Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method initialize has 67 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(info = {})
    super(update_info(info,
      'Name'        => 'VICIdial Manager Send OS Command Injection',
      'Description' => %q{
          The file agc/manager_send.php in the VICIdial web application uses
Severity: Major
Found in modules/exploits/unix/webapp/vicidial_manager_send_cmd_exec.rb - About 2 hrs to fix

    Method exploit has 67 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def exploit
    uri = target_uri.path
    uri << '/' if uri[-1,1] != '/'
    plugins_uri = String.new(uri)
    plugins_uri << datastore['PLUGINSPATH']
    Severity: Major
    Found in modules/exploits/unix/webapp/wp_google_document_embedder_exec.rb - About 2 hrs to fix

      Method initialize has 67 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'pfSense plugin pfBlockerNG unauthenticated RCE as root',
      Severity: Major
      Found in modules/exploits/unix/http/pfsense_pfblockerng_webshell.rb - About 2 hrs to fix

        Method initialize has 67 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'ThinkPHP Multiple PHP Injection RCEs',
        Severity: Major
        Found in modules/exploits/unix/webapp/thinkphp_rce.rb - About 2 hrs to fix

          Method php_exploit has 67 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def php_exploit
    uris = []

    tpath = normalize_uri(datastore['PATH'])
    if tpath[-1,1] == '/'
          Severity: Major
          Found in modules/exploits/unix/webapp/php_include.rb - About 2 hrs to fix

            Method initialize has 67 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Apache NiFi API Remote Code Execution',
            Severity: Major
            Found in modules/exploits/multi/http/apache_nifi_processor_rce.rb - About 2 hrs to fix

              Method exploit has 67 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def exploit
    token_uri = "/app/rest/users/id:#{datastore['TEAMCITY_ADMIN_ID']}/tokens/RPC2"

    res = send_request_cgi(
      'method' => 'POST',
              Severity: Major
              Found in modules/exploits/multi/http/jetbrains_teamcity_rce_cve_2023_42793.rb - About 2 hrs to fix

                Method initialize has 67 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Zabbix Authenticated Remote Command Execution',
                Severity: Major
                Found in modules/exploits/multi/http/zabbix_script_exec.rb - About 2 hrs to fix

                  Method initialize has 67 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution',
                  Severity: Major
                  Found in modules/exploits/multi/http/microfocus_ucmdb_unauth_deser.rb - About 2 hrs to fix

                    Method execute_command_cve_2023_43208 has 67 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def execute_command_cve_2023_43208(cmd, _opts = {})
    if target['Platform'] == 'win'
      cmd = "cmd.exe /c \"#{cmd}\""
    else
      # see: https://codewhitesec.blogspot.com/2015/03/sh-or-getting-shell-environment-from.html
                    Severity: Major
                    Found in modules/exploits/multi/http/mirth_connect_cve_2023_43208.rb - About 2 hrs to fix

                      Method initialize has 67 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'VSCode ipynb Remote Development RCE',
                      Severity: Major
                      Found in modules/exploits/multi/misc/vscode_ipynb_remote_dev_exec.rb - About 2 hrs to fix

                        Method initialize has 67 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Microsoft Spooler Local Privilege Elevation Vulnerability',
                        Severity: Major
                        Found in modules/exploits/windows/local/cve_2020_1337_printerdemon.rb - About 2 hrs to fix

                          Method initialize has 67 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'ManageEngine ADSelfService Plus Custom Script Execution',
                          Severity: Major
                          Found in modules/exploits/windows/http/manageengine_adselfservice_plus_cve_2022_28810.rb - About 2 hrs to fix

                            Method initialize has 67 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def initialize(info = {})
    super(update_info(info,
      'Name'           => 'MS10-018 Microsoft Internet Explorer DHTML Behaviors Use After Free',
      'Description'    => %q{
          This module exploits a use-after-free vulnerability within the DHTML behaviors
                            Severity: Major
                            Found in modules/exploits/windows/browser/ms10_018_ie_behaviors.rb - About 2 hrs to fix

                              Method exploit has 67 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def exploit
    # Get or generate the username/password
    fail_with(Failure::BadConfig, 'USERNAME cannot be empty') if datastore['USERNAME'].empty?
    username = datastore['USERNAME']
                              Severity: Major
                              Found in modules/exploits/linux/local/f5_create_user.rb - About 2 hrs to fix

                                Method initialize has 67 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'SaltStack Salt REST API Arbitrary Command Execution',
                                Severity: Major
                                Found in modules/exploits/linux/http/saltstack_salt_api_cmd_exec.rb - About 2 hrs to fix

                                  Method initialize has 67 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'UnRAR Path Traversal in Zimbra (CVE-2022-30333)',
                                  Severity: Major
                                  Found in modules/exploits/linux/http/zimbra_unrar_cve_2022_30333.rb - About 2 hrs to fix

                                    Method initialize has 67 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035)',
                                    Severity: Major
                                    Found in modules/exploits/linux/http/ivanti_sentry_misc_log_service.rb - About 2 hrs to fix

                                      Method initialize has 67 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'VMware NSX Manager XStream unauthenticated RCE',
                                      Severity: Major
                                      Found in modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb - About 2 hrs to fix

                                        Method code_execution has 67 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def code_execution
    print_status("Trying code execution...")

    # can't "${run{/bin/sh -c 'exec /bin/sh -i <&#{b} >&0 2>&0'}} " anymore:
    # DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure
                                        Severity: Major
                                        Found in modules/exploits/linux/smtp/exim_gethostbyname_bof.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language