Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method initialize has 59 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Firefox 17.0.1 Flash Privileged Code Injection',
      'Description'    => %q{
        This exploit gains remote code execution on Firefox 17 and 17.0.1, provided
Severity: Major
Found in modules/exploits/multi/browser/firefox_svg_plugin.rb - About 2 hrs to fix

    Method initialize has 59 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def initialize( info = {} )

    super( update_info( info,
      'Name'          => 'Java Applet JMX Remote Code Execution',
      'Description'   => %q{
    Severity: Major
    Found in modules/exploits/multi/browser/java_jre17_jmxbean_2.rb - About 2 hrs to fix

      Method initialize has 59 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info={})
    super(update_info(info,
      'Name' => 'Oracle Weblogic Server Deserialization RCE - RMI UnicastRef',
      'Description' => %q{
        An unauthenticated attacker with network access to the Oracle Weblogic Server T3
      Severity: Major
      Found in modules/exploits/multi/misc/weblogic_deserialize_unicastref.rb - About 2 hrs to fix

        Method exploit has 59 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def exploit
    if is_system?
      fail_with(Failure::None, 'Session is already elevated')
    end
        Severity: Major
        Found in modules/exploits/windows/local/razer_zwopenprocess.rb - About 2 hrs to fix

          Method steal_agents has 59 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def steal_agents(cookie)
    res = send_request_cgi(
      'uri' => normalize_uri(target_uri.path, 'clients.php'),
      'headers' => {
        'cookie' => "PHPSESSID=#{cookie}"
          Severity: Major
          Found in modules/exploits/windows/http/northstar_c2_xss_to_agent_rce.rb - About 2 hrs to fix

            Method upload_payload has 59 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def upload_payload
    payload_name = "#{Rex::Text.rand_text_alpha(5..12)}.jsp"
    # need to 'select' webapps/AvalancheWeb to upload a file
    res = send_request_cgi(
      'uri' => normalize_uri(target_uri.path, 'app', 'FileStoreConfig.jsf'),
            Severity: Major
            Found in modules/exploits/windows/http/ivanti_avalanche_filestoreconfig_upload.rb - About 2 hrs to fix

              Method initialize has 59 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Sun Java Runtime New Plugin docbase Buffer Overflow',
      'Description'    => %q{
          This module exploits a flaw in the new plugin component of the Sun Java
              Severity: Major
              Found in modules/exploits/windows/browser/java_docbase_bof.rb - About 2 hrs to fix

                Method initialize has 59 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(update_info(info,
      'Name'               => 'Belkin Wemo UPnP Remote Code Execution',
      'Description'        => %q{
        This module exploits a command injection in the Belkin Wemo UPnP API via
                Severity: Major
                Found in modules/exploits/linux/upnp/belkin_wemo_upnp_exec.rb - About 2 hrs to fix

                  Method initialize has 59 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'SystemTap MODPROBE_OPTIONS Privilege Escalation',
                  Severity: Major
                  Found in modules/exploits/linux/local/systemtap_modprobe_options_priv_esc.rb - About 2 hrs to fix

                    Method initialize has 59 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'ktsuss suid Privilege Escalation',
                    Severity: Major
                    Found in modules/exploits/linux/local/ktsuss_suid_priv_esc.rb - About 2 hrs to fix

                      Method initialize has 59 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize(info = {})
    super(update_info(info,
      'Name'           => 'AF_PACKET packet_set_ring Privilege Escalation',
      'Description'    => %q{
        This module exploits a heap-out-of-bounds write in the packet_set_ring
                      Severity: Major
                      Found in modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb - About 2 hrs to fix

                        Method initialize has 59 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Traccar v5 Remote Code Execution (CVE-2024-31214 and CVE-2024-24809)',
                        Severity: Major
                        Found in modules/exploits/linux/http/traccar_rce_upload.rb - About 2 hrs to fix

                          Method initialize has 59 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Apache Airflow 1.10.10 - Example DAG Remote Code Execution',
                          Severity: Major
                          Found in modules/exploits/linux/http/apache_airflow_dag_rce.rb - About 2 hrs to fix

                            Method initialize has 59 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'IBM Data Risk Manager Unauthenticated Remote Code Execution',
                            Severity: Major
                            Found in modules/exploits/linux/http/ibm_drm_rce.rb - About 2 hrs to fix

                              Method initialize has 59 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Hak5 WiFi Pineapple Preconfiguration Command Injection',
      'Description'    => %q{
      This module exploits a login/csrf check bypass vulnerability on WiFi Pineapples version 2.0 <= pineapple < 2.4.
                              Severity: Major
                              Found in modules/exploits/linux/http/pineapple_bypass_cmdinject.rb - About 2 hrs to fix

                                Method initialize has 59 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Micro Focus Operations Bridge Reporter shrboadmin default password',
                                Severity: Major
                                Found in modules/exploits/linux/ssh/microfocus_obr_shrboadmin.rb - About 2 hrs to fix

                                  Method initialize has 59 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'KOFFEE - Kia OFFensivE Exploit',
                                  Severity: Major
                                  Found in modules/post/android/local/koffee.rb - About 2 hrs to fix

                                    Method create_scheduler_task has 59 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def create_scheduler_task(script_on_target)
    unless is_system? || is_admin?
      print_error('Insufficient privileges to create a scheduler task')
      return
    end
                                    Severity: Major
                                    Found in modules/post/windows/manage/persistence_exe.rb - About 2 hrs to fix

                                      Method initialize has 59 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Windows Capture Keystroke Recorder',
                                      Severity: Major
                                      Found in modules/post/windows/capture/keylog_recorder.rb - About 2 hrs to fix

                                        Method scrape_passwords has 59 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def scrape_passwords(provider, method, args)
    if args.include?('-h')
      cmd_creds_usage(provider)
      return
    end
                                        Severity: Major
                                        Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/kiwi.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language