Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method get_environment has 71 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def get_environment(rhost)
    print_status("#{rhost}:#{rport} [SAP] Connecting to SAP Management Console SOAP Interface ")
    success = false

    soapenv = 'http://schemas.xmlsoap.org/soap/envelope/'
Severity: Major
Found in modules/auxiliary/scanner/sap/sap_mgmt_con_getenv.rb - About 2 hrs to fix

    Method accessfile has 71 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def accessfile(rhost)
    uri = normalize_uri(target_uri.path)
    print_status("#{rhost}:#{rport} Connecting to Crowd SOAP Interface")

    soapenv = 'http://schemas.xmlsoap.org/soap/envelope/'
    Severity: Major
    Found in modules/auxiliary/scanner/http/atlassian_crowd_fileaccess.rb - About 2 hrs to fix

      Method do_login has 71 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def do_login(user, pass)
    print_status("#{rhost}:#{rport} - Trying username:#{user.inspect} with password:#{pass.inspect}")
    begin

      res = send_request_cgi(
      Severity: Major
      Found in modules/auxiliary/scanner/http/binom3_login_config_pass_dump.rb - About 2 hrs to fix

        Method initialize has 71 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize
    super(
      'Name'           => 'OpenSSL Heartbeat (Heartbleed) Information Leak',
      'Description'    => %q{
        This module implements the OpenSSL Heartbleed attack. The problem
        Severity: Major
        Found in modules/auxiliary/scanner/ssl/openssl_heartbleed.rb - About 2 hrs to fix

          Method run_host has 71 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def run_host(ip)
    # If we have a session make use of it
    if session
      print_status("Using existing session #{session.sid}")
      self.mysql_conn = session.client
          Severity: Major
          Found in modules/auxiliary/scanner/mysql/mysql_hashdump.rb - About 2 hrs to fix

            Method run has 71 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def run
    init_fuzzdata()
    init_vars()

    print_status("Grabbing webpage #{datastore['URL']} from #{datastore['RHOST']}")
            Severity: Major
            Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 2 hrs to fix

              Method check has 71 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def check
    # obtain token and cookie required for login
    res = send_request_cgi 'uri' => normalize_uri(target_uri.path, 'bolt', 'login')

    return CheckCode::Unknown('Connection failed') unless res
              Severity: Major
              Found in modules/exploits/unix/webapp/bolt_authenticated_rce.rb - About 2 hrs to fix

                Method exploit has 71 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def exploit
    base = target_uri.path
    base << '/' if base[-1, 1] != '/'

    @fname = rand_text_alphanumeric(rand(10) + 6) + '.php'
                Severity: Major
                Found in modules/exploits/multi/http/extplorer_upload_exec.rb - About 2 hrs to fix

                  Method initialize has 71 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'ManageEngine ADSelfService Plus Unauthenticated SAML RCE',
                  Severity: Major
                  Found in modules/exploits/multi/http/manageengine_adselfservice_plus_saml_rce_cve_2022_47966.rb - About 2 hrs to fix

                    Method execute_command has 71 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def execute_command(cmd, _opts = {})
    if target['Type'] == :windows_dropper
      cmd = "cmd /c #{cmd}"
    end
    cmd = cmd.encode(xml: :attr).gsub('"', '')
                    Severity: Major
                    Found in modules/exploits/multi/http/manageengine_adselfservice_plus_saml_rce_cve_2022_47966.rb - About 2 hrs to fix

                      Method initialize has 71 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize(info = {})
    super(update_info(info,
      'Name'               => 'Jenkins ACL Bypass and Metaprogramming RCE',
      'Description'        => %q{
        This module exploits a vulnerability in Jenkins dynamic routing to
                      Severity: Major
                      Found in modules/exploits/multi/http/jenkins_metaprogramming.rb - About 2 hrs to fix

                        Method initialize has 71 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Apache Struts Remote Command Execution',
                        Severity: Major
                        Found in modules/exploits/multi/http/struts_code_exec_exception_delegator.rb - About 2 hrs to fix

                          Method initialize has 71 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Java RMI Server Insecure Default Configuration Java Code Execution',
      'Description'    => %q{
          This module takes advantage of the default configuration of the RMI Registry and
                          Severity: Major
                          Found in modules/exploits/multi/misc/java_rmi_server.rb - About 2 hrs to fix

                            Method initialize has 71 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'LNK Code Execution Vulnerability',
                            Severity: Major
                            Found in modules/exploits/windows/local/cve_2017_8464_lnk_lpe.rb - About 2 hrs to fix

                              Method initialize has 71 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Advantech iView Unauthenticated Remote Code Execution',
                              Severity: Major
                              Found in modules/exploits/windows/http/advantech_iview_unauth_rce.rb - About 2 hrs to fix

                                Method initialize has 71 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'DotNetNuke Cookie Deserialization Remote Code Excecution',
                                Severity: Major
                                Found in modules/exploits/windows/http/dnn_cookie_deserialization_rce.rb - About 2 hrs to fix

                                  Method initialize has 71 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def initialize(info = {})
    super(update_info(info,
      'Name'           => 'FlexNet License Server Manager lmgrd Buffer Overflow',
      'Description'    => %q{
          This module exploits a vulnerability in the FlexNet
                                  Severity: Major
                                  Found in modules/exploits/windows/license/flexnet_lmgrd_bof.rb - About 2 hrs to fix

                                    Method initialize has 71 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def initialize(info={})
    super(update_info(info,
      'Name'           => "MS12-037 Microsoft Internet Explorer Same ID Property Deleted Object Handling Memory Corruption",
      'Description'    => %q{
          This module exploits a memory corruption flaw in Internet Explorer 8 when
                                    Severity: Major
                                    Found in modules/exploits/windows/browser/ms12_037_same_id.rb - About 2 hrs to fix

                                      Method on_request_uri has 71 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def on_request_uri(cli, request)
    #Pick the right target
    my_target = get_target(cli, request)
    if my_target.nil?
      vprint_error("Target not supported")
                                      Severity: Major
                                      Found in modules/exploits/windows/browser/vlc_mms_bof.rb - About 2 hrs to fix

                                        Method initialize has 71 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def initialize(info={})
    super(update_info(info,
      'Name'           => "MS14-064 Microsoft Internet Explorer Windows OLE Automation Array Remote Code Execution",
      'Description'    => %q{
        This module exploits the Windows OLE Automation array vulnerability, CVE-2014-6332.
                                        Severity: Major
                                        Found in modules/exploits/windows/browser/ms14_064_ole_code_execution.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language