Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method initialize has 63 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize( info = {} )
    super( update_info( info,
      'Name'          => 'Java 7 Applet Remote Code Execution',
      'Description'   => %q{
        The exploit takes advantage of two issues in JDK 7: The ClassFinder and
Severity: Major
Found in modules/exploits/multi/browser/java_jre17_exec.rb - About 2 hrs to fix

    Method load_payload_from_url has 63 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def load_payload_from_url(conn_stub)
    vprint_status("Creating javax.management.loading.MLet MBean...")

    begin
      res = send_jmx_create_mbean(
    Severity: Major
    Found in modules/exploits/multi/misc/java_jmx_server.rb - About 2 hrs to fix

      Method initialize has 63 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
    super(update_info(info,
      'Name'            => 'FreeSWITCH Event Socket Command Execution',
      'Description'     => %q{
        This module uses the FreeSWITCH event socket interface
      Severity: Major
      Found in modules/exploits/multi/misc/freeswitch_event_socket_cmd_exec.rb - About 2 hrs to fix

        Method req_teamcity_6_5 has 63 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def req_teamcity_6_5(script_content)
    build_id = Rex::Text.rand_text_numeric(8)
    xml_payload = %(
<?xml version="1.0" encoding="UTF-8"?>
<methodCall>
        Severity: Major
        Found in modules/exploits/multi/misc/teamcity_agent_xmlrpc_exec.rb - About 2 hrs to fix

          Method initialize has 63 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Service Tracing Privilege Elevation Vulnerability',
          Severity: Major
          Found in modules/exploits/windows/local/cve_2020_0668_service_tracing.rb - About 2 hrs to fix

            Method initialize has 63 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation',
            Severity: Major
            Found in modules/exploits/windows/local/dnsadmin_serverlevelplugindll.rb - About 2 hrs to fix

              Method run_host has 63 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def run_host(server)
    if session.extapi
      psh_options = { :remove_comspec => true,
                      :encode_final_payload => true }
    else
              Severity: Major
              Found in modules/exploits/windows/local/wmi.rb - About 2 hrs to fix

                Method exploit has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def exploit
    csrf_tok = authenticate

    # Grab the list of configured policies
    policy_list_uri = normalize_uri(target_uri.path, '/ServletAPI/configuration/policyConfig/getPolicyConfigDetails')
                Severity: Major
                Found in modules/exploits/windows/http/manageengine_adselfservice_plus_cve_2022_28810.rb - About 2 hrs to fix

                  Method exploit has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def exploit
    print_status("Trying target #{target.name}...")

    install_path = get_install_path
    install_path << "help\\English_United States.1252"
                  Severity: Major
                  Found in modules/exploits/windows/http/hp_nnm_ovbuildpath_textfile.rb - About 2 hrs to fix

                    Method initialize has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'FlexDotnetCMS Arbitrary ASP File Upload',
                    Severity: Major
                    Found in modules/exploits/windows/http/flexdotnetcms_upload_exec.rb - About 2 hrs to fix

                      Method on_request_uri has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def on_request_uri(cli, request)
    agent = request.headers['User-Agent']
    my_target = get_target(agent)

    if my_target.nil?
                      Severity: Major
                      Found in modules/exploits/windows/browser/asus_net4switch_ipswcom.rb - About 2 hrs to fix

                        Method exploit has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def exploit
    bufflen = target['BuffLen']
    print_status("Trying to exploit #{target.name} with address 0x%.8x..." % target['Ret'])
    count = 1 # broke
                        Severity: Major
                        Found in modules/exploits/windows/smtp/ms03_046_exchange2000_xexch50.rb - About 2 hrs to fix

                          Method initialize has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Symantec Altiris DS SQL Injection',
                          Severity: Major
                          Found in modules/exploits/windows/misc/altiris_ds_sqli.rb - About 2 hrs to fix

                            Method exploit has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def exploit

    rop_gadgets = [
      # rop chain generated with mona.py
      0x7c346c0a,  # POP EAX # RETN (MSVCR71.dll)
                            Severity: Major
                            Found in modules/exploits/windows/misc/bcaaa_bof.rb - About 2 hrs to fix

                              Method c_code has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def c_code(exe_file)
    c = %Q|
// A few constants/function definitions/structs copied from header files
#define RTLD_NEXT      ((void *) -1l)
extern uintptr_t dlsym(uintptr_t, char*);
                              Severity: Major
                              Found in modules/exploits/linux/local/desktop_privilege_escalation.rb - About 2 hrs to fix

                                Method initialize has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def initialize(info = {})
    super(
      update_info(
        info,
        {
                                Severity: Major
                                Found in modules/exploits/linux/local/vmware_workspace_one_access_cve_2022_22960.rb - About 2 hrs to fix

                                  Method initialize has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Sophos UTM WebAdmin SID Command Injection',
                                  Severity: Major
                                  Found in modules/exploits/linux/http/sophos_utm_webadmin_sid_cmd_injection.rb - About 2 hrs to fix

                                    Method initialize has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Cisco HyperFlex HX Data Platform unauthenticated file upload to RCE (CVE-2021-1499)',
                                    Severity: Major
                                    Found in modules/exploits/linux/http/cisco_hyperflex_file_upload_rce.rb - About 2 hrs to fix

                                      Method initialize has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Apache Superset Signed Cookie RCE',
                                      Severity: Major
                                      Found in modules/exploits/linux/http/apache_superset_cookie_sig_rce.rb - About 2 hrs to fix

                                        Method initialize has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'VyOS restricted-shell Escape and Privilege Escalation',
                                        Severity: Major
                                        Found in modules/exploits/linux/ssh/vyos_restricted_shell_privesc.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language