metasploit-framework
metasploit-framework copied to clipboard
rapid7
Metasploit Framework
This module exploits CVE-2024-7593, an authentication bypass vulnerability in Ivanti vADC 9.9. The vulnerability allows an attacker to create new admin users without proper authentication. rubocop executed, 1 file inspected,...
I was expecting to deliver full stageless payloads with PSH + web_delivery but it seems there is a command line limit restriction in the way. ``` use multi/script/web_delivery set TARGET...
This PR builds on the Readline to Reline refactor here: https://github.com/rapid7/metasploit-framework/pull/19397 This PR adds a new feature flag, that when enabled, will result in valid options that can be tab-completed...
Due to the planned work of replacing the Readline library with Reline (see here: https://github.com/rapid7/metasploit-framework/pull/19397), we will be deprecating and removing the `--real-readline / -L` option from MSF Console. If...
The pinned build 'LTSB 14393 x64' is vulnerable to MS17-010, however the Metasploit module doesn't support it. Nor has support for x86 variants. I have old release of msf (6.3.44)...
## Summary chain 3 bugs to get RCE and creds from ServiceNow instances through Jelly template injection ### Basic example All the details are well written and explained here: https://www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data...
## Summary This RCE looks pretty simple, is cleartext, and gets RCE with low permissions. ### Basic example https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44 ``` Action: Login Username: testuser Secret: testuser Action: Originate Channel: Local/700@parkedcalls...
## Summary A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML...
I would like more information included in the github documentation about how to use/leverage/deploy or integrate the Browser Exploit Server into existing instances of Metasploit. Useful Links: - [Wiki: browser_exploit_server](https://github.com/rapid7/metasploit-framework/blob/a7d255bbe5537822c614ede71933fdc6597dd369/lib/msf/core/exploit/remote/browser_exploit_server.rb)...
## Summary 3 new RCEs in Apache Kafka UI ### Basic example https://github.blog/security/vulnerability-research/3-ways-to-get-remote-code-execution-in-kafka-ui/ ### Motivation RCE is king