Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method initialize has 62 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Oracle Weblogic Apache Connector POST Request Buffer Overflow',
      'Description'    => %q{
          This module exploits a stack based buffer overflow in the BEA
Severity: Major
Found in modules/exploits/windows/http/bea_weblogic_post_bof.rb - About 2 hrs to fix

    Method exploit has 62 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def exploit
    meterp = Rex::Text.rand_text_alpha(10)
    jsp = Rex::Text.rand_text_alpha(10)

    print_status("Getting cookie...")
    Severity: Major
    Found in modules/exploits/windows/http/sepm_auth_bypass_rce.rb - About 2 hrs to fix

      Method initialize has 62 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Softing Secure Integration Server v1.22 Remote Code Execution',
      Severity: Major
      Found in modules/exploits/windows/http/softing_sis_rce.rb - About 2 hrs to fix

        Method initialize has 62 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize(info={})
    super(update_info(info,
      'Name'           => 'HP OpenView Network Node Manager execvp_nc Buffer Overflow',
      'Description'    => %q{
          This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53
        Severity: Major
        Found in modules/exploits/windows/http/hp_nnm_webappmon_execvp.rb - About 2 hrs to fix

          Method initialize has 62 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'PHP CGI Argument Injection Remote Code Execution',
          Severity: Major
          Found in modules/exploits/windows/http/php_cgi_arg_injection_rce_cve_2024_4577.rb - About 2 hrs to fix

            Method on_request_uri has 62 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def on_request_uri(cli, request)
    agent = request.headers['User-Agent']
    my_target = get_target(agent)

    # Avoid the attack if the victim doesn't have the same setup we're targeting
            Severity: Major
            Found in modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb - About 2 hrs to fix

              Method initialize has 62 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def initialize(info = {})
    super( update_info(info,
      'Name'           => 'Quest InTrust Annotation Objects Uninitialized Pointer',
      'Description'    => %q{
          This module exploits an uninitialized variable vulnerability in the
              Severity: Major
              Found in modules/exploits/windows/browser/intrust_annotatex_add.rb - About 2 hrs to fix

                Method initialize has 62 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'NJStar Communicator 3.00 MiniSMTP Buffer Overflow',
      'Description'    => %q{
        This module exploits a stack buffer overflow vulnerability in NJStar Communicator
                Severity: Major
                Found in modules/exploits/windows/smtp/njstar_smtp_bof.rb - About 2 hrs to fix

                  Method initialize has 62 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Poptop Negative Read Overflow',
      'Description'    => %q{
          This is an exploit for the Poptop negative read overflow.  This will
                  Severity: Major
                  Found in modules/exploits/linux/pptp/poptop_negative_read.rb - About 2 hrs to fix

                    Method initialize has 62 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => "glibc '$ORIGIN' Expansion Privilege Escalation",
                    Severity: Major
                    Found in modules/exploits/linux/local/glibc_origin_expansion_priv_esc.rb - About 2 hrs to fix

                      Method exploit has 62 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def exploit
    downfile = datastore['DOWNFILE'] || rand_text_alpha(8+rand(8))
    uri = '/diagnostic.php'

    if target.name =~ /CMD/
                      Severity: Major
                      Found in modules/exploits/linux/http/dlink_diagnostic_exec_noauth.rb - About 2 hrs to fix

                        Method initialize has 62 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Nagios XI Magpie_debug.php Root Remote Code Execution',
                        Severity: Major
                        Found in modules/exploits/linux/http/nagios_xi_magpie_debug.rb - About 2 hrs to fix

                          Method initialize has 62 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'VMware vRealize Operations (vROps) Manager SSRF RCE',
                          Severity: Major
                          Found in modules/exploits/linux/http/vmware_vrops_mgr_ssrf_rce.rb - About 2 hrs to fix

                            Method initialize has 62 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def initialize(info = {})
    super(update_info(info,
      'Name'               => 'Pulse Secure VPN Arbitrary Command Execution',
      'Description'        => %q{
        This module exploits a post-auth command injection in the Pulse Secure
                            Severity: Major
                            Found in modules/exploits/linux/http/pulse_secure_cmd_exec.rb - About 2 hrs to fix

                              Method initialize has 62 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'OpenMetadata authentication bypass and SpEL injection exploit chain',
                              Severity: Major
                              Found in modules/exploits/linux/http/openmetadata_auth_bypass_rce.rb - About 2 hrs to fix

                                Method initialize has 62 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'FLIR AX8 unauthenticated RCE',
                                Severity: Major
                                Found in modules/exploits/linux/http/flir_ax8_unauth_rce_cve_2022_37061.rb - About 2 hrs to fix

                                  Method initialize has 62 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def initialize(info = {})
    super(update_info(info,
      'Name'           => 'NETGEAR WNR2000v5 (Un)authenticated hidden_lang_avi Stack Buffer Overflow',
      'Description'    => %q{
        The NETGEAR WNR2000 router has a stack buffer overflow vulnerability in the hidden_lang_avi
                                  Severity: Major
                                  Found in modules/exploits/linux/http/netgear_wnr2000_rce.rb - About 2 hrs to fix

                                    Method initialize has 62 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Quest Privilege Manager pmmasterd Buffer Overflow',
      'Description'    => %q{
        This modules exploits a buffer overflow in the Quest Privilege Manager,
                                    Severity: Major
                                    Found in modules/exploits/linux/misc/quest_pmmasterd_bof.rb - About 2 hrs to fix

                                      Method initialize has 62 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Microsoft OMI Management Interface Authentication Bypass',
                                      Severity: Major
                                      Found in modules/exploits/linux/misc/cve_2021_38647_omigod.rb - About 2 hrs to fix

                                        Method initialize has 62 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'OS X Manage Sonic Pi',
                                        Severity: Major
                                        Found in modules/post/osx/manage/sonic_pi.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language