Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'ProFTPD 1.3.5 Mod_Copy Command Execution',
Severity: Major
Found in modules/exploits/unix/ftp/proftpd_modcopy_exec.rb - About 2 hrs to fix

    Method exploit has 51 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def exploit
    base = target_uri.path
    base << '/' if base[-1, 1] != '/'
    @upload_php = rand_text_alpha(rand(4) + 4) + ".php"
    Severity: Major
    Found in modules/exploits/unix/webapp/tikiwiki_unserialize_exec.rb - About 2 hrs to fix

      Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'SugarCRM unserialize() PHP Code Execution',
      Severity: Major
      Found in modules/exploits/unix/webapp/sugarcrm_unserialize_exec.rb - About 2 hrs to fix

        Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize(info = {})
    super(update_info(info,
      'Name'        => 'ActiveMQ web shell upload',
      'Description' => %q(
        The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0
        Severity: Major
        Found in modules/exploits/multi/http/apache_activemq_upload_jsp.rb - About 2 hrs to fix

          Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def initialize(info={})
    super(update_info(info,
      'Name'           => "Atlassian HipChat for Jira Plugin Velocity Template Injection",
      'Description'    => %q{
        Atlassian Hipchat is a web service for internal instant messaging. A plugin is available
          Severity: Major
          Found in modules/exploits/multi/http/jira_hipchat_template.rb - About 2 hrs to fix

            Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Jenkins-CI Script-Console Java Execution',
            Severity: Major
            Found in modules/exploits/multi/http/jenkins_script_console.rb - About 2 hrs to fix

              Method exploit has 51 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def exploit
    #initialise some base vars
    @inject = "${#_memberAccess[\"allowStaticMethodAccess\"]=true,CMD}"
    @java_upload_part_cmd = "#f=new java.io.FileOutputStream('FILENAME',APPEND),#f.write(new sun.misc.BASE64Decoder().decodeBuffer('BUFFER')), #f.close()"
    #Set up generic values.
              Severity: Major
              Found in modules/exploits/multi/http/struts_include_params.rb - About 2 hrs to fix

                Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(update_info(info,
      'Name'        => 'Novell ZENworks Configuration Management Remote Execution',
      'Description' => %q{
          This module exploits a code execution flaw in Novell ZENworks Configuration
                Severity: Major
                Found in modules/exploits/multi/http/zenworks_control_center_upload.rb - About 2 hrs to fix

                  Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(update_info(info,
      'Name'            => 'Axis2 / SAP BusinessObjects Authenticated Code Execution (via SOAP)',
      'Description'     => %q{
        This module logs in to an Axis2 Web Admin Module instance using a specific user/pass
                  Severity: Major
                  Found in modules/exploits/multi/http/axis2_deployer.rb - About 2 hrs to fix

                    Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Malicious Git HTTP Server For CVE-2017-1000117',
                    Severity: Major
                    Found in modules/exploits/multi/http/git_submodule_command_exec.rb - About 2 hrs to fix

                      Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize( info = {} )
    super( update_info( info,
      'Name'          => 'Java storeImageArray() Invalid Array Indexing Vulnerability',
      'Description'   => %q{
        This module abuses an Invalid Array Indexing Vulnerability on the
                      Severity: Major
                      Found in modules/exploits/multi/browser/java_storeimagearray.rb - About 2 hrs to fix

                        Method build_t3_request_object has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def build_t3_request_object
    # data block is from EDB PoC
    data = '000005c3016501ffffffffffffffff0000006a0000ea600000001900937b484a'
    data << '56fa4a777666f581daa4f5b90e2aebfc607499b4027973720078720178720278'
    data << '700000000a000000030000000000000006007070707070700000000a00000003'
                        Severity: Major
                        Found in modules/exploits/multi/misc/weblogic_deserialize.rb - About 2 hrs to fix

                          Method execute_command has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def execute_command(cmd, _opts = {})
    uri = target_uri.path
    service_name = Rex::Text.rand_text_alpha(5..10)
    print_status("Creating service '#{service_name}'")
                          Severity: Major
                          Found in modules/exploits/multi/misc/consul_service_exec.rb - About 2 hrs to fix

                            Method exploit has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def exploit
    if (target.name =~ /Unix/)
      connect

      poof =
                            Severity: Major
                            Found in modules/exploits/multi/misc/openview_omniback_exec.rb - About 2 hrs to fix

                              Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Ghostscript Command Execution via Format String',
                              Severity: Major
                              Found in modules/exploits/multi/fileformat/ghostscript_format_string_cve_2024_29510.rb - About 2 hrs to fix

                                Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'PHP IRC Bot pbot eval() Remote Code Execution',
      'Description'    => %q{
          This module allows remote command execution on the PHP IRC bot pbot by abusing
                                Severity: Major
                                Found in modules/exploits/multi/misc/pbot_exec.rb - About 2 hrs to fix

                                  Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def initialize(info = {})
    super(
      update_info(
        info,
        {
                                  Severity: Major
                                  Found in modules/exploits/android/local/binder_uaf.rb - About 2 hrs to fix

                                    Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def initialize(info = {})
    super(update_info(info,
      'Name'         => 'Sielco Sistemi Winlog Buffer Overflow 2.07.14 - 2.07.16',
      'Description'  => %q{
        This module exploits a buffer overflow in Sielco Sistem Winlog <= 2.07.16.
                                    Severity: Major
                                    Found in modules/exploits/windows/scada/winlog_runtime_2.rb - About 2 hrs to fix

                                      Method exploit has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def exploit
    @registry_key = ''
    check_permissions!
    case get_uac_level
    when UAC_PROMPT_CREDS_IF_SECURE_DESKTOP,
                                      Severity: Major
                                      Found in modules/exploits/windows/local/bypassuac_windows_store_reg.rb - About 2 hrs to fix

                                        Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def initialize(info = {})
    super(
      update_info(
        info,
        {
                                        Severity: Major
                                        Found in modules/exploits/windows/local/ms16_075_reflection.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language