Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method initialize has 72 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Apache Struts ClassLoader Manipulation Remote Code Execution',
      'Description'    => %q{
        This module exploits a remote command execution vulnerability in Apache Struts versions
Severity: Major
Found in modules/exploits/multi/http/struts_code_exec_classloader.rb - About 2 hrs to fix

    Method initialize has 72 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Apache 2.4.49/2.4.50 Traversal RCE',
    Severity: Major
    Found in modules/exploits/multi/http/apache_normalize_path_rce.rb - About 2 hrs to fix

      Method initialize has 72 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Microsoft Exchange ProxyNotShell RCE',
      Severity: Major
      Found in modules/exploits/windows/http/exchange_proxynotshell_rce.rb - About 2 hrs to fix

        Method initialize has 72 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize(info={})
    super(update_info(info,
      'Name'        => "HP NNM CGI webappmon.exe OvJavaLocale Buffer Overflow",
      'Description' => %q{
          This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53.
        Severity: Major
        Found in modules/exploits/windows/http/hp_nnm_webappmon_ovjavalocale.rb - About 2 hrs to fix

          Method drop_and_execute_payload has 72 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def drop_and_execute_payload
    bdcm_data = "<?xml version=\"1.0\" encoding=\"utf-8\"?>
<Model
  xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"
  xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" Name=\"BDCMetadata\"
          Severity: Major
          Found in modules/exploits/windows/http/sharepoint_dynamic_proxy_generator_auth_bypass_rce.rb - About 2 hrs to fix

            Method initialize has 72 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super( update_info(info,
      'Name'           => 'TeeChart Professional ActiveX Control Trusted Integer Dereference',
      'Description'    => %q{
          This module exploits an integer overflow in TeeChart Pro ActiveX control. When
            Severity: Major
            Found in modules/exploits/windows/browser/teechart_pro.rb - About 2 hrs to fix

              Method make_pdf has 72 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def make_pdf(js)
    xref = []
    eol = "\n"
    endobj = "endobj" << eol
              Severity: Major
              Found in modules/exploits/windows/browser/adobe_toolbutton.rb - About 2 hrs to fix

                Method exploit has 72 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def exploit
    # In order to save binary data to the file system the payload is written to a .vbs
    # file and execute it from there.
    @payload_name = rand_text_alpha(4)
    @temp_folder  = "/Windows/Temp"
                Severity: Major
                Found in modules/exploits/windows/fileformat/nitro_reader_jsapi.rb - About 2 hrs to fix

                  Method make_pdf has 72 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def make_pdf(js)
    xref = []
    eol = "\n"
    endobj = "endobj" << eol
                  Severity: Major
                  Found in modules/exploits/windows/fileformat/adobe_toolbutton.rb - About 2 hrs to fix

                    Method exploit has 72 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def exploit

    connect(versions: [1])
    login_time = Time.now
    smb_login()
                    Severity: Major
                    Found in modules/exploits/windows/smb/ms10_061_spoolss.rb - About 2 hrs to fix

                      Method initialize has 72 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Sudo Heap-Based Buffer Overflow',
                      Severity: Major
                      Found in modules/exploits/linux/local/sudo_baron_samedit.rb - About 2 hrs to fix

                        Method initialize has 72 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Libuser roothelper Privilege Escalation',
                        Severity: Major
                        Found in modules/exploits/linux/local/libuser_roothelper_priv_esc.rb - About 2 hrs to fix

                          Method exploit has 72 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def exploit
    check_status = check

    if check_status == CheckCode::Appears
      print_good 'The target appears to be vulnerable'
                          Severity: Major
                          Found in modules/exploits/linux/local/glibc_ld_audit_dso_load_priv_esc.rb - About 2 hrs to fix

                            Method initialize has 72 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'VMware vCenter Server Virtual SAN Health Check Plugin RCE',
                            Severity: Major
                            Found in modules/exploits/linux/http/vmware_vcenter_vsan_health_rce.rb - About 2 hrs to fix

                              Method grab_config has 72 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def grab_config(user,pass)
    print_status("#{rhost}:#{rport} - Trying to download the original configuration")
    begin
      res = send_request_cgi({
        'uri'     => '/index.asp',
                              Severity: Major
                              Found in modules/exploits/linux/http/linksys_wrt54gl_apply_exec.rb - About 2 hrs to fix

                                Method initialize has 72 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE',
                                Severity: Major
                                Found in modules/exploits/linux/http/vmware_vrni_rce_cve_2023_20887.rb - About 2 hrs to fix

                                  Method initialize has 72 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Optergy Proton and Enterprise BMS Command Injection using a backdoor',
                                  Severity: Major
                                  Found in modules/exploits/linux/http/optergy_bms_backdoor_rce_cve_2019_7276.rb - About 2 hrs to fix

                                    Method initialize has 72 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Mida Solutions eFramework ajaxreq.php Command Injection',
                                    Severity: Major
                                    Found in modules/exploits/linux/http/mida_solutions_eframework_ajaxreq_rce.rb - About 2 hrs to fix

                                      Method exploit has 72 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def exploit
    if (datastore['SRVHOST'] == '0.0.0.0') || (datastore['SRVHOST'] == '::')
      fail_with(Failure::Unreachable, "#{peer} - Please specify the LAN IP address of this computer in SRVHOST")
    end
                                      Severity: Major
                                      Found in modules/exploits/linux/misc/tplink_archer_a7_c7_lan_rce.rb - About 2 hrs to fix

                                        Method exploit has 72 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def exploit
    uuid = SecureRandom.uuid

    ldap_port = datastore["SRVPORT"]
    ldap_host = datastore["SRVHOST"]
                                        Severity: Major
                                        Found in modules/exploits/linux/misc/jenkins_ldap_deserialize.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language