Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method initialize has 82 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(info = {})
    super(update_info(info,
      'Name'           => '3Com 3CDaemon 2.0 FTP Username Overflow',
      'Description'    => %q{
          This module exploits a vulnerability in the 3Com 3CDaemon
Severity: Major
Found in modules/exploits/windows/ftp/3cdaemon_ftp_user.rb - About 3 hrs to fix

    Method on_request_uri has 82 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def on_request_uri(cli, request)

    # Set target manually or automatically
    my_target = target
    if my_target.name == 'Automatic'
    Severity: Major
    Found in modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb - About 3 hrs to fix

      Method initialize has 82 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Klog Server authenticate.php user Unauthenticated Command Injection',
      Severity: Major
      Found in modules/exploits/linux/http/klog_server_authenticate_user_unauth_command_injection.rb - About 3 hrs to fix

        Method execute_command has 82 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def execute_command(cmd)
    name_v = Rex::Text.rand_text_alphanumeric(16)
    unique_id_v = Rex::Text.rand_text_alphanumeric(16)

    body = {
        Severity: Major
        Found in modules/exploits/linux/http/traccar_rce_upload.rb - About 3 hrs to fix

          Method initialize has 82 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Western Digital MyCloud unauthenticated command injection',
          Severity: Major
          Found in modules/exploits/linux/http/wd_mycloud_unauthenticated_cmd_injection.rb - About 3 hrs to fix

            Method initialize has 82 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'MagnusBilling application unauthenticated Remote Command Execution.',
            Severity: Major
            Found in modules/exploits/linux/http/magnusbilling_unauth_rce_cve_2023_30258.rb - About 3 hrs to fix

              Method initialize has 82 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'TerraMaster TOS 4.2.06 or lower - Unauthenticated Remote Code Execution',
              Severity: Major
              Found in modules/exploits/linux/http/terramaster_unauth_rce_cve_2020_35665.rb - About 3 hrs to fix

                Method initialize has 82 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Chamilo unauthenticated command injection in PowerPoint upload',
                Severity: Major
                Found in modules/exploits/linux/http/chamilo_unauth_rce_cve_2023_34960.rb - About 3 hrs to fix

                  Method run has 82 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def run
    devname = datastore['DEVICE']
    base_filename = datastore['OUTFILE']
    split = datastore['SPLIT']
    block_size = datastore['BLOCKSIZE']
                  Severity: Major
                  Found in modules/post/windows/gather/forensics/imager.rb - About 3 hrs to fix

                    Method cmd_threads has 82 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def cmd_threads(*args)
    # Make the default behavior listing all jobs if there were no options
    # or the only option is the verbose flag
    if (args.length == 0 or args == ["-v"])
      args.unshift("-l")
                    Severity: Major
                    Found in lib/msf/ui/console/command_dispatcher/core.rb - About 3 hrs to fix

                      Method cmd_klist has 82 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def cmd_klist(*args)
    return unless active?

    entries_affected = 0
    mode = :list
                      Severity: Major
                      Found in lib/msf/ui/console/command_dispatcher/db/klist.rb - About 3 hrs to fix

                        Method recv_unirpc_message has 82 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                                def recv_unirpc_message(sock, first_result_is_status: false)
          # Receive the header
          header = sock.get_once(0x18)

          # Make sure we received all of it
                        Severity: Major
                        Found in lib/msf/core/exploit/remote/unirpc.rb - About 3 hrs to fix

                          Method report_ntlm_type3 has 82 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def report_ntlm_type3(address:, ntlm_type1:, ntlm_type2:, ntlm_type3:)
    ntlm_message = ntlm_type3
    hash_type = nil

    user = ntlm_message.user.force_encoding(::Encoding::UTF_16LE).encode(''.encoding)
                          Severity: Major
                          Found in lib/msf/core/exploit/remote/smb/server/hash_capture.rb - About 3 hrs to fix

                            Method cmd_wmap_sites has 81 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                                  def cmd_wmap_sites(*args)
        args.push('-h') if args.empty?

        while (arg = args.shift)
          case arg
                            Severity: Major
                            Found in plugins/wmap.rb - About 3 hrs to fix

                              Method run has 81 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def run
    vprint_status("#{peer} - Checking build info")
    res = send_request_cgi(
      'uri' => normalize_uri(target_uri.path, 'api', 'v1', 'status', 'buildinfo'),
      'method' => 'GET'
                              Severity: Major
                              Found in modules/auxiliary/gather/prometheus_api_gather.rb - About 3 hrs to fix

                                Method run_host has 81 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                    def run_host(ip)
      if datastore['SUBDOM_LIST'] and ::File.file?(datastore['SUBDOM_LIST'])
        valstr = IO.readlines(datastore['SUBDOM_LIST']).map {
          |e| e.gsub(".#{datastore['DOMAIN']}", "").chomp
        }
                                Severity: Major
                                Found in modules/auxiliary/scanner/http/vhost_scanner.rb - About 3 hrs to fix

                                  Method initialize has 81 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def initialize(info = {})
    super(merge_info(info,
      'Name'          => 'Bind TCP Stager',
      'Description'   => 'Listen for a connection',
      'Author'        => 'hdm',
                                  Severity: Major
                                  Found in modules/payloads/stagers/osx/armle/bind_tcp.rb - About 3 hrs to fix

                                    Method initialize has 81 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'HorizontCMS Arbitrary PHP File Upload',
                                    Severity: Major
                                    Found in modules/exploits/multi/http/horizontcms_upload_exec.rb - About 3 hrs to fix

                                      Method create_pod has 81 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def create_pod
    if datastore['PodImage'].blank?
      image_names = @kubernetes_client.list_pods(namespace).fetch(:items, []).flat_map { |pod| pod.dig(:spec, :containers).map { |container| container[:image] } }.uniq
      fail_with(Failure::NotFound, 'An image could not be found from which to create a pod, set the PodImage option') if image_names.empty?
    else
                                      Severity: Major
                                      Found in modules/exploits/multi/kubernetes/exec.rb - About 3 hrs to fix

                                        Method initialize has 81 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def initialize( info = {} )
    super( update_info( info,
      'Name'          => 'Java Signed Applet Social Engineering Code Execution',
      'Description'   => %q{
          This exploit dynamically creates a .jar file via the
                                        Severity: Major
                                        Found in modules/exploits/multi/browser/java_signed_applet.rb - About 3 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language