Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method initialize has 56 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Microsoft Error Reporting Local Privilege Elevation Vulnerability',
Severity: Major
Found in modules/exploits/windows/local/win_error_cve_2023_36874.rb - About 2 hrs to fix

    Method initialize has 56 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def initialize(info = {})
    super(
      update_info(
        info,
        {
    Severity: Major
    Found in modules/exploits/windows/local/cve_2021_40449.rb - About 2 hrs to fix

      Method initialize has 56 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Microsoft UPnP Local Privilege Elevation Vulnerability',
      Severity: Major
      Found in modules/exploits/windows/local/comahawk.rb - About 2 hrs to fix

        Method initialize has 56 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize
    super(
      'Name' => 'MS99-025 Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution',
      'Description' => %q{
          This module can be used to execute arbitrary commands on IIS servers
        Severity: Major
        Found in modules/exploits/windows/iis/msadc.rb - About 2 hrs to fix

          Method execute_command has 56 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def execute_command(cmd, _opts = {})
    serialized = Rex::Text.encode_base64(::Msf::Util::DotNetDeserialization.generate(
      cmd,
      gadget_chain: :TextFormattingRunProperties,
      formatter: :LosFormatter
          Severity: Major
          Found in modules/exploits/windows/http/sharepoint_data_deserialization.rb - About 2 hrs to fix

            Method initialize has 56 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(update_info(info,
      'Name'           => 'DiskSavvy Enterprise GET Buffer Overflow',
      'Description'    => %q{
          This module exploits a stack-based buffer overflow vulnerability
            Severity: Major
            Found in modules/exploits/windows/http/disksavvy_get_bof.rb - About 2 hrs to fix

              Method initialize has 56 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def initialize(info={})
    super(update_info(info,
      'Name'           => "Adobe Flash Player 11.3 Kern Table Parsing Integer Overflow",
      'Description'    => %q{
          This module exploits a vulnerability found in the ActiveX component of Adobe
              Severity: Major
              Found in modules/exploits/windows/browser/adobe_flash_otf_font.rb - About 2 hrs to fix

                Method on_request_uri has 56 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def on_request_uri(cli, request)

    agent = request.headers['User-Agent']
    my_target = get_target(agent)
                Severity: Major
                Found in modules/exploits/windows/browser/ms11_093_ole32.rb - About 2 hrs to fix

                  Method initialize has 56 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info={})
    super(update_info(info,
      'Name'           => "Adobe Flash Player Integer Underflow Remote Code Execution",
      'Description'    => %q{
        This module exploits a vulnerability found in the ActiveX component of Adobe Flash Player
                  Severity: Major
                  Found in modules/exploits/windows/browser/adobe_flash_avm2.rb - About 2 hrs to fix

                    Method initialize has 56 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Delta Electronics InfraSuite Device Master Deserialization',
                    Severity: Major
                    Found in modules/exploits/windows/misc/delta_electronics_infrasuite_deserialization.rb - About 2 hrs to fix

                      Method initialize has 56 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize(info = {})
    super(update_info(info,
      'Name'           => 'MS09-050 Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference',
      'Description'    => %q{
          This module exploits an out of bounds function table dereference in the SMB
                      Severity: Major
                      Found in modules/exploits/windows/smb/ms09_050_smb2_negotiate_func_index.rb - About 2 hrs to fix

                        Method initialize has 56 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation',
      'Description'    => %q{
        This module attempts to gain root privileges on Linux systems by abusing
                        Severity: Major
                        Found in modules/exploits/linux/local/rds_atomic_free_op_null_pointer_deref_priv_esc.rb - About 2 hrs to fix

                          Method run_exploit has 56 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def run_exploit(check)
    if !datastore['ForceExploit'] && is_root?
      fail_with(Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.')
    end
                          Severity: Major
                          Found in modules/exploits/linux/local/cve_2021_4034_pwnkit_lpe_pkexec.rb - About 2 hrs to fix

                            Method check has 56 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def check
    arch = kernel_hardware

    # Could we potentially support x86? Yes, potentially. Will we? Well considering the 5.7 kernel was released
    # in 2020 and official support for x64 kernels ended in 2012 with
                            Severity: Major
                            Found in modules/exploits/linux/local/cve_2021_3490_ebpf_alu32_bounds_check_lpe.rb - About 2 hrs to fix

                              Method initialize has 56 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => "glibc 'realpath()' Privilege Escalation",
                              Severity: Major
                              Found in modules/exploits/linux/local/glibc_realpath_priv_esc.rb - About 2 hrs to fix

                                Method initialize has 56 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Docker cgroups Container Escape',
                                Severity: Major
                                Found in modules/exploits/linux/local/docker_cgroup_escape.rb - About 2 hrs to fix

                                  Method initialize has 56 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => '2021 Ubuntu Overlayfs LPE',
                                  Severity: Major
                                  Found in modules/exploits/linux/local/cve_2021_3493_overlayfs.rb - About 2 hrs to fix

                                    Method hijack_cookie has 56 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def hijack_cookie
    # Updating SSL and RPORT in order to communicate with HTTP proxy service.
    if datastore['SSL']
      ssl_restore = true
      datastore['SSL'] = false
                                    Severity: Major
                                    Found in modules/exploits/linux/http/trendmicro_websecurity_exec.rb - About 2 hrs to fix

                                      Method initialize has 56 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def initialize(info = {})
    super(update_info(info,
      'Name'        => 'Linksys WRT160nv2 apply.cgi Remote Command Injection',
      'Description' => %q{
          Some Linksys Routers are vulnerable to an authenticated OS command injection on
                                      Severity: Major
                                      Found in modules/exploits/linux/http/linksys_wrt160nv2_apply_exec.rb - About 2 hrs to fix

                                        Method initialize has 56 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def initialize(info = {})
    super(update_info(info,
      'Name'            => 'php imap_open Remote Code Execution',
      'Description'     => %q{
        The imap_open function within php, if called without the /norsh flag, will attempt to preauthenticate an
                                        Severity: Major
                                        Found in modules/exploits/linux/http/php_imap_open_rce.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language