Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method run_host has 52 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def run_host(target_host)
    begin
      if datastore['PASSWORD'].empty?
        password = Rex::Text::rand_text_alphanumeric(16)
      else
Severity: Major
Found in modules/auxiliary/scanner/vnc/ard_root_pw.rb - About 2 hrs to fix

    Method initialize has 52 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Generic HTTP Directory Traversal Utility',
      'Description'    => %q{
          This module allows you to test if a web server (or web application) is
    Severity: Major
    Found in modules/auxiliary/scanner/http/http_traversal.rb - About 2 hrs to fix

      Method access_configuration has 52 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def access_configuration

    data = "<?xml version='1.0' encoding='UTF-8'?>" + "\r\n"
    data << "<wsns0:Envelope" + "\r\n"
    data << "xmlns:wsns1='http://www.w3.org/2001/XMLSchema-instance'" + "\r\n"
      Severity: Major
      Found in modules/auxiliary/scanner/http/hp_sitescope_getsitescopeconfiguration.rb - About 2 hrs to fix

        Method run_host has 52 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def run_host(ip)
    res = send_request_cgi({
      'method' => 'GET',
      'uri' => normalize_uri(target_uri.path, 'api')
    })
        Severity: Major
        Found in modules/auxiliary/scanner/http/jupyter_login.rb - About 2 hrs to fix

          Method do_login has 52 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def do_login(user, pass)
    vprint_status("Trying username:#{user.inspect} with password:#{pass.inspect}")

    # some versions require we snag a CSRF token. So visit the logon portal
    res = send_request_cgi('method' => 'GET', 'uri' => normalize_uri('/+CSCOE+/logon.html'))
          Severity: Major
          Found in modules/auxiliary/scanner/http/cisco_asa_clientless_vpn.rb - About 2 hrs to fix

            Method do_fuzz_headers has 52 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def do_fuzz_headers(form,headers)
    headercnt = 0
    datastr = ""
    form[:fields].each do | thisfield |
      normaldata = "blah&"
            Severity: Major
            Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 2 hrs to fix

              Method initialize has 52 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def initialize(info = {})
    super(
      update_info(
        info,
        'Name'        => 'pfSense authenticated group member RCE',
              Severity: Major
              Found in modules/exploits/unix/http/pfsense_group_member_exec.rb - About 2 hrs to fix

                Method initialize has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Dhclient Bash Environment Variable Injection (Shellshock)',
      'Description'    => %q|
        This module exploits the Shellshock vulnerability, a flaw in how the Bash shell
                Severity: Major
                Found in modules/exploits/unix/dhcp/bash_environment.rb - About 2 hrs to fix

                  Method exploit has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def exploit
    # Automatic Targeting
    mytarget = nil
    banner, version, alert = detect_version(target_uri.path)
    if (target['auto'])
                  Severity: Major
                  Found in modules/exploits/unix/webapp/nagios3_history_cgi.rb - About 2 hrs to fix

                    Method initialize has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Invision IP.Board unserialize() PHP Code Execution',
                    Severity: Major
                    Found in modules/exploits/unix/webapp/invision_pboard_unserialize_exec.rb - About 2 hrs to fix

                      Method login has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def login(user, pass)
    print_status("#{peer} - Authenticating with OpenMediaVault using credentials #{user}:#{pass}")
    # try the login options for all OpenMediaVault versions
    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, 'rpc.php'),
                      Severity: Major
                      Found in modules/exploits/unix/webapp/openmediavault_auth_cron_rce.rb - About 2 hrs to fix

                        Method exec_php has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def exec_php(php_code)
    print_status('Retrieving session cookie')

    res = send_request_cgi({
      'method' => 'GET',
                        Severity: Major
                        Found in modules/exploits/unix/webapp/opensis_chain_exec.rb - About 2 hrs to fix

                          Method initialize has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'OpenMediaVault rpc.php Authenticated PHP Code Injection',
                          Severity: Major
                          Found in modules/exploits/unix/webapp/openmediavault_rpc_rce.rb - About 2 hrs to fix

                            Method exploit has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def exploit

    exts = ['jpg']

    gext = exts[rand(exts.length)]
                            Severity: Major
                            Found in modules/exploits/osx/email/mailapp_image_exec.rb - About 2 hrs to fix

                              Method initialize has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info={})
    super(update_info(info,
      'Name'           => "Apple Safari file:// Arbitrary Code Execution",
      'Description'    => %q{
          This module exploits a vulnerability found in Apple Safari on OS X platform.
                              Severity: Major
                              Found in modules/exploits/osx/browser/safari_file_policy.rb - About 2 hrs to fix

                                Method initialize has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Tomcat RCE via JSP Upload Bypass',
                                Severity: Major
                                Found in modules/exploits/multi/http/tomcat_jsp_upload_bypass.rb - About 2 hrs to fix

                                  Method initialize has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'JetBrains TeamCity Unauthenticated Remote Code Execution',
                                  Severity: Major
                                  Found in modules/exploits/multi/http/jetbrains_teamcity_rce_cve_2023_42793.rb - About 2 hrs to fix

                                    Method initialize has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Atlassian Crowd pdkinstall Unauthenticated Plugin Upload RCE',
                                    Severity: Major
                                    Found in modules/exploits/multi/http/atlassian_crowd_pdkinstall_plugin_upload_rce.rb - About 2 hrs to fix

                                      Method initialize has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Moodle Authenticated Spelling Binary RCE',
                                      Severity: Major
                                      Found in modules/exploits/multi/http/moodle_spelling_binary_rce.rb - About 2 hrs to fix

                                        Method exploit has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def exploit
    # Get node_id for requests
    node_id = get_node
    fail_with(Failure::Unknown, 'Could not get a valid node id for the vBulletin install.') unless node_id
                                        Severity: Major
                                        Found in modules/exploits/multi/http/vbulletin_getindexablecontent.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language