Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'HashiCorp Nomad Remote Command Execution',
Severity: Major
Found in modules/exploits/multi/misc/nomad_exec.rb - About 2 hrs to fix

    Method exploit has 57 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def exploit
    if !datastore['ForceExploit'] && is_root?
      fail_with(Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.')
    end
    Severity: Major
    Found in modules/exploits/freebsd/local/rtld_execl_priv_esc.rb - About 2 hrs to fix

      Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
    super(update_info(info,
      'Name'           => 'War-FTPD 1.65 Username Overflow',
      'Description'    => %q{
          This module exploits a buffer overflow found in the USER command
      Severity: Major
      Found in modules/exploits/windows/ftp/warftpd_165_user.rb - About 2 hrs to fix

        Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Windows NtUserSetWindowFNID Win32k User Callback',
        Severity: Major
        Found in modules/exploits/windows/local/cve_2018_8453_win32k_priv_esc.rb - About 2 hrs to fix

          Method exploit has 57 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def exploit
    fail_with(Failure::None, 'Already running as SYSTEM') if is_system?

    unless session.arch == ARCH_X64
      fail_with(Failure::BadConfig, 'This exploit only supports x64 sessions')
          Severity: Major
          Found in modules/exploits/windows/local/cve_2022_21999_spoolfool_privesc.rb - About 2 hrs to fix

            Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability',
            Severity: Major
            Found in modules/exploits/windows/local/mov_ss.rb - About 2 hrs to fix

              Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'MS16-032 Secondary Logon Handle Privilege Escalation',
              Severity: Major
              Found in modules/exploits/windows/local/ms16_032_secondary_logon_handle_privesc.rb - About 2 hrs to fix

                Method exploit has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def exploit
    fail_with(Failure::BadConfig, 'Must be a meterpreter session') unless session.type == 'meterpreter'
    fail_with(Failure::NoAccess, 'Cannot use this technique as SYSTEM') if is_system?
    domain = datastore['DOMAIN']
    user = datastore['USER']
                Severity: Major
                Found in modules/exploits/windows/local/run_as.rb - About 2 hrs to fix

                  Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'MS02-065 Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow',
                  Severity: Major
                  Found in modules/exploits/windows/iis/ms02_065_msadc.rb - About 2 hrs to fix

                    Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'ManageEngine ADAudit Plus CVE-2022-28219',
                    Severity: Major
                    Found in modules/exploits/windows/http/manageengine_adaudit_plus_cve_2022_28219.rb - About 2 hrs to fix

                      Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize(info={})
    super(update_info(info,
      'Name'           => 'VMWare OVF Tools Format String Vulnerability',
      'Description'    => %q{
          This module exploits a format string vulnerability in VMWare OVF Tools 2.1 for
                      Severity: Major
                      Found in modules/exploits/windows/browser/ovftool_format_string.rb - About 2 hrs to fix

                        Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info={})
    super(update_info(info,
      'Name'           => "Samsung NET-i Viewer Multiple ActiveX BackupToAvi() Remote Overflow",
      'Description'    => %q{
          This module exploits a vulnerability in the CNC_Ctrl.dll ActiveX control installed
                        Severity: Major
                        Found in modules/exploits/windows/browser/samsung_neti_wiewer_backuptoavi_bof.rb - About 2 hrs to fix

                          Method on_request_uri has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def on_request_uri(cli, request)
    # Check target before attacking
    agent = request.headers['User-Agent']
    if agent !~ /Windows NT 5\.1/ or agent !~ /Safari\/5/ or agent =~ /Chrome/
      print_error("This target isn't supported: #{agent.to_s}")
                          Severity: Major
                          Found in modules/exploits/windows/browser/safari_xslt_output.rb - About 2 hrs to fix

                            Method on_request_uri has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def on_request_uri(cli, request)

    agent = request.headers['User-Agent']
    print_status("User-agent: #{agent}")
                            Severity: Major
                            Found in modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb - About 2 hrs to fix

                              Method get_payload has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def get_payload(t)

    code = payload.encoded

    # Both ROP chains generated by mona.py - See corelan.be
                              Severity: Major
                              Found in modules/exploits/windows/browser/ms12_037_ie_colspan.rb - About 2 hrs to fix

                                Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'VMWare OVF Tools Format String Vulnerability',
      'Description'    => %q{
          This module exploits a format string vulnerability in VMWare OVF Tools 2.1 for
                                Severity: Major
                                Found in modules/exploits/windows/fileformat/ovf_format_string.rb - About 2 hrs to fix

                                  Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def initialize(info = {})
    super(update_info(info,
      'Name'          => 'IBM Personal Communications iSeries Access WorkStation 5.9 Profile',
      'Description'   => %q{
      The IBM Personal Communications I-Series application WorkStation is susceptible to a
                                  Severity: Major
                                  Found in modules/exploits/windows/fileformat/ibm_pcm_ws.rb - About 2 hrs to fix

                                    Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Print Spooler Remote DLL Injection',
                                    Severity: Major
                                    Found in modules/exploits/windows/dcerpc/cve_2021_1675_printnightmare.rb - About 2 hrs to fix

                                      Method check has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def check
    sys_info = get_sysinfo

    # Make sure both docker and runc are present
    unless command_exists?('runc')
                                      Severity: Major
                                      Found in modules/exploits/linux/local/runc_cwd_priv_esc.rb - About 2 hrs to fix

                                        Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Linux eBPF ALU32 32-bit Invalid Bounds Tracking LPE',
                                        Severity: Major
                                        Found in modules/exploits/linux/local/cve_2021_3490_ebpf_alu32_bounds_check_lpe.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language