Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method exploit has 60 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def exploit
    name = datastore["NAME"] || Rex::Text.rand_text_alphanumeric(10)
    display_name = datastore["DISPNAME"] || Rex::Text.rand_text_alphanumeric(10)
    if datastore['TECHNIQUE'] == 'SMB'
      # XXX Find the domain controller
Severity: Major
Found in modules/exploits/windows/local/current_user_psexec.rb - About 2 hrs to fix

    Method initialize has 60 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def initialize(info = {})
    super(
      update_info(
        info,
        {
    Severity: Major
    Found in modules/exploits/windows/local/cve_2022_26904_superprofile.rb - About 2 hrs to fix

      Method exploit has 60 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def exploit
    print_status("Access login page")
    res = send_request_cgi({
      'method' => 'POST',
      'uri'    => normalize_uri(uri, 'jsp', 'Login.do'),
      Severity: Major
      Found in modules/exploits/windows/http/manage_engine_opmanager_rce.rb - About 2 hrs to fix

        Method create_exploit_channel_buffer has 60 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def create_exploit_channel_buffer(target_addr)
    overspray_addr = target_addr + 0x2000
    shellcode_vtbl = target_addr + HEADER_SIZE
    magic_value1 = overspray_addr + 0x810
    magic_value2 = overspray_addr + 0x48
        Severity: Major
        Found in modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb - About 2 hrs to fix

          Method on_request_uri has 60 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def on_request_uri(client, request)

    return if ((p = regenerate_payload(client)) == nil)

    if (request['User-Agent'] =~ /QuickTime/i or request.uri =~ /\.smil$/)
          Severity: Major
          Found in modules/exploits/windows/browser/apple_quicktime_smil_debug.rb - About 2 hrs to fix

            Method initialize has 60 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize( info = {} )
    super( update_info( info,
      'Name'          => 'Sun Java Applet2ClassLoader Remote Code Execution',
      'Description'   => %q{
          This module exploits a vulnerability in the Java Runtime Environment
            Severity: Major
            Found in modules/exploits/windows/browser/java_codebase_trust.rb - About 2 hrs to fix

              Method on_request_uri has 60 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def on_request_uri(cli, request)

    #If not IE, we don't continue
    agent = request.headers['User-Agent']
    if agent !~ /MSIE [6|7]\.0/
              Severity: Major
              Found in modules/exploits/windows/browser/pcvue_func.rb - About 2 hrs to fix

                Method on_request_uri has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def on_request_uri(cli, request)
    agent = request.headers['User-Agent']
    my_target = get_target(agent)

    # Avoid the attack if the victim doesn't have the same setup we're targeting
                Severity: Major
                Found in modules/exploits/windows/browser/adobe_flashplayer_arrayindexing.rb - About 2 hrs to fix

                  Method initialize has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Mozilla Firefox 3.6.16 mChannel Use-After-Free Vulnerability',
      'Description'    => %q{
          This module exploits a use after free vulnerability in Mozilla
                  Severity: Major
                  Found in modules/exploits/windows/browser/mozilla_mchannel.rb - About 2 hrs to fix

                    Method initialize has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(update_info(info,
      'Name'           => 'ISS PAM.dll ICQ Parser Buffer Overflow',
      'Description'    => %q{
          This module exploits a stack buffer overflow in the ISS products that use
                    Severity: Major
                    Found in modules/exploits/windows/firewall/blackice_pam_icq.rb - About 2 hrs to fix

                      Method initialize has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Microsoft OMI Management Interface Authentication Bypass',
                      Severity: Major
                      Found in modules/exploits/linux/local/cve_2021_38648_omigod.rb - About 2 hrs to fix

                        Method initialize has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info = {})
    super(update_info(info,
      'Name'           => 'AF_PACKET chocobo_root Privilege Escalation',
      'Description'    => %q{
        This module exploits a race condition and use-after-free in the
                        Severity: Major
                        Found in modules/exploits/linux/local/af_packet_chocobo_root_priv_esc.rb - About 2 hrs to fix

                          Method initialize has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => "Grandstream GXV31XX 'settimezone' Unauthenticated Command Execution",
                          Severity: Major
                          Found in modules/exploits/linux/http/grandstream_gxv31xx_settimezone_unauth_cmd_exec.rb - About 2 hrs to fix

                            Method request has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def request(cmd,user,pass,uri)
    begin
      res = send_request_cgi({
        'uri'    => uri,
        'method' => 'POST',
                            Severity: Major
                            Found in modules/exploits/linux/http/linksys_wrt54gl_apply_exec.rb - About 2 hrs to fix

                              Method initialize has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info = {})
    super(update_info(info,
      'Name'        => 'D-Link DIR-645 / DIR-815 diagnostic.php Command Execution',
      'Description' => %q{
          Some D-Link Routers are vulnerable to OS Command injection in the web interface.
                              Severity: Major
                              Found in modules/exploits/linux/http/dlink_diagnostic_exec_noauth.rb - About 2 hrs to fix

                                Method cleanup has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def cleanup
    begin
      # Clean up, retrieve token so that the policy can be removed
      print_status("Cleaning up")
      res = send_request_cgi({
                                Severity: Major
                                Found in modules/exploits/linux/http/alienvault_sqli_exec.rb - About 2 hrs to fix

                                  Method cycle_possible_payloads has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def cycle_possible_payloads
    template_base = ::File.join(Msf::Config.data_directory, "exploits", "CVE-2017-17562")
    template_list = []
    template_type = nil
    template_arch = nil
                                  Severity: Major
                                  Found in modules/exploits/linux/http/goahead_ldpreload.rb - About 2 hrs to fix

                                    Method initialize has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection',
                                    Severity: Major
                                    Found in modules/exploits/linux/http/nagios_xi_configwizards_authenticated_rce.rb - About 2 hrs to fix

                                      Method exploit has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def exploit
    print_status("#{peer} - Attempting to exploit #{target.name}")

    # run step 1
    set_cookies
                                      Severity: Major
                                      Found in modules/exploits/linux/http/ibm_qradar_unauth_rce.rb - About 2 hrs to fix

                                        Method initialize has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'H2 Web Interface Create Alias RCE',
                                        Severity: Major
                                        Found in modules/exploits/linux/http/h2_webinterface_rce.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language