13 Pull requests merged by 9 people

• ProjectSend r1335 - r1605 RCE module

  #19531 merged Nov 21, 2024

• strapi 3.0.0 beta 17.4 password reset (CVE-2019-18818)

  #19654 merged Nov 21, 2024

• Add module: Judge0 sandbox escape CVE-2024-28185, CVE-2024-28189

  #19584 merged Nov 20, 2024

• Add exploit for CVE-2023-28324 (Unauthenticated RCE in Ivanti EPM)

  #19593 merged Nov 20, 2024

• Fix IRB deadlock recursive locking on Ctrl+C

  #19659 merged Nov 19, 2024

• Fix a crash with the admin/dcerpc/icpr_cert module and OpenSSL 3.4.0

  #19624 merged Nov 19, 2024

• Load Readline without a conditional

  #19662 merged Nov 19, 2024

• Deprecate real-readline option

  #19657 merged Nov 19, 2024

• Fix auxiliary/admin/kerberos/get_ticket issue on Windows

  #19658 merged Nov 18, 2024

• Dcsync individual

  #19643 merged Nov 18, 2024

• Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)

  #19640 merged Nov 15, 2024

• Add JetBrains TeamCity HTTP Login Scanner

  #19601 merged Nov 15, 2024

• MS-9862 Ruby on Rails Upgrade Preparation : Migration

  #19645 merged Nov 15, 2024

7 Pull requests opened by 6 people

• Fixing multiple bugs in credential generation + refactoring

  #19653 opened Nov 15, 2024

• Close ssh session on error

  #19656 opened Nov 17, 2024

• Make enum options case normalizing

  #19660 opened Nov 18, 2024

• WordPress Really Simple Security Plugin Authentication Bypass to RCE (CVE-2024-10924)

  #19661 opened Nov 18, 2024

• Exploit module for PAN-OS management interface unauth RCE (CVE-2024-0012 + CVE-2024-9474)

  #19663 opened Nov 19, 2024

• Change/Reset passwords over SMB

  #19666 opened Nov 20, 2024

• Ldap Change Password module

  #19671 opened Nov 22, 2024

7 Issues closed by 5 people

• Auxiliary module of CVE-2019-18818

  #16168 closed Nov 21, 2024

• why metasploit is very slow at startup?

  #19637 closed Nov 21, 2024

• Judge0 sandbox escape

  #19149 closed Nov 20, 2024

• Pyload RCE with js2py sandbox escape [CVE-2024-39205, CVE-2024-28397]

  #19632 closed Nov 19, 2024

• sudo msfdb init [i] Database already started [i] The database appears to be already configured, skipping initialization

  #19468 closed Nov 18, 2024

• LPE: nft_object UAF (CVE-2022-2586) Ubuntu Kernel

  #18467 closed Nov 15, 2024

• LPE nft_object UAF (CVE-2022-32250)

  #18468 closed Nov 15, 2024

5 Issues opened by 5 people

• Linux stageless Metereter is not shellcode

  #19670 opened Nov 21, 2024

• Inconsistencies among mettle arches/stage values and prepend/output types.

  #19669 opened Nov 21, 2024

• ARM32 LE Shared Object template alignment issue

  #19668 opened Nov 20, 2024

• system make ' failed Metasploit & Oracle (ruby-oci8)

  #19655 opened Nov 16, 2024

• Various bugs when using the PASSWORD_SPRAY option

  #19652 opened Nov 15, 2024

24 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Add an exploit module for FortiManager (CVE-2024-47575)

  #19648 commented on Nov 21, 2024 • 10 new comments

• Added module for WSO2 API Manager Documentation File Upload Remote Co…

  #19647 commented on Nov 21, 2024 • 10 new comments

• Give likely Windows versions for SMB v2-3

  #19651 commented on Nov 22, 2024 • 6 new comments

• Primefaces RCE (CVE-2017-1000486)

  #19649 commented on Nov 21, 2024 • 5 new comments

• Add CyberPanel Pre-Auth RCE Exploit Module for (CVE-2024-51378 / CVE-2024-51567 / CVE-2024-51568)

  #19608 commented on Nov 22, 2024 • 4 new comments

• Acronis Cyber Backup/Protect RCE [CVE-2022-3405]

  #19583 commented on Nov 21, 2024 • 3 new comments

• Reline behind a feature flag

  #19559 commented on Nov 20, 2024 • 3 new comments

• Remove hardcoded blockapi hashes and ASM Blockapi

  #19609 commented on Nov 21, 2024 • 1 new comment

• Ivanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection (CVE-2024-37404)

  #19595 commented on Nov 21, 2024 • 1 new comment

• Add Reline autocomplete prompt behind feature flag

  #19403 commented on Nov 18, 2024 • 1 new comment

• vCenter Sudo LPE (CVE-2024-37081)

  #19402 commented on Nov 21, 2024 • 1 new comment

• New module to replicate xspy tool (and x11 library)

  #18877 commented on Nov 21, 2024 • 1 new comment

• CVE-2023-2640, CVE-2023-32629 Game Overlay Ubuntu Privillege Escalation

  #19460 commented on Nov 19, 2024 • 0 new comments

• Update werkzeug rce module

  #19533 commented on Nov 21, 2024 • 0 new comments

• Update the Block API to use the Length Field

  #15602 commented on Nov 20, 2024 • 0 new comments

• Acronis Cyber Backup/Protect Info Disclosure [CVE-2022-30995]

  #19582 commented on Nov 18, 2024 • 0 new comments

• Borrow ideas from NetExec

  #19560 commented on Nov 18, 2024 • 0 new comments

• citrix unauth rce with poc

  #19638 commented on Nov 18, 2024 • 0 new comments

• MS-9682 Upgrade to Ruby on Rails 7.1

  #19626 commented on Nov 15, 2024 • 0 new comments

• Exploit module for IPP attributes remote code execution - OpenPrinting CUPS

  #19630 commented on Nov 21, 2024 • 0 new comments

• Reports of Fetch payloads failing when FETCH_DELETE is set to TRUE

  #19391 commented on Nov 18, 2024 • 0 new comments

• msfdb: `ActiveRecord::StatementInvalid: PG::InsufficientPrivilege: ERROR: permission denied for schema public` + solution

  #19442 commented on Nov 18, 2024 • 0 new comments

• Add in Exploit for CVE-2023-1671 - Pre-Auth RCE in Sophos Web Appliance < 4.3.10.4

  #17962 commented on Nov 17, 2024 • 0 new comments

• Container Rooting + Escape (GameOver(lay)) (CVE-2023-2640, CVE-2023-32629)

  #18765 commented on Nov 15, 2024 • 0 new comments