Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Exim 4.87 - 4.91 Local Privilege Escalation',
Severity: Major
Found in modules/exploits/linux/local/exim4_deliver_message_priv_esc.rb - About 2 hrs to fix

    Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Micro Focus (HPE) Data Protector SUID Privilege Escalation',
    Severity: Major
    Found in modules/exploits/linux/local/omniresolve_suid_priv_esc.rb - About 2 hrs to fix

      Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'SonicWall SMA 100 Series Authenticated Command Injection',
      Severity: Major
      Found in modules/exploits/linux/http/sonicwall_cve_2021_20039.rb - About 2 hrs to fix

        Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Sourcegraph gitserver sshCommand RCE',
        Severity: Major
        Found in modules/exploits/linux/http/sourcegraph_gitserver_sshcmd.rb - About 2 hrs to fix

          Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution',
      'Description'    => %q{
        This module takes advantage of two vulnerabilities in order to gain remote code execution as root
          Severity: Major
          Found in modules/exploits/linux/http/sophos_wpa_iface_exec.rb - About 2 hrs to fix

            Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(update_info(info,
      'Name'        => 'D-Link DIR615h OS Command Injection',
      'Description' => %q{
          Some D-Link Routers are vulnerable to an authenticated OS command injection on
            Severity: Major
            Found in modules/exploits/linux/http/dlink_dir615_up_exec.rb - About 2 hrs to fix

              Method register_user has 57 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def register_user(username, password)
    # First thing first, we need to get csrf token from registration form.
    print_status('Registering a new user')

    res = send_request_cgi(
              Severity: Major
              Found in modules/exploits/linux/http/xplico_exec.rb - About 2 hrs to fix

                Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Rconfig 3.x Chained Remote Code Execution',
                Severity: Major
                Found in modules/exploits/linux/http/rconfig_ajaxarchivefiles_rce.rb - About 2 hrs to fix

                  Method exploit has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def exploit
    # Command injection has a 0x14 byte length limit so keep the file name as small as possible.
    # The length limit is also why we leverage the arbitrary file write -> write our payload to the .qrs file then execute it with the command injection.
    filename = rand_text_alpha(1)
    payload_filepath = "#{datastore['WRITABLE_DIR']}/#{filename}.qsr"
                  Severity: Major
                  Found in modules/exploits/linux/http/zyxel_parse_config_rce.rb - About 2 hrs to fix

                    Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Netis router MW5360 unauthenticated RCE.',
                    Severity: Major
                    Found in modules/exploits/linux/http/netis_unauth_rce_cve_2024_22729.rb - About 2 hrs to fix

                      Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'PowerShellEmpire Arbitrary File Upload (Skywalker)',
                      Severity: Major
                      Found in modules/exploits/linux/http/empire_skywalker.rb - About 2 hrs to fix

                        Method opennms_login has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def opennms_login(mode, perform_invalid_login: false)
    if perform_invalid_login
      user = Rex::Text.rand_text_alpha(8..12)
      pass = Rex::Text.rand_text_alpha(8..12)
      keep_cookies = false
                        Severity: Major
                        Found in modules/exploits/linux/http/opennms_horizon_authenticated_rce.rb - About 2 hrs to fix

                          Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(update_info(info,
      'Name'        => 'Netgear DGN2200B pppoe.cgi Remote Command Execution',
      'Description' => %q{
          Some Netgear Routers are vulnerable to an authenticated OS command injection
                          Severity: Major
                          Found in modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rb - About 2 hrs to fix

                            Method enum_tmos_configs has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def enum_tmos_configs(prompt)
    host = session.session_host
    port = session.session_port
    exec_commands = [
      {
                            Severity: Major
                            Found in modules/post/networking/gather/enum_f5.rb - About 2 hrs to fix

                              Method run has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def run
    backup_locations = []
    sprop_locations = []

    vprint_status('OS Detected: %s' % session.platform)
                              Severity: Major
                              Found in modules/post/multi/gather/ubiquiti_unifi_backup.rb - About 2 hrs to fix

                                Method transmit_payload has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def transmit_payload(exe, platform)
    #
    # Generate the stager command array
    #
    linemax = 1700
                                Severity: Major
                                Found in modules/post/multi/manage/shell_to_meterpreter.rb - About 2 hrs to fix

                                  Method decrypt_wug_db has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def decrypt_wug_db(csv_dataset)
    current_row = 0
    decrypted_rows = 0
    plaintext_rows = 0
    blank_rows = 0
                                  Severity: Major
                                  Found in modules/post/windows/gather/credentials/whatsupgold_credential_dump.rb - About 2 hrs to fix

                                    Method run has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def run
    print_status('Checking Default Locations...')
    check_systemroot

    grab_user_profiles.each do |user|
                                    Severity: Major
                                    Found in modules/post/windows/gather/credentials/total_commander.rb - About 2 hrs to fix

                                      Method process_files has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def process_files(username)
    secrets = ''
    masterkey = nil
    decrypt_table = Rex::Text::Table.new(
      'Header' => 'Decrypted data',
                                      Severity: Major
                                      Found in modules/post/windows/gather/enum_chrome.rb - About 2 hrs to fix

                                        Method app_list has 57 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def app_list
    tbl = Rex::Text::Table.new(
      'Header' => 'Keys',
      'Indent' => 1,
      'Columns' =>
                                        Severity: Major
                                        Found in modules/post/windows/gather/enum_ms_product_keys.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language