Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method calculate_race has 55 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def calculate_race(server, domain, num=50)

    q_beg_t = nil
    q_end_t = nil
    cnt     = 0
Severity: Major
Found in modules/auxiliary/spoof/dns/bailiwicked_host.rb - About 2 hrs to fix

    Method run has 55 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def run
    print_status("Exploiting sqli to extract users information...")
    mark = Rex::Text.rand_text_alpha(8 + rand(5))
    rand = Rex::Text.rand_text_numeric(2)
    separator = Rex::Text.rand_text_alpha(5 + rand(5))
    Severity: Major
    Found in modules/auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.rb - About 2 hrs to fix

      Method record_action has 55 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def record_action(type, type_enum, value, action)
    # Send the update to the zone's primary master.
    domain = datastore['DOMAIN']
    fqdn   = "#{datastore['HOSTNAME']}.#{domain}"
    opts   = {nameserver: datastore['RHOST']}
      Severity: Major
      Found in modules/auxiliary/admin/dns/dyn_dns_update.rb - About 2 hrs to fix

        Method describe_ec2_instance has 55 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def describe_ec2_instance(inst)
    print_good "  #{inst.id} (#{inst.state.name})"
    print_good "    Creation Date:  #{inst.launch_time}"
    print_good "    Public IP:      #{inst.public_ip_address} (#{inst.public_dns_name})"
    print_good "    Private IP:     #{inst.private_ip_address} (#{inst.private_dns_name})"
        Severity: Major
        Found in modules/auxiliary/cloud/aws/enum_ec2.rb - About 2 hrs to fix

          Method bruteforce has 55 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def bruteforce(uri,user,pass,cli)
    begin
      path = "sap/bc/gui/sap/its/webgui/"
      cookie = "Active=true; sap-usercontext=sap-language=EN&sap-client=#{cli}"
      res = send_request_cgi({
          Severity: Major
          Found in modules/auxiliary/scanner/sap/sap_web_gui_brute_login.rb - About 2 hrs to fix

            Method run_host has 55 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def run_host(ip)
    begin
      uri = normalize_uri(target_uri.path)
      res = send_request_cgi({
        'uri'     => uri,
            Severity: Major
            Found in modules/auxiliary/scanner/http/tomcat_mgr_login.rb - About 2 hrs to fix

              Method run_detections has 55 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def run_detections(ip, port)
    print_status("#{ip}:#{port} being checked")

    final_ipnet_score        = 0
    final_vxworks_score      = 0
              Severity: Major
              Found in modules/auxiliary/scanner/vxworks/urgent11_check.rb - About 2 hrs to fix

                Method run_host has 55 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def run_host(ip)
    begin
      if session
        sql_conn = session.client
        version = sql_conn.server_info
                Severity: Major
                Found in modules/auxiliary/scanner/mysql/mysql_version.rb - About 2 hrs to fix

                  Method initialize has 55 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(merge_info(info,
      'Name'          => 'Linux Command Shell, Find Port Inline',
      'Description'   => 'Spawn a shell on an established connection',
      'Author'        => 'mak',
                  Severity: Major
                  Found in modules/payloads/singles/linux/x64/shell_find_port.rb - About 2 hrs to fix

                    Method initialize has 55 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Safari User-Assisted Download and Run Attack',
      'Description'    => %q{
        This module abuses some Safari functionality to force the download of a
                    Severity: Major
                    Found in modules/exploits/osx/browser/safari_user_assisted_download_launch.rb - About 2 hrs to fix

                      Method create_fedora_rop has 55 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def create_fedora_rop(sys_execv_args)
    # Gadgets tincd
    loc_dot_data = 0x80692e0 # a location inside .data
    pop_eax = [0x8065969].pack('V') # pop eax; ret
    pop_ebx = [0x8049d8d].pack('V') # pop ebx; ret
                      Severity: Major
                      Found in modules/exploits/multi/vpn/tincd_bof.rb - About 2 hrs to fix

                        Method initialize has 55 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info = {})
    super(update_info(info,
      'Name' => 'CUPS Filter Bash Environment Variable Code Injection (Shellshock)',
      'Description' => %q{
        This module exploits the Shellshock vulnerability, a flaw in how the Bash shell
                        Severity: Major
                        Found in modules/exploits/multi/http/cups_bash_env_exec.rb - About 2 hrs to fix

                          Method initialize has 55 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Wordpress LiteSpeed Cache plugin cookie theft',
                          Severity: Major
                          Found in modules/exploits/multi/http/wp_litespeed_cookie_theft.rb - About 2 hrs to fix

                            Method initialize has 55 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution',
      'Description'    => %q{
          This module can be used to execute a payload on MoveableType (MT) that
                            Severity: Major
                            Found in modules/exploits/multi/http/movabletype_upgrade_exec.rb - About 2 hrs to fix

                              Method initialize has 55 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Apache RocketMQ update config RCE',
                              Severity: Major
                              Found in modules/exploits/multi/http/apache_rocketmq_update_config.rb - About 2 hrs to fix

                                Method initialize has 55 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Atlassian Confluence SSTI Injection',
                                Severity: Major
                                Found in modules/exploits/multi/http/atlassian_confluence_rce_cve_2023_22527.rb - About 2 hrs to fix

                                  Method initialize has 55 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'pgAdmin Session Deserialization RCE',
                                  Severity: Major
                                  Found in modules/exploits/multi/http/pgadmin_session_deserialization.rb - About 2 hrs to fix

                                    Method exploit has 55 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def exploit
    @uri = target_uri
    @uri.path = normalize_uri(@uri.path)
    res = send_request_raw({'uri' => "#{@uri.path}listDatabases"})
    if res && res.code == 200 && res.body.length > 0
                                    Severity: Major
                                    Found in modules/exploits/multi/http/orientdb_exec.rb - About 2 hrs to fix

                                      Method initialize has 55 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def initialize(info = {})
    super(update_info(info,
      'Name'        => 'SonicWALL GMS 6 Arbitrary File Upload',
      'Description' => %q{
          This module exploits a code execution flaw in SonicWALL GMS. It exploits two
                                      Severity: Major
                                      Found in modules/exploits/multi/http/sonicwall_gms_upload.rb - About 2 hrs to fix

                                        Method initialize has 55 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def initialize( info = {} )
    super( update_info( info,
      'Name'          => 'Java Applet Rhino Script Engine Remote Code Execution',
      'Description'   => %q{
          This module exploits a vulnerability in the Rhino Script Engine that
                                        Severity: Major
                                        Found in modules/exploits/multi/browser/java_rhino.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language