Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method check has 51 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def check
    sys_info = get_sysinfo

    # Check the app is installed and the version
    if sys_info[:distro] == 'ubuntu' || sys_info[:distro] == 'debian'
Severity: Major
Found in modules/exploits/linux/local/sudoedit_bypass_priv_esc.rb - About 2 hrs to fix

    Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def initialize(info={})
    super(update_info(info,
      'Name'           => "Symantec Web Gateway 5 restore.php Post Authentication Command Injection",
      'Description'    => %q{
          This module exploits a command injection vulnerability found in Symantec Web
    Severity: Major
    Found in modules/exploits/linux/http/symantec_web_gateway_restore.rb - About 2 hrs to fix

      Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
    super(
      update_info(
        info,
        {
      Severity: Major
      Found in modules/exploits/linux/local/vmware_mount.rb - About 2 hrs to fix

        Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'WeBid converter.php Remote PHP Code Injection',
        Severity: Major
        Found in modules/exploits/linux/http/webid_converter.rb - About 2 hrs to fix

          Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload',
          Severity: Major
          Found in modules/exploits/linux/http/oracle_ebs_rce_cve_2022_21587.rb - About 2 hrs to fix

            Method exploit has 51 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def exploit
    # run if AutoCheck is false (@config = nil), otherwise use the information in @config gathered during the check method
    unless @config
      res = get_configuration
      fail_with(Failure::NotVulnerable, 'Target is not vulnerable.') if res.nil? || res.code != 200
            Severity: Major
            Found in modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb - About 2 hrs to fix

              Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Kibana Timelion Prototype Pollution RCE',
              Severity: Major
              Found in modules/exploits/linux/http/kibana_timelion_prototype_pollution_rce.rb - About 2 hrs to fix

                Method payload2 has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def payload2
    rand_cmd1 = Rex::Text.rand_text_alpha_lower(4..12)
    rand_cmd2 = Rex::Text.rand_text_alpha_lower(4..12)
    rand_db = Rex::Text.rand_text_alpha_lower(4..12)
    rand_doc = Rex::Text.rand_text_alpha_lower(4..12)
                Severity: Major
                Found in modules/exploits/linux/http/apache_couchdb_cmd_exec.rb - About 2 hrs to fix

                  Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Kloxo SQL Injection and Remote Code Execution',
      'Description'    => %q{
        This module exploits an unauthenticated SQL injection vulnerability affecting Kloxo, as
                  Severity: Major
                  Found in modules/exploits/linux/http/kloxo_sqli.rb - About 2 hrs to fix

                    Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Nagios XI Chained Remote Code Execution',
      'Description'    => %q{
        This module exploits a few different vulnerabilities in Nagios XI 5.2.6-5.4.12 to gain remote root access.
                    Severity: Major
                    Found in modules/exploits/linux/http/nagios_xi_chained_rce_2_electric_boogaloo.rb - About 2 hrs to fix

                      Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize(info = {})
    super(update_info(info,
      'Name'               => 'HP VAN SDN Controller Root Command Injection',
      'Description'        => %q{
        This module exploits a hardcoded service token or default credentials
                      Severity: Major
                      Found in modules/exploits/linux/http/hp_van_sdn_cmd_inject.rb - About 2 hrs to fix

                        Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF',
      'Description'    => %q{
        This module exploits an XML external entity vulnerability and a
                        Severity: Major
                        Found in modules/exploits/linux/http/zimbra_xxe_rce.rb - About 2 hrs to fix

                          Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(update_info(info,
      'Name'        => 'Fritz!Box Webcm Unauthenticated Command Injection',
      'Description' => %q{
        Different Fritz!Box devices are vulnerable to an unauthenticated OS command injection.
                          Severity: Major
                          Found in modules/exploits/linux/http/fritzbox_echo_exec.rb - About 2 hrs to fix

                            Method enum_configs has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def enum_configs(prompt)
    host = session.session_host
    port = session.session_port
    # https://support.f5.com/csp/article/K26582310
    exec_commands = [
                            Severity: Major
                            Found in modules/post/networking/gather/enum_f5.rb - About 2 hrs to fix

                              Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Accellion FTA MPIPE2 Command Execution',
      'Description'    => %q{
          This module exploits a chain of vulnerabilities in the Accellion
                              Severity: Major
                              Found in modules/exploits/linux/misc/accellion_fta_mpipe2.rb - About 2 hrs to fix

                                Method run has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def run
    iprange = datastore['RHOSTS']
    print_status("Performing ping sweep for IP range #{iprange}")
    iplst = []
    begin
                                Severity: Major
                                Found in modules/post/multi/gather/ping_sweep.rb - About 2 hrs to fix

                                  Method print_result has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def print_result(result: nil)
    return unless result

    process_info = "#{result[:process]['name']} (pid: #{result[:process]['pid']})"
    unless result[:status] == :success
                                  Severity: Major
                                  Found in modules/post/multi/gather/memory_search.rb - About 2 hrs to fix

                                    Method run has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def run
    unless (datastore['DISCLAIMER'] == true)
      print_error('This module will delete HSTS data from all browsers on the target. You must set the DISCLAIMER option to True to acknowledge that you understand this warning.')
      return
    end
                                    Severity: Major
                                    Found in modules/post/multi/manage/hsts_eraser.rb - About 2 hrs to fix

                                      Method init_thycotic_db has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def init_thycotic_db(ss_web_path)
    print_status('Decrypt database.config ...')
    ss_db_config_file = ss_web_path + 'database.config'
    vprint_status('Database configuration file path:')
    vprint_status("\t#{ss_db_config_file}")
                                      Severity: Major
                                      Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 2 hrs to fix

                                        Method cmd_window_enum has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def cmd_window_enum(*args)
    parent_window = nil
    include_unknown = false
    window_class_name = nil
                                        Severity: Major
                                        Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language