Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(_info = {})
    super(
      'Name' => 'UniFi Network Application Unauthenticated JNDI Injection RCE (via Log4Shell)',
      'Description' => %q{
        The Ubiquiti UniFi Network Application versions 5.13.29 through 6.5.53 are affected by the Log4Shell
Severity: Major
Found in modules/exploits/multi/http/ubiquiti_unifi_log4shell.rb - About 2 hrs to fix

    Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def initialize(info = {})
    super(update_info(info,
      'Name'            => 'Adobe ColdFusion RDS Authentication Bypass',
      'Description'     => %q{
        Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote
    Severity: Major
    Found in modules/exploits/multi/http/coldfusion_rds_auth_bypass.rb - About 2 hrs to fix

      Method exploit has 54 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def exploit
    @attempted_login = false
    @uri = target_uri
    @uri.path = normalize_uri(@uri.path)
    @uri.path << '/' if @uri.path[-1, 1] != '/'
      Severity: Major
      Found in modules/exploits/multi/http/jenkins_script_console.rb - About 2 hrs to fix

        Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Mutiny Remote Command Execution',
      'Description'    => %q{
          This module exploits an authenticated command injection vulnerability in the
        Severity: Major
        Found in modules/exploits/multi/http/mutiny_subnetmask_exec.rb - About 2 hrs to fix

          Method generate_html has 54 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def generate_html(target_info,refer)
    injection = if target_info[:ua_ver].to_i == 15
      "Function.prototype.call.call(p.__defineGetter__,obj,key,runme);"
    else
      "p2.constructor.defineProperty(obj,key,{get:runme});"
          Severity: Major
          Found in modules/exploits/multi/browser/firefox_proto_crmfrequest.rb - About 2 hrs to fix

            Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Unauthenticated remote code execution in Ignition',
            Severity: Major
            Found in modules/exploits/multi/php/ignition_laravel_debug_rce.rb - About 2 hrs to fix

              Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def initialize( info = {} )

    super( update_info( info,
      'Name'          => 'Java Applet ProviderSkeleton Insecure Invoke Method',
      'Description'   => %q{
              Severity: Major
              Found in modules/exploits/multi/browser/java_jre17_provider_skeleton.rb - About 2 hrs to fix

                Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Hashicorp Consul Remote Command Execution via Services API',
                Severity: Major
                Found in modules/exploits/multi/misc/consul_service_exec.rb - About 2 hrs to fix

                  Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(
      update_info(
        info,
        {
                  Severity: Major
                  Found in modules/exploits/android/local/janus.rb - About 2 hrs to fix

                    Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'FreeBSD Intel SYSRET Privilege Escalation',
                    Severity: Major
                    Found in modules/exploits/freebsd/local/intel_sysret_priv_esc.rb - About 2 hrs to fix

                      Method exploit has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def exploit
    my_target = target
    if my_target.name == 'Automatic'
      print_status("Automatically detecting the target")
      connect
                      Severity: Major
                      Found in modules/exploits/windows/ftp/turboftp_port.rb - About 2 hrs to fix

                        Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'QNX qconn Command Execution',
                        Severity: Major
                        Found in modules/exploits/qnx/qconn/qconn_exec.rb - About 2 hrs to fix

                          Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(
      update_info(
        info,
        {
                          Severity: Major
                          Found in modules/exploits/windows/local/ppr_flatten_rec.rb - About 2 hrs to fix

                            Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'PsExec via Current User Token',
                            Severity: Major
                            Found in modules/exploits/windows/local/current_user_psexec.rb - About 2 hrs to fix

                              Method exploit has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def exploit
    # did the operator specify a custom DLL? If not...
    if datastore['DLLPATH']
      # otherwise, just use their provided DLL and assume they compiled everything correctly
      # there is no way to check if it's compiled correctly anyway
                              Severity: Major
                              Found in modules/exploits/windows/http/softing_sis_rce.rb - About 2 hrs to fix

                                Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'EasyFTP Server list.html path Stack Buffer Overflow',
      'Description'    => %q{
          This module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11
                                Severity: Major
                                Found in modules/exploits/windows/http/easyftp_list.rb - About 2 hrs to fix

                                  Method write_bat_file_to_disk has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def write_bat_file_to_disk(cmd)
    # Uses the HL7Sensor for writing a .bat file to the disk
    cmd = cmd.gsub! '\\', '\\\\\\'
    print_status('Writing .bat to disk')
                                  Severity: Major
                                  Found in modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb - About 2 hrs to fix

                                    Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => "Honeywell Tema Remote Installer ActiveX Remote Code Execution",
                                    Severity: Major
                                    Found in modules/exploits/windows/browser/honeywell_tema_exec.rb - About 2 hrs to fix

                                      Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def initialize(info = {})
    super(update_info(info,
      'Name'           => 'PointDev IDEAL Migration Buffer Overflow',
      'Description'    => %q{
          This module exploits a stack buffer overflow in versions v9.7
                                      Severity: Major
                                      Found in modules/exploits/windows/fileformat/ideal_migration_ipj.rb - About 2 hrs to fix

                                        Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def initialize(info = {})
    super(update_info(info,
      'Name'           => "Microsoft Office Word Malicious Hta Execution",
      'Description'    => %q{
        This module creates a malicious RTF file that when opened in
                                        Severity: Major
                                        Found in modules/exploits/windows/fileformat/office_word_hta.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language