Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method exploit has 54 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def exploit

    if target.name =~ /Windows 7/ # Plus Windows Vista

      virtualprotect =
Severity: Major
Found in modules/exploits/windows/fileformat/ibm_pcm_ws.rb - About 2 hrs to fix

    Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Anviz CrossChex Buffer Overflow',
    Severity: Major
    Found in modules/exploits/windows/misc/crosschex_device_bof.rb - About 2 hrs to fix

      Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
    super(update_info(info,
      'Name' => 'Mini-Stream 3.0.1.1 Buffer Overflow',
      'Description' => %q{
          This module exploits a stack buffer overflow in Mini-Stream 3.0.1.1
      Severity: Major
      Found in modules/exploits/windows/misc/mini_stream.rb - About 2 hrs to fix

        Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables)',
        Severity: Major
        Found in modules/exploits/linux/local/glibc_tunables_priv_esc.rb - About 2 hrs to fix

          Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Linux Kernel Sendpage Local Privilege Escalation',
      'Description'    => %q{
        The Linux kernel failed to properly initialize some entries in the
          Severity: Major
          Found in modules/exploits/linux/local/sock_sendpage.rb - About 2 hrs to fix

            Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Ivanti Connect Secure Unauthenticated Remote Code Execution',
            Severity: Major
            Found in modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2023_46805.rb - About 2 hrs to fix

              Method exploit has 54 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def exploit
    print_status('Encoding the payload as a .jsp file')
    payload = Msf::Util::EXE.to_jsp(generate_payload_exe)

    # Create a file
              Severity: Major
              Found in modules/exploits/linux/http/zimbra_unrar_cve_2022_30333.rb - About 2 hrs to fix

                Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Micro Focus Operations Bridge Reporter Unauthenticated Command Injection',
                Severity: Major
                Found in modules/exploits/linux/http/microfocus_obr_cmd_injection.rb - About 2 hrs to fix

                  Method execute_command has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def execute_command(cmd, _opts = {})
    if !@nsp || !@auth_cookies # Check to see if we already authenticated during the check
      auth_result, err_msg, @auth_cookies, @version, @nsp = authenticate(username, password, finish_install, true, true, true)
      case auth_result
      when AUTH_RESULTS[:connection_failed]
                  Severity: Major
                  Found in modules/exploits/linux/http/nagios_xi_configwizards_authenticated_rce.rb - About 2 hrs to fix

                    Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Ray Agent Job RCE',
                    Severity: Major
                    Found in modules/exploits/linux/http/ray_agent_job_rce.rb - About 2 hrs to fix

                      Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize(info = {})
    super(update_info(info,
      'Name'        => 'Linksys E1500/E2500 apply.cgi Remote Command Injection',
      'Description' => %q{
          Some Linksys Routers are vulnerable to an authenticated OS command injection.
                      Severity: Major
                      Found in modules/exploits/linux/http/linksys_e1500_apply_exec.rb - About 2 hrs to fix

                        Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info = {})
    super(update_info(info,
      'Name'        => 'Linksys E-Series TheMoon Remote Command Injection',
      'Description' => %q{
        Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command
                        Severity: Major
                        Found in modules/exploits/linux/http/linksys_themoon_exec.rb - About 2 hrs to fix

                          Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info={})
    super(update_info(info,
      'Name'           => "Openfiler v2.x NetworkCard Command Execution",
      'Description'    => %q{
        This module exploits a vulnerability in Openfiler v2.x
                          Severity: Major
                          Found in modules/exploits/linux/http/openfiler_networkcard_exec.rb - About 2 hrs to fix

                            Method exploit has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def exploit
    # first we authenticate
    @cookie = rand_text_alpha_lower(7)

    res = send_request_cgi({
                            Severity: Major
                            Found in modules/exploits/linux/http/trueonline_p660hn_v2_rce.rb - About 2 hrs to fix

                              Method run has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def run
    # Get device prompt
    prompt = session.shell_command('')

    # Set terminal length to 0 so no paging is required
                              Severity: Major
                              Found in modules/post/networking/gather/enum_cisco.rb - About 2 hrs to fix

                                Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Multi Gather Firefox Signon Credential Collection',
                                Severity: Major
                                Found in modules/post/multi/gather/firefox_creds.rb - About 2 hrs to fix

                                  Method run has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def run
    fail_with(Failure::BadConfig, 'Invalid session ID selected.') if client.nil?
    fail_with(Failure::BadConfig, 'Invalid action') if action.nil?

    num_chunks = (datastore['RECORD_LEN'].to_f / datastore['SYNC_WAIT'].to_f).ceil
                                  Severity: Major
                                  Found in modules/post/osx/manage/record_mic.rb - About 2 hrs to fix

                                    Method handle_response has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def handle_response(cli, request_uri)
    uripath = get_resource.chomp('/')

    # Convert http://127.0.0.1/URIPATH/file/ -> /file
    if request_uri != uripath && request_uri.starts_with?(uripath)
                                    Severity: Major
                                    Found in modules/post/multi/manage/fileshare.rb - About 2 hrs to fix

                                      Method initialize has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Windows Gather Exchange Server Mailboxes',
                                      Severity: Major
                                      Found in modules/post/windows/gather/exchange.rb - About 2 hrs to fix

                                        Method decrypt_vom_db has 54 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def decrypt_vom_db(csv_dataset)
    current_row = 0
    decrypted_rows = 0
    plaintext_rows = 0
    blank_rows = 0
                                        Severity: Major
                                        Found in modules/post/windows/gather/credentials/veeam_credential_dump.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language