Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Microsoft SQL Server Payload Execution via SQL Injection',
      'Description'    => %q{
          This module will execute an arbitrary payload on a Microsoft SQL
Severity: Major
Found in modules/exploits/windows/mssql/mssql_payload_sqli.rb - About 2 hrs to fix

    Method enable_xp_cmdshell has 64 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def enable_xp_cmdshell(path,name,shelled)
    # Enables "show advanced options" and xp_cmdshell if needed and possible
    # They cannot be enabled in user transactions (i.e. via openquery)
    # Only enabled if RPC_Out is enabled for linked server
    # All changes are reverted after payload delivery and execution
    Severity: Major
    Found in modules/exploits/windows/mssql/mssql_linkcrawler.rb - About 2 hrs to fix

      Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
    super(update_info(info,
      'Name'        => 'GAMSoft TelSrv 1.5 Username Buffer Overflow',
      'Description'    => %q{
          This module exploits a username sprintf stack buffer overflow in GAMSoft TelSrv 1.5.
      Severity: Major
      Found in modules/exploits/windows/telnet/gamsoft_telsrv_username.rb - About 2 hrs to fix

        Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'MS01-026 Microsoft IIS/PWS CGI Filename Double Decode Command Execution',
        Severity: Major
        Found in modules/exploits/windows/iis/ms01_026_dbldecode.rb - About 2 hrs to fix

          Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'ZenTao Pro 8.8.2 Remote Code Execution',
          Severity: Major
          Found in modules/exploits/windows/http/zentao_pro_rce.rb - About 2 hrs to fix

            Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'MOVEit SQL Injection vulnerability',
            Severity: Major
            Found in modules/exploits/windows/http/moveit_cve_2023_34362.rb - About 2 hrs to fix

              Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Advantech iView NetworkServlet Command Injection',
              Severity: Major
              Found in modules/exploits/windows/http/advantech_iview_networkservlet_cmd_inject.rb - About 2 hrs to fix

                Method on_request_uri has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def on_request_uri(cli, request)
    if request.headers['User-Agent'] !~ /Maxthon\/3/ or request.headers['User-Agent'] !~ /AppleWebKit\/534.12/
      print_status("Sending 404 for User-Agent #{request.headers['User-Agent']}")
      send_not_found(cli)
      return
                Severity: Major
                Found in modules/exploits/windows/browser/maxthon_history_xcs.rb - About 2 hrs to fix

                  Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'ptrace Sudo Token Privilege Escalation',
                  Severity: Major
                  Found in modules/exploits/linux/local/ptrace_sudo_token_priv_esc.rb - About 2 hrs to fix

                    Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Zyxel Firewall SUID Binary Privilege Escalation',
                    Severity: Major
                    Found in modules/exploits/linux/local/zyxel_suid_cp_lpe.rb - About 2 hrs to fix

                      Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Cisco HyperFlex HX Data Platform Command Execution',
                      Severity: Major
                      Found in modules/exploits/linux/http/cisco_hyperflex_hx_data_platform_cmd_exec.rb - About 2 hrs to fix

                        Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'pyLoad js2py Python Execution',
                        Severity: Major
                        Found in modules/exploits/linux/http/pyload_js2py_exec.rb - About 2 hrs to fix

                          Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Apache OFBiz SOAP Java Deserialization',
                          Severity: Major
                          Found in modules/exploits/linux/http/apache_ofbiz_deserialization_soap.rb - About 2 hrs to fix

                            Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Palo Alto Networks Authenticated Remote Code Execution',
                            Severity: Major
                            Found in modules/exploits/linux/http/panos_op_cmd_exec.rb - About 2 hrs to fix

                              Method exploit has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def exploit
    print_status('Encoding the payload as .jsp')
    payload = Msf::Util::EXE.to_jsp(generate_payload_exe)

    # Small sanity-check
                              Severity: Major
                              Found in modules/exploits/linux/http/zimbra_cpio_cve_2022_41352.rb - About 2 hrs to fix

                                Method initialize has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'IGEL OS Secure VNC/Terminal Command Injection RCE',
                                Severity: Major
                                Found in modules/exploits/linux/misc/igel_command_injection.rb - About 2 hrs to fix

                                  Method run has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def run
    fail_with(Failure::BadConfig, 'Invalid session ID selected.') if client.nil?
    fail_with(Failure::BadConfig, 'Invalid action') if action.nil?

    num_chunks = (datastore['RECORD_LEN'].to_f / datastore['SYNC_WAIT'].to_f).ceil
                                  Severity: Major
                                  Found in modules/post/osx/manage/webcam.rb - About 2 hrs to fix

                                    Method run has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def run
    # A table to store the found credentials.
    cred_table = Rex::Text::Table.new(
      'Header' => '.fetchmailrc credentials',
      'Indent' => 1,
                                    Severity: Major
                                    Found in modules/post/multi/gather/fetchmailrc_creds.rb - About 2 hrs to fix

                                      Method decrypt_local_vault_key has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def decrypt_local_vault_key(account, browser_map)
    data = nil
    session_cookie_value = nil

    browser_map.each_pair do |browser, lp_data|
                                      Severity: Major
                                      Found in modules/post/multi/gather/lastpass_creds.rb - About 2 hrs to fix

                                        Method exist_and_supported has 64 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def exist_and_supported
    case session.platform
    when 'linux'
      user = session.shell_command('whoami')
      print_status("Current user is #{user}")
                                        Severity: Major
                                        Found in modules/post/multi/manage/dbvis_query.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language