Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 15,888 of 21,960 total issues

Method check has 28 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def check
    begin
      password = Rex::Text.rand_text_alphanumeric(6..12)
      auth = Base64.encode64("admin:#{password}")
      res = send_request_cgi({
Severity: Minor
Found in modules/auxiliary/admin/http/hikvision_unauth_pwd_reset_cve_2017_7921.rb - About 1 hr to fix

    Method run_host has 28 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def run_host(_ip)
    vprint_status('Obtaining CSRF token')
    res = send_request_cgi(
      'method' => 'GET',
      'keep_cookies' => true,
    Severity: Minor
    Found in modules/auxiliary/admin/http/gitlab_password_reset_account_takeover.rb - About 1 hr to fix

      Method dump_dhcp_list_js has 28 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def dump_dhcp_list_js
    return '' unless datastore['DUMP_DHCP_LIST']

    %|
      var f = document.createElement('iframe');
      Severity: Minor
      Found in modules/auxiliary/admin/http/arris_motorola_surfboard_backdoor_xss.rb - About 1 hr to fix

        Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'HP Web JetAdmin 6.5 Server Arbitrary Command Execution',
        Severity: Minor
        Found in modules/auxiliary/admin/http/hp_web_jetadmin_exec.rb - About 1 hr to fix

          Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def initialize(info = {})
    super(update_info(info,
      'Name' => 'OpenEMR 5.0.1 Patch 6 SQLi Dump',
      'Description' => '
        This module exploits a SQLi vulnerability found in
          Severity: Minor
          Found in modules/auxiliary/sqli/openemr/openemr_sqli_dump.rb - About 1 hr to fix

            Method generate_gzip has 28 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def generate_gzip(size=default_size, blocks=nil, reps=nil)
    reps ||= datastore['ROUNDS']
    return blocks if reps < 1

    print_status "Generating gzip bomb..."
            Severity: Minor
            Found in modules/auxiliary/dos/http/gzip_bomb_dos.rb - About 1 hr to fix

              Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def initialize(info = {})
    super(
      update_info(
        info,
        'Name'    => 'VSFTPD 2.3.2 Denial of Service',
              Severity: Minor
              Found in modules/auxiliary/dos/ftp/vsftpd_232.rb - About 1 hr to fix

                Method run has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def run
    return if not check_dependencies

    name = Rex::Text.rand_text_alpha_upper(rand(10) + 1)
                Severity: Minor
                Found in modules/auxiliary/sqli/oracle/dbms_cdc_publish.rb - About 1 hr to fix

                  Method get_ssm_socket has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def get_ssm_socket(client, ec2_id)
    # Verify the connection params and availability of instance
    inv_params = {
      filters: [
        {
                  Severity: Minor
                  Found in modules/auxiliary/cloud/aws/enum_ssm.rb - About 1 hr to fix

                    Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Yokogawa CENTUM CS 3000 BKCLogSvr.exe Heap Buffer Overflow',
      'Description'    => %q{
        This module abuses a buffer overflow vulnerability to trigger a Denial of Service
                    Severity: Minor
                    Found in modules/auxiliary/dos/scada/yokogawa_logsvr.rb - About 1 hr to fix

                      Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Ruby on Rails JSON Processor Floating Point Heap Overflow DoS',
      'Description'    => %q{
        When Ruby attempts to convert a string representation of a large floating point
                      Severity: Minor
                      Found in modules/auxiliary/dos/http/rails_json_float_dos.rb - About 1 hr to fix

                        Method check has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def check
    # attempt to connect
    begin
      if !connect_login
        print_error('Connection refused.')
                        Severity: Minor
                        Found in modules/auxiliary/dos/ftp/vsftpd_232.rb - About 1 hr to fix

                          Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(update_info(info,
      'Name'        => 'OpenSSL DTLS Fragment Buffer Overflow DoS',
      'Description' => %q{
        This module performs a Denial of Service Attack against Datagram TLS in
                          Severity: Minor
                          Found in modules/auxiliary/dos/ssl/dtls_fragment_overflow.rb - About 1 hr to fix

                            Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def initialize(info = {})
    super(update_info(info,
      'Name' => 'Satel Iberia SenNet Data Logger and Electricity Meters Command Injection Vulnerability',
      'Description' => %q{
        This module exploits an OS Command Injection vulnerability in Satel Iberia SenNet Data Loggers & Electricity Meters
                            Severity: Minor
                            Found in modules/auxiliary/scanner/telnet/satel_cmd_exec.rb - About 1 hr to fix

                              Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Microsoft IIS 6.0 ASP Stack Exhaustion Denial of Service',
      'Description'    => %q{
          The vulnerability allows remote unauthenticated attackers to force the IIS server
                              Severity: Minor
                              Found in modules/auxiliary/dos/windows/http/ms10_065_ii6_asp_dos.rb - About 1 hr to fix

                                Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def initialize(info = {})
    super(update_info(info,
      'Name'          => 'Unitronics PCOM Client',
      'Description'   => %q{
        Unitronics Vision PLCs allow unauthenticated PCOM commands
                                Severity: Minor
                                Found in modules/auxiliary/scanner/scada/pcomclient.rb - About 1 hr to fix

                                  Method run has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def run
    connect
    case action.name
    when "READ"
      if datastore['LENGTH'] == nil
                                  Severity: Minor
                                  Found in modules/auxiliary/scanner/scada/pcomclient.rb - About 1 hr to fix

                                    Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def initialize
    super(
      'Name' => 'SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Execution',
      'Description' => %q{
          This module makes use of the SXPG_CALL_SYSTEM Remote Function Call, through the
                                    Severity: Minor
                                    Found in modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system_exec.rb - About 1 hr to fix

                                      Method do_login has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def do_login(user=nil,pass=nil)
    begin
      vprint_status("#{msg} Trying user:'#{user}' with password:'#{pass}'")
      cmd = "<authenticate><credentials><username>#{user}</username><password>#{pass}</password></credentials></authenticate><HELP/>\r\n"
      omp_send(cmd,true) # send hello
                                      Severity: Minor
                                      Found in modules/auxiliary/scanner/openvas/openvas_omp_login.rb - About 1 hr to fix

                                        Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def initialize
    super(
      'Name'         => 'Indusoft WebStudio NTWebServer Remote File Access',
      'Description'  =>  %q{
          This module exploits a directory traversal vulnerability in Indusoft WebStudio.
                                        Severity: Minor
                                        Found in modules/auxiliary/scanner/scada/indusoft_ntwebserver_fileaccess.rb - About 1 hr to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language