Showing 7,361 of 22,177 total issues
Method initialize
has 67 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(update_info(info,
'Name' => 'VICIdial Manager Send OS Command Injection',
'Description' => %q{
The file agc/manager_send.php in the VICIdial web application uses
Method exploit
has 67 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
uri = target_uri.path
uri << '/' if uri[-1,1] != '/'
plugins_uri = String.new(uri)
plugins_uri << datastore['PLUGINSPATH']
Method initialize
has 67 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'pfSense plugin pfBlockerNG unauthenticated RCE as root',
Method initialize
has 67 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'ThinkPHP Multiple PHP Injection RCEs',
Method php_exploit
has 67 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def php_exploit
uris = []
tpath = normalize_uri(datastore['PATH'])
if tpath[-1,1] == '/'
Method initialize
has 67 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Apache NiFi API Remote Code Execution',
Method exploit
has 67 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
token_uri = "/app/rest/users/id:#{datastore['TEAMCITY_ADMIN_ID']}/tokens/RPC2"
res = send_request_cgi(
'method' => 'POST',
Method initialize
has 67 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Zabbix Authenticated Remote Command Execution',
Method initialize
has 67 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution',
Method execute_command_cve_2023_43208
has 67 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def execute_command_cve_2023_43208(cmd, _opts = {})
if target['Platform'] == 'win'
cmd = "cmd.exe /c \"#{cmd}\""
else
# see: https://codewhitesec.blogspot.com/2015/03/sh-or-getting-shell-environment-from.html
Method initialize
has 67 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'VSCode ipynb Remote Development RCE',
Method initialize
has 67 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Microsoft Spooler Local Privilege Elevation Vulnerability',
Method initialize
has 67 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'ManageEngine ADSelfService Plus Custom Script Execution',
Method initialize
has 67 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(update_info(info,
'Name' => 'MS10-018 Microsoft Internet Explorer DHTML Behaviors Use After Free',
'Description' => %q{
This module exploits a use-after-free vulnerability within the DHTML behaviors
Method exploit
has 67 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
# Get or generate the username/password
fail_with(Failure::BadConfig, 'USERNAME cannot be empty') if datastore['USERNAME'].empty?
username = datastore['USERNAME']
Method initialize
has 67 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'SaltStack Salt REST API Arbitrary Command Execution',
Method initialize
has 67 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'UnRAR Path Traversal in Zimbra (CVE-2022-30333)',
Method initialize
has 67 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035)',
Method initialize
has 67 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'VMware NSX Manager XStream unauthenticated RCE',
Method code_execution
has 67 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def code_execution
print_status("Trying code execution...")
# can't "${run{/bin/sh -c 'exec /bin/sh -i <&#{b} >&0 2>&0'}} " anymore:
# DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure