Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method run has 64 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def run
    print_status("Establishing a connection to the target...")

    uri = normalize_uri(datastore['URI'], '/tiki-lastchanges.php')
    rpath = uri + "?days=1&offset=0&sort_mode="
Severity: Major
Found in modules/auxiliary/admin/tikiwiki/tikidblib.rb - About 2 hrs to fix

    Method parse_ns_config has 64 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def parse_ns_config
    ns_config_data = File.binread(ns_conf)
    ns_secret.each do |secret|
      element = secret[0]
      secret[1].each do |keyword|
    Severity: Major
    Found in modules/auxiliary/admin/citrix/citrix_netscaler_config_decrypt.rb - About 2 hrs to fix

      Method run has 64 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def run
    clientip = datastore['CLIENTIP']
    serverip = datastore['SERVERIP']
    bnatip =   datastore['BNATIP']
    outint =   datastore['OUTINF']
      Severity: Major
      Found in modules/auxiliary/bnat/bnat_router.rb - About 2 hrs to fix

        Method run_host has 64 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def run_host(ip)
    cred_collection = build_credential_collection(
      username: datastore['USERNAME'],
      password: datastore['PASSWORD'],
      realm: datastore['DOMAIN'],
        Severity: Major
        Found in modules/auxiliary/scanner/ldap/ldap_login.rb - About 2 hrs to fix

          Method run_host has 64 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def run_host(ip)
    begin
      connect
      res = send_request_raw({ 'uri' => '/hw-sys.htm', 'method' => 'GET' })
      unless res && res.headers['Server'].to_s.index('Intel(R) Active Management Technology')
          Severity: Major
          Found in modules/auxiliary/scanner/http/intel_amt_digest_bypass.rb - About 2 hrs to fix

            Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Apache 2.4.49/2.4.50 Traversal RCE scanner',
            Severity: Major
            Found in modules/auxiliary/scanner/http/apache_normalize_path.rb - About 2 hrs to fix

              Method run_host has 64 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def run_host(_target_host)
    # Check if we have a valid version to test
    if version
      if version.empty?
        print_error('VERSION cannot be empty. Please provide an existing Nagios XI VERSION or use `unset VERSION` to cancel')
              Severity: Major
              Found in modules/auxiliary/scanner/http/nagios_xi_scanner.rb - About 2 hrs to fix

                Method do_login has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def do_login(user='msf', pass='msf')
    vprint_status(" - Trying username:'#{user}' with password:'#{pass}'")
    begin
      res = send_request_cgi({
        'uri'     => datastore['URILOGIN'],
                Severity: Major
                Found in modules/auxiliary/scanner/msf/msf_web_login.rb - About 2 hrs to fix

                  Method do_login has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def do_login(opts={})

    @connected = false
    disconnect if self.sock
    connect
                  Severity: Major
                  Found in modules/auxiliary/fuzzers/tds/tds_login_username.rb - About 2 hrs to fix

                    Method exploit has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def exploit

    print_status("Logging in as user [ #{datastore['USER']} ]")
    res = send_request_cgi({
      'method' => 'POST',
                    Severity: Major
                    Found in modules/exploits/unix/webapp/seportal_sqli_exec.rb - About 2 hrs to fix

                      Method create_temp_file has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def create_temp_file
    url_jhot = normalize_uri(datastore['URI'], "/jhot.php")

    scode =
      "\x0d\x0a\x3c\x3f\x70\x68\x70\x0d\x0a\x2f\x2f\x20\x24\x48\x65\x61" +
                      Severity: Major
                      Found in modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb - About 2 hrs to fix

                        Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info = {})
    super(update_info(info,
      'Name'                => 'Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion',
      'Description'         => %q(
       This module exploits a type confusion on Adobe Flash Player, which was
                        Severity: Major
                        Found in modules/exploits/osx/browser/adobe_flash_delete_range_tl_op.rb - About 2 hrs to fix

                          Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(update_info(info,
      'Name'        => 'JBoss JMX Console Deployer Upload and Execute',
      'Description' => %q{
          This module can be used to execute a payload on JBoss servers that have
                          Severity: Major
                          Found in modules/exploits/multi/http/jboss_maindeployer.rb - About 2 hrs to fix

                            Method upload_file has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def upload_file(img_name, wp_nonce, cookie)
    img_data = %w[
      FF D8 FF E0 00 10 4A 46 49 46 00 01 01 01 00 60 00 60 00 00 FF ED 00 38 50 68 6F
      74 6F 73 68 6F 70 20 33 2E 30 00 38 42 49 4D 04 04 00 00 00 00 00 1C 1C 02 74 00
      10 3C 3F 3D 60 24 5F 47 45 54 5B 30 5D 60 3B 3F 3E 1C 02 00 00 02 00 04 FF FE 00
                            Severity: Major
                            Found in modules/exploits/multi/http/wp_crop_rce.rb - About 2 hrs to fix

                              Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'ForgeRock / OpenAM Jato Java Deserialization',
                              Severity: Major
                              Found in modules/exploits/multi/http/cve_2021_35464_forgerock_openam.rb - About 2 hrs to fix

                                Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Fortra GoAnywhere MFT Unauthenticated Remote Code Execution',
                                Severity: Major
                                Found in modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb - About 2 hrs to fix

                                  Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'HP SiteScope Remote Code Execution',
                                  Severity: Major
                                  Found in modules/exploits/multi/http/hp_sitescope_uploadfileshandler.rb - About 2 hrs to fix

                                    Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'SPIP BigUp Plugin Unauthenticated RCE',
                                    Severity: Major
                                    Found in modules/exploits/multi/http/spip_bigup_unauth_rce.rb - About 2 hrs to fix

                                      Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def initialize(info={})
    super(update_info(info,
      'Name' => 'Oracle Weblogic Server Deserialization RCE - Raw Object',
      'Description' => %q{
        An unauthenticated attacker with network access to the Oracle Weblogic Server T3
                                      Severity: Major
                                      Found in modules/exploits/multi/misc/weblogic_deserialize_rawobject.rb - About 2 hrs to fix

                                        Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow',
                                        Severity: Major
                                        Found in modules/exploits/solaris/ssh/pam_username_bof.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language