

Merge pull request #378 from wchen-r7/distinct

Add OSVDB-80984 - Distinct TFTP Directory traversal
653d7e59 05/11/2012 03:07 pm sinn3r

Add OSVDB-80984
7eabce88 05/10/2012 12:18 pm sinn3r

Add comment for PrependEncoder
2b133304 05/10/2012 12:13 pm sinn3r .

Merge pull request #376 from wchen-r7/wikkawiki

Add CVE-2011-4449
6e8c3ad1 05/10/2012 12:06 pm sinn3r

It's "inject", not "upload"... because technically that's what really happens.
c69e34d4 05/10/2012 12:02 pm sinn3r

Update description
86c3ad5e 05/10/2012 11:57 am sinn3r

Add CVE-2011-4449
65800f7c 05/09/2012 12:47 pm Tod Beardsley

Whitespace on solarwinds
ce16ab66 05/08/2012 12:22 am sinn3r

Cosmetic changes. Also lower the rank for now, because I picked up a state where it can be less stable.
22585ad9 05/08/2012 12:00 am sinn3r

Merge branch 'firefox_exploit' of https://github.com/lincoln-corelan/metasploit-framework into lincoln-corelan-firefox_exploit
b8227b8a 05/07/2012 09:41 pm B C

Firefox Exploit
1a30e221 05/07/2012 02:42 am HD Moore

See #362 by changing the exitfunc arguments to be the correct type
f6c88377 05/07/2012 02:41 am HD Moore

Fixes #362 by changing the exitfunction arguments to be the correct type
ba4ae384 05/05/2012 10:14 am Steve Tornio

add osvdb ref
cef2da61 05/05/2012 10:13 am Steve Tornio

add osvdb ref
92e07aab 05/05/2012 10:13 am Steve Tornio

Add osvdb ref
18a44148 05/04/2012 06:32 pm James Lee

Randomize case for ini true/false values
423437c6 05/04/2012 12:17 pm HD Moore

Woops, small typo in disable_functions
c6b39e8e 05/04/2012 12:15 pm HD Moore

Add additional definitions to disable safe_mode, open_basedir, suhosin. (thanks @i0n1c)
2ce3558b 05/04/2012 10:19 am HD Moore

Bump the rank
bed48467 05/04/2012 10:06 am HD Moore

A little more module cleanup
d668e232 05/04/2012 09:59 am HD Moore

Rename this to a more suitable location
6cf6a954 05/04/2012 09:58 am HD Moore

Fix up the PHP CGI exploit, remove debug lines
d5d35551 05/04/2012 12:11 am sinn3r

Add EDB reference
6d5ceb07 05/04/2012 12:02 am sinn3r .

Merge pull request #359 from wchen-r7/solarwinds_storage_manager_sql

Add Solarwinds Storage Manager 5.1.0 SQL Injection (code execution)
9a360172 05/04/2012 12:01 am sinn3r

no unicode
25b11a02 05/03/2012 08:37 pm sinn3r

Update the comment for check()
4bf674ec 05/03/2012 08:34 pm sinn3r

Pff, and of course, I had to make a typo on that one
1a4d3f84 05/03/2012 08:33 pm sinn3r

A little change to the description
7ca69f00 05/03/2012 08:24 pm sinn3r

Add Solarwinds Storage Manager 5.1.0 SQL Injection (code execution)
2d1f4d4f 05/03/2012 08:00 pm James Lee

Add hdm's better check method
40ec3d9d 05/03/2012 07:51 pm James Lee

Add an exploit module for the recent php cgi bug (CVE-2012-1823)
43d730d5 05/02/2012 09:57 pm Tod Beardsley

Squashed commit of minor cosmetic fixes:

commit eed15ea9ecc88683c8d922fe155d4777a7ce1286
Author: Tod Beardsley <>
Date: Wed May 2 21:55:56 2012 -0500

Whitespace at EOL. Dangit.

commit 8159b27728d1a4fd0ad94ff56c4b4f2b995646f8
Author: Tod Beardsley <>...
3e72f555 05/01/2012 12:56 pm sinn3r

Forgot... I don't need to print the client's IP manually anymore
30992360 05/01/2012 12:47 pm sinn3r

We no longer have to print the client's IP, because it's now a built-in feature.
01b0d855 05/01/2012 09:39 am juan

module for cve-2012-1775 added
9988d6a4 05/01/2012 12:35 am HD Moore

Tabs. Sweet sweet tabs
5fec29e6 04/30/2012 04:23 pm sinn3r

Add McAfee Virtual Technician ActiveX MVTControl vulnerability
fd2e4c12 04/30/2012 01:49 pm sinn3r

Fix possible "can't convert Fixnum into String" error
ffd91793 04/29/2012 06:11 pm HD Moore

Make RMI easier to correlate, add a vulnerability check to the scanner module
46ad5996 04/28/2012 02:32 am sinn3r

Add CVE-2012-1495 WebCalendar settings.php code injection
f1cd488f 04/27/2012 03:22 pm David Maloney

Overrirdes the autofilter results from the HTTPServer mixin for the rmi
exploit
67fe5b77 04/27/2012 01:23 am HD Moore

Bump this up
ec831a16 04/27/2012 01:02 am HD Moore

Smarter RMI class loader logic