Browse Source

Revert "Land #6812, remove broken OSVDB references"

This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
Brent Cook 3 years ago
parent
commit
b08d1ad8d8
No account linked to committer's email address
100 changed files with 123 additions and 5 deletions
  1. 1
    1
      data/exploits/php/rfi-locations.dat
  2. 10
    0
      lib/msf/core/db_manager/import/nikto.rb
  3. 4
    0
      lib/msf/core/db_manager/import/nmap.rb
  4. 2
    1
      lib/msf/core/db_manager/module_cache.rb
  5. 5
    3
      lib/msf/core/module/reference.rb
  6. 2
    0
      lib/msf/core/module/search.rb
  7. 1
    0
      lib/msf/ui/console/command_dispatcher/core.rb
  8. 1
    0
      modules/auxiliary/admin/2wire/xslt_password_reset.rb
  9. 1
    0
      modules/auxiliary/admin/android/google_play_store_uxss_xframe_rce.rb
  10. 1
    0
      modules/auxiliary/admin/backupexec/dump.rb
  11. 1
    0
      modules/auxiliary/admin/backupexec/registry.rb
  12. 2
    0
      modules/auxiliary/admin/cisco/vpn_3000_ftp_bypass.rb
  13. 1
    0
      modules/auxiliary/admin/db2/db2rcmd.rb
  14. 4
    0
      modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb
  15. 1
    0
      modules/auxiliary/admin/edirectory/edirectory_edirutil.rb
  16. 1
    0
      modules/auxiliary/admin/emc/alphastor_devicemanager_exec.rb
  17. 1
    0
      modules/auxiliary/admin/emc/alphastor_librarymanager_exec.rb
  18. 1
    0
      modules/auxiliary/admin/hp/hp_data_protector_cmd.rb
  19. 1
    0
      modules/auxiliary/admin/hp/hp_imc_som_create_account.rb
  20. 1
    0
      modules/auxiliary/admin/http/axigen_file_access.rb
  21. 1
    0
      modules/auxiliary/admin/http/contentkeeper_fileaccess.rb
  22. 1
    0
      modules/auxiliary/admin/http/dlink_dir_300_600_exec_noauth.rb
  23. 1
    0
      modules/auxiliary/admin/http/dlink_dir_645_password_extractor.rb
  24. 1
    0
      modules/auxiliary/admin/http/dlink_dsl320b_password_extractor.rb
  25. 1
    0
      modules/auxiliary/admin/http/foreman_openstack_satellite_priv_esc.rb
  26. 1
    0
      modules/auxiliary/admin/http/hp_web_jetadmin_exec.rb
  27. 1
    0
      modules/auxiliary/admin/http/iis_auth_bypass.rb
  28. 1
    0
      modules/auxiliary/admin/http/iomega_storcenterpro_sessionid.rb
  29. 1
    0
      modules/auxiliary/admin/http/jboss_bshdeployer.rb
  30. 1
    0
      modules/auxiliary/admin/http/jboss_deploymentfilerepository.rb
  31. 1
    0
      modules/auxiliary/admin/http/jboss_seam_exec.rb
  32. 1
    0
      modules/auxiliary/admin/http/linksys_e1500_e2500_exec.rb
  33. 1
    0
      modules/auxiliary/admin/http/linksys_tmunblock_admin_reset_bof.rb
  34. 1
    0
      modules/auxiliary/admin/http/linksys_wrt54gl_exec.rb
  35. 1
    0
      modules/auxiliary/admin/http/manage_engine_dc_create_admin.rb
  36. 1
    0
      modules/auxiliary/admin/http/manageengine_dir_listing.rb
  37. 1
    0
      modules/auxiliary/admin/http/manageengine_file_download.rb
  38. 1
    0
      modules/auxiliary/admin/http/manageengine_pmp_privesc.rb
  39. 1
    0
      modules/auxiliary/admin/http/netflow_file_download.rb
  40. 1
    0
      modules/auxiliary/admin/http/netgear_soap_password_extractor.rb
  41. 1
    0
      modules/auxiliary/admin/http/novell_file_reporter_filedelete.rb
  42. 1
    0
      modules/auxiliary/admin/http/openbravo_xxe.rb
  43. 1
    0
      modules/auxiliary/admin/http/rails_devise_pass_reset.rb
  44. 1
    0
      modules/auxiliary/admin/http/scrutinizer_add_user.rb
  45. 1
    0
      modules/auxiliary/admin/http/sophos_wpa_traversal.rb
  46. 1
    0
      modules/auxiliary/admin/http/tomcat_utf8_traversal.rb
  47. 2
    0
      modules/auxiliary/admin/http/trendmicro_dlp_traversal.rb
  48. 1
    0
      modules/auxiliary/admin/http/typo3_sa_2009_001.rb
  49. 1
    0
      modules/auxiliary/admin/http/typo3_sa_2009_002.rb
  50. 1
    0
      modules/auxiliary/admin/http/vbulletin_upgrade_admin.rb
  51. 1
    0
      modules/auxiliary/admin/kerberos/ms14_068_kerberos_checksum.rb
  52. 1
    0
      modules/auxiliary/admin/maxdb/maxdb_cons_exec.rb
  53. 1
    0
      modules/auxiliary/admin/misc/sercomm_dump_config.rb
  54. 1
    0
      modules/auxiliary/admin/motorola/wr850g_cred.rb
  55. 1
    0
      modules/auxiliary/admin/ms/ms08_059_his2006.rb
  56. 1
    0
      modules/auxiliary/admin/officescan/tmlisten_traversal.rb
  57. 1
    0
      modules/auxiliary/admin/oracle/osb_execqr.rb
  58. 2
    0
      modules/auxiliary/admin/oracle/osb_execqr2.rb
  59. 1
    0
      modules/auxiliary/admin/oracle/osb_execqr3.rb
  60. 1
    0
      modules/auxiliary/admin/pop2/uw_fileretrieval.rb
  61. 1
    0
      modules/auxiliary/admin/sap/sap_configservlet_exec_noauth.rb
  62. 1
    0
      modules/auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.rb
  63. 1
    0
      modules/auxiliary/admin/scada/ge_proficy_substitute_traversal.rb
  64. 1
    0
      modules/auxiliary/admin/serverprotect/file.rb
  65. 1
    0
      modules/auxiliary/admin/smb/psexec_command.rb
  66. 1
    0
      modules/auxiliary/admin/smb/samba_symlink_traversal.rb
  67. 1
    0
      modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb
  68. 1
    0
      modules/auxiliary/admin/tikiwiki/tikidblib.rb
  69. 1
    0
      modules/auxiliary/admin/vnc/realvnc_41_bypass.rb
  70. 1
    0
      modules/auxiliary/admin/vxworks/apple_airport_extreme_password.rb
  71. 1
    0
      modules/auxiliary/admin/vxworks/dlink_i2eye_autoanswer.rb
  72. 1
    0
      modules/auxiliary/admin/vxworks/wdbrpc_memory_dump.rb
  73. 1
    0
      modules/auxiliary/admin/vxworks/wdbrpc_reboot.rb
  74. 1
    0
      modules/auxiliary/admin/webmin/edit_html_fileaccess.rb
  75. 1
    0
      modules/auxiliary/admin/webmin/file_disclosure.rb
  76. 1
    0
      modules/auxiliary/admin/zend/java_bridge.rb
  77. 1
    0
      modules/auxiliary/dos/cisco/ios_http_percentpercent.rb
  78. 1
    0
      modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb
  79. 1
    0
      modules/auxiliary/dos/freebsd/nfsd/nfsd_mount.rb
  80. 1
    0
      modules/auxiliary/dos/hp/data_protector_rds.rb
  81. 1
    0
      modules/auxiliary/dos/http/3com_superstack_switch.rb
  82. 1
    0
      modules/auxiliary/dos/http/apache_mod_isapi.rb
  83. 1
    0
      modules/auxiliary/dos/http/apache_range_dos.rb
  84. 1
    0
      modules/auxiliary/dos/http/apache_tomcat_transfer_encoding.rb
  85. 1
    0
      modules/auxiliary/dos/http/dell_openmanage_post.rb
  86. 1
    0
      modules/auxiliary/dos/http/monkey_headers.rb
  87. 1
    0
      modules/auxiliary/dos/http/nodejs_pipelining.rb
  88. 1
    0
      modules/auxiliary/dos/http/rails_action_view.rb
  89. 1
    0
      modules/auxiliary/dos/http/rails_json_float_dos.rb
  90. 1
    0
      modules/auxiliary/dos/http/sonicwall_ssl_format.rb
  91. 1
    0
      modules/auxiliary/dos/http/webrick_regex.rb
  92. 1
    0
      modules/auxiliary/dos/http/wordpress_long_password_dos.rb
  93. 1
    0
      modules/auxiliary/dos/mdns/avahi_portzero.rb
  94. 1
    0
      modules/auxiliary/dos/misc/dopewars.rb
  95. 1
    0
      modules/auxiliary/dos/misc/ibm_sametime_webplayer_dos.rb
  96. 1
    0
      modules/auxiliary/dos/misc/ibm_tsm_dos.rb
  97. 1
    0
      modules/auxiliary/dos/misc/memcached.rb
  98. 1
    0
      modules/auxiliary/dos/ntp/ntpd_reserved_dos.rb
  99. 1
    0
      modules/auxiliary/dos/pptp/ms02_063_pptp_dos.rb
  100. 0
    0
      modules/auxiliary/dos/samba/lsa_addprivs_heap.rb

+ 1
- 1
data/exploits/php/rfi-locations.dat View File

@@ -1,4 +1,4 @@
1
-# Compiled by RSnake 02/01/2010 Mostly from milw0rm and elsewhere.
1
+# Compiled by RSnake 02/01/2010 Mostly from milw0rm osvdb.org and elsewhere.
2 2
 # Change XXpathXX to the path of your backdoor.  Note that you may need to 
3 3
 # try it against every directory on the target and because of how this was
4 4
 # culled you may need to add a question mark to your own XXpathXX URL:

+ 10
- 0
lib/msf/core/db_manager/import/nikto.rb View File

@@ -40,6 +40,16 @@ module Msf::DBManager::Import::Nikto
40 40
             }
41 41
             # Always report it as a note.
42 42
             report_note(desc_data)
43
+            # Sometimes report it as a vuln, too.
44
+            # XXX: There's a Vuln.info field but nothing reads from it? See Bug #5837
45
+            if item.attributes['osvdbid'].to_i != 0
46
+              desc_data[:refs] = ["OSVDB-#{item.attributes['osvdbid']}"]
47
+              desc_data[:name] = "NIKTO-#{item.attributes['id']}"
48
+              desc_data.delete(:data)
49
+              desc_data.delete(:type)
50
+              desc_data.delete(:update)
51
+              report_vuln(desc_data)
52
+            end
43 53
           end
44 54
         end
45 55
       end

+ 4
- 0
lib/msf/core/db_manager/import/nmap.rb View File

@@ -182,6 +182,7 @@ module Msf::DBManager::Import::Nmap
182 182
                 :info => 'Microsoft Windows Server Service Crafted RPC Request Handling Unspecified Remote Code Execution',
183 183
                 :refs =>['CVE-2008-4250',
184 184
                   'BID-31874',
185
+                  'OSVDB-49243',
185 186
                   'CWE-94',
186 187
                   'MSFT-MS08-067',
187 188
                   'MSF-Microsoft Server Service Relative Path Stack Corruption',
@@ -203,6 +204,8 @@ module Msf::DBManager::Import::Nmap
203 204
                   'BID-18325',
204 205
                   'BID-18358',
205 206
                   'BID-18424',
207
+                  'OSVDB-26436',
208
+                  'OSVDB-26437',
206 209
                   'MSFT-MS06-025',
207 210
                   'MSF-Microsoft RRAS Service RASMAN Registry Overflow',
208 211
                   'NSS-21689']
@@ -221,6 +224,7 @@ module Msf::DBManager::Import::Nmap
221 224
                 :info => 'Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution',
222 225
                 # Add more refs based on nessus/nexpose .. results
223 226
                 :refs =>['CVE-2007-1748',
227
+                  'OSVDB-34100',
224 228
                   'MSF-Microsoft DNS RPC Service extractQuotedChar()',
225 229
                   'NSS-25168']
226 230
               }

+ 2
- 1
lib/msf/core/db_manager/module_cache.rb View File

@@ -158,6 +158,7 @@ module Msf::DBManager::ModuleCache
158 158
   # +edb+:: Matches modules with the given Exploit-DB ID.
159 159
   # +name+:: Matches modules with the given full name or name.
160 160
   # +os+, +platform+:: Matches modules with the given platform or target name.
161
+  # +osvdb+:: Matches modules with the given OSVDB ID.
161 162
   # +ref+:: Matches modules with the given reference ID.
162 163
   # +type+:: Matches modules with the given type.
163 164
   #
@@ -276,7 +277,7 @@ module Msf::DBManager::ModuleCache
276 277
 
277 278
             query = query.includes(:refs).references(:refs)
278 279
             union_conditions << Mdm::Module::Ref.arel_table[:name].matches_any(formatted_values)
279
-          when 'cve', 'bid', 'edb'
280
+          when 'cve', 'bid', 'osvdb', 'edb'
280 281
             formatted_values = value_set.collect { |value|
281 282
               prefix = keyword.upcase
282 283
 

+ 5
- 3
lib/msf/core/module/reference.rb View File

@@ -77,7 +77,7 @@ class Msf::Module::SiteReference < Msf::Module::Reference
77 77
 
78 78
   #
79 79
   # Initializes a site reference from an array.  ary[0] is the site and
80
-  # ary[1] is the site context identifier, such as CVE.
80
+  # ary[1] is the site context identifier, such as OSVDB.
81 81
   #
82 82
   def self.from_a(ary)
83 83
     return nil if (ary.length < 2)
@@ -95,7 +95,9 @@ class Msf::Module::SiteReference < Msf::Module::Reference
95 95
     self.ctx_id  = in_ctx_id
96 96
     self.ctx_val = in_ctx_val
97 97
 
98
-    if (in_ctx_id == 'CVE')
98
+    if (in_ctx_id == 'OSVDB')
99
+      self.site = "http://www.osvdb.org/#{in_ctx_val}"
100
+    elsif (in_ctx_id == 'CVE')
99 101
       self.site = "http://cvedetails.com/cve/#{in_ctx_val}/"
100 102
     elsif (in_ctx_id == 'CWE')
101 103
       self.site = "https://cwe.mitre.org/data/definitions/#{in_ctx_val}.html"
@@ -148,7 +150,7 @@ class Msf::Module::SiteReference < Msf::Module::Reference
148 150
   #
149 151
   attr_reader :site
150 152
   #
151
-  # The context identifier of the site, such as CVE.
153
+  # The context identifier of the site, such as OSVDB.
152 154
   #
153 155
   attr_reader :ctx_id
154 156
   #

+ 2
- 0
lib/msf/core/module/search.rb View File

@@ -86,6 +86,8 @@ module Msf::Module::Search
86 86
               match = [t,w] if refs.any? { |ref| ref =~ /^cve\-/i and ref =~ r }
87 87
             when 'bid'
88 88
               match = [t,w] if refs.any? { |ref| ref =~ /^bid\-/i and ref =~ r }
89
+            when 'osvdb'
90
+              match = [t,w] if refs.any? { |ref| ref =~ /^osvdb\-/i and ref =~ r }
89 91
             when 'edb'
90 92
               match = [t,w] if refs.any? { |ref| ref =~ /^edb\-/i and ref =~ r }
91 93
           end

+ 1
- 0
lib/msf/ui/console/command_dispatcher/core.rb View File

@@ -1615,6 +1615,7 @@ class Core
1615 1615
       'cve'      => 'Modules with a matching CVE ID',
1616 1616
       'edb'      => 'Modules with a matching Exploit-DB ID',
1617 1617
       'name'     => 'Modules with a matching descriptive name',
1618
+      'osvdb'    => 'Modules with a matching OSVDB ID',
1618 1619
       'platform' => 'Modules affecting this platform',
1619 1620
       'ref'      => 'Modules with a matching ref',
1620 1621
       'type'     => 'Modules of a specific type (exploit, auxiliary, or post)',

+ 1
- 0
modules/auxiliary/admin/2wire/xslt_password_reset.rb View File

@@ -26,6 +26,7 @@ class MetasploitModule < Msf::Auxiliary
26 26
       'References'     =>
27 27
         [
28 28
           [ 'CVE', '2007-4387' ],
29
+          [ 'OSVDB', '37667' ],
29 30
           [ 'BID', '36075' ],
30 31
           [ 'URL', 'http://seclists.org/bugtraq/2007/Aug/225' ],
31 32
         ],

+ 1
- 0
modules/auxiliary/admin/android/google_play_store_uxss_xframe_rce.rb View File

@@ -38,6 +38,7 @@ class MetasploitModule < Msf::Auxiliary
38 38
       'References' => [
39 39
         [ 'URL', 'https://community.rapid7.com/community/metasploit/blog/2014/09/15/major-android-bug-is-a-privacy-disaster-cve-2014-6041'],
40 40
         [ 'URL', 'http://1337day.com/exploit/description/22581' ],
41
+        [ 'OSVDB', '110664' ],
41 42
         [ 'CVE', '2014-6041' ]
42 43
       ],
43 44
       'DefaultAction'  => 'WebServer'

+ 1
- 0
modules/auxiliary/admin/backupexec/dump.rb View File

@@ -27,6 +27,7 @@ class MetasploitModule < Msf::Auxiliary
27 27
       'References'     =>
28 28
         [
29 29
           ['CVE', '2005-2611'],
30
+          ['OSVDB', '18695'],
30 31
           ['BID', '14551'],
31 32
           ['URL', 'http://www.fpns.net/willy/msbksrc.lzh'],
32 33
         ],

+ 1
- 0
modules/auxiliary/admin/backupexec/registry.rb View File

@@ -26,6 +26,7 @@ class MetasploitModule < Msf::Auxiliary
26 26
       'License'        => MSF_LICENSE,
27 27
       'References'     =>
28 28
         [
29
+          [ 'OSVDB', '17627' ],
29 30
           [ 'CVE', '2005-0771' ],
30 31
           [ 'URL', 'http://www.idefense.com/application/poi/display?id=269&type=vulnerabilities'],
31 32
         ],

+ 2
- 0
modules/auxiliary/admin/cisco/vpn_3000_ftp_bypass.rb View File

@@ -28,6 +28,8 @@ class MetasploitModule < Msf::Auxiliary
28 28
         [
29 29
           [ 'BID', '19680' ],
30 30
           [ 'CVE', '2006-4313' ],
31
+          [ 'OSVDB', '28139' ],
32
+          [ 'OSVDB', '28138' ]
31 33
         ],
32 34
       'DisclosureDate' => 'Aug 23 2006'))
33 35
 

+ 1
- 0
modules/auxiliary/admin/db2/db2rcmd.rb View File

@@ -23,6 +23,7 @@ class MetasploitModule < Msf::Auxiliary
23 23
       'References'     =>
24 24
         [
25 25
           [ 'CVE', '2004-0795' ],
26
+          [ 'OSVDB', '4180' ],
26 27
           [ 'BID', '9821' ],
27 28
         ],
28 29
       'DisclosureDate' => 'Mar 4 2004'))

+ 4
- 0
modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb View File

@@ -20,6 +20,10 @@ class MetasploitModule < Msf::Auxiliary
20 20
       this module, wait until the real administrator logs in, then specify the
21 21
       predicted cookie value to hijack their session.
22 22
       },
23
+      'References'     =>
24
+        [
25
+          ['OSVDB', '60035'],
26
+        ],
23 27
       'Author'         => 'hdm',
24 28
       'License'        => MSF_LICENSE
25 29
     ))

+ 1
- 0
modules/auxiliary/admin/edirectory/edirectory_edirutil.rb View File

@@ -22,6 +22,7 @@ class MetasploitModule < Msf::Auxiliary
22 22
         [
23 23
           [ 'CVE', '2008-0926' ],
24 24
           [ 'BID', '28441' ],
25
+          [ 'OSVDB', '43690' ]
25 26
         ],
26 27
       'Author'         =>
27 28
         [

+ 1
- 0
modules/auxiliary/admin/emc/alphastor_devicemanager_exec.rb View File

@@ -22,6 +22,7 @@ class MetasploitModule < Msf::Auxiliary
22 22
       'References'     =>
23 23
         [
24 24
           [ 'URL', 'http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=703' ],
25
+          [ 'OSVDB', '45715' ],
25 26
           [ 'CVE', '2008-2157' ],
26 27
           [ 'BID', '29398' ],
27 28
         ],

+ 1
- 0
modules/auxiliary/admin/emc/alphastor_librarymanager_exec.rb View File

@@ -23,6 +23,7 @@ class MetasploitModule < Msf::Auxiliary
23 23
         [
24 24
           [ 'URL', 'http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=703' ],
25 25
           [ 'CVE', '2008-2157' ],
26
+          [ 'OSVDB', '45715' ],
26 27
           [ 'BID', '29398' ],
27 28
         ],
28 29
       'DisclosureDate' => 'May 27 2008'))

+ 1
- 0
modules/auxiliary/admin/hp/hp_data_protector_cmd.rb View File

@@ -31,6 +31,7 @@ class MetasploitModule < Msf::Auxiliary
31 31
       'References'     =>
32 32
         [
33 33
           [ 'CVE', '2011-0923' ],
34
+          [ 'OSVDB', '72526' ],
34 35
           [ 'ZDI', '11-055' ],
35 36
           [ 'URL', 'http://hackarandas.com/blog/2011/08/04/hp-data-protector-remote-shell-for-hpux' ]
36 37
         ],

+ 1
- 0
modules/auxiliary/admin/hp/hp_imc_som_create_account.rb View File

@@ -23,6 +23,7 @@ class MetasploitModule < Msf::Auxiliary
23 23
       'References'     =>
24 24
         [
25 25
           [ 'CVE', '2013-4824' ],
26
+          [ 'OSVDB', '98249' ],
26 27
           [ 'BID', '62902' ],
27 28
           [ 'ZDI', '13-240' ],
28 29
           [ 'URL', 'https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03943547' ]

+ 1
- 0
modules/auxiliary/admin/http/axigen_file_access.rb View File

@@ -29,6 +29,7 @@ class MetasploitModule < Msf::Auxiliary
29 29
         [
30 30
           [ 'US-CERT-VU', '586556' ],
31 31
           [ 'CVE', '2012-4940' ],
32
+          [ 'OSVDB', '86802' ]
32 33
         ],
33 34
       'Actions'     =>
34 35
         [

+ 1
- 0
modules/auxiliary/admin/http/contentkeeper_fileaccess.rb View File

@@ -20,6 +20,7 @@ class MetasploitModule < Msf::Auxiliary
20 20
         },
21 21
       'References'   =>
22 22
         [
23
+          [ 'OSVDB', '54551' ],
23 24
           [ 'URL', 'http://www.aushack.com/200904-contentkeeper.txt' ],
24 25
         ],
25 26
       'Author'      => [ 'patrick' ],

+ 1
- 0
modules/auxiliary/admin/http/dlink_dir_300_600_exec_noauth.rb View File

@@ -24,6 +24,7 @@ class MetasploitModule < Msf::Auxiliary
24 24
       'License'         => MSF_LICENSE,
25 25
       'References'      =>
26 26
         [
27
+          [ 'OSVDB', '89861' ],
27 28
           [ 'EDB', '24453' ],
28 29
           [ 'URL', 'http://www.dlink.com/uk/en/home-solutions/connect/routers/dir-600-wireless-n-150-home-router' ],
29 30
           [ 'URL', 'http://www.s3cur1ty.de/home-network-horror-days' ],

+ 1
- 0
modules/auxiliary/admin/http/dlink_dir_645_password_extractor.rb View File

@@ -20,6 +20,7 @@ class MetasploitModule < Msf::Auxiliary
20 20
       },
21 21
       'References'  =>
22 22
         [
23
+          [ 'OSVDB', '90733' ],
23 24
           [ 'BID', '58231' ],
24 25
           [ 'PACKETSTORM', '120591' ]
25 26
         ],

+ 1
- 0
modules/auxiliary/admin/http/dlink_dsl320b_password_extractor.rb View File

@@ -21,6 +21,7 @@ class MetasploitModule < Msf::Auxiliary
21 21
       'References'  =>
22 22
         [
23 23
           [ 'EDB', '25252' ],
24
+          [ 'OSVDB', '93013' ],
24 25
           [ 'URL', 'http://www.s3cur1ty.de/m1adv2013-018' ]
25 26
         ],
26 27
       'Author'      => [

+ 1
- 0
modules/auxiliary/admin/http/foreman_openstack_satellite_priv_esc.rb View File

@@ -26,6 +26,7 @@ class MetasploitModule < Msf::Auxiliary
26 26
           ['BID', '60835'],
27 27
           ['CVE', '2013-2113'],
28 28
           ['CWE', '915'],
29
+          ['OSVDB', '94655'],
29 30
           ['URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=966804'],
30 31
           ['URL', 'http://projects.theforeman.org/issues/2630']
31 32
         ],

+ 1
- 0
modules/auxiliary/admin/http/hp_web_jetadmin_exec.rb View File

@@ -26,6 +26,7 @@ class MetasploitModule < Msf::Auxiliary
26 26
       'License'        => MSF_LICENSE,
27 27
       'References'     =>
28 28
         [
29
+          [ 'OSVDB', '5798' ],
29 30
           [ 'BID', '10224' ],
30 31
           #[ 'CVE', '' ],# No CVE!
31 32
           [ 'EDB', '294' ]

+ 1
- 0
modules/auxiliary/admin/http/iis_auth_bypass.rb View File

@@ -20,6 +20,7 @@ class MetasploitModule < Msf::Auxiliary
20 20
       'References'     =>
21 21
         [
22 22
           [ 'CVE', '2010-2731' ],
23
+          [ 'OSVDB', '66160' ],
23 24
           [ 'MSB', 'MS10-065' ],
24 25
           [ 'URL', 'http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/' ]
25 26
         ],

+ 1
- 0
modules/auxiliary/admin/http/iomega_storcenterpro_sessionid.rb View File

@@ -20,6 +20,7 @@ class MetasploitModule < Msf::Auxiliary
20 20
         },
21 21
       'References'  =>
22 22
         [
23
+          [ 'OSVDB', '55586' ],
23 24
           [ 'CVE', '2009-2367' ],
24 25
         ],
25 26
       'Author'      => [ 'patrick' ],

+ 1
- 0
modules/auxiliary/admin/http/jboss_bshdeployer.rb View File

@@ -24,6 +24,7 @@ class MetasploitModule < Msf::Auxiliary
24 24
       'References'    =>
25 25
         [
26 26
           [ 'CVE', '2010-0738' ], # using a VERB other than GET/POST
27
+          [ 'OSVDB', '64171' ],
27 28
           [ 'URL', 'http://www.redteam-pentesting.de/publications/jboss' ],
28 29
           [ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=574105' ]
29 30
         ],

+ 1
- 0
modules/auxiliary/admin/http/jboss_deploymentfilerepository.rb View File

@@ -23,6 +23,7 @@ class MetasploitModule < Msf::Auxiliary
23 23
       'References'    =>
24 24
         [
25 25
           [ 'CVE', '2010-0738' ], # using a VERB other than GET/POST
26
+          [ 'OSVDB', '64171' ],
26 27
           [ 'URL', 'http://www.redteam-pentesting.de/publications/jboss' ],
27 28
           [ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=574105' ]
28 29
         ],

+ 1
- 0
modules/auxiliary/admin/http/jboss_seam_exec.rb View File

@@ -31,6 +31,7 @@ class MetasploitModule < Msf::Auxiliary
31 31
       'References'      =>
32 32
         [
33 33
           [ 'CVE', '2010-1871' ],
34
+          [ 'OSVDB', '66881']
34 35
         ],
35 36
       'DefaultTarget'  => 0,
36 37
       'DisclosureDate' => 'Jul 19 2010'))

+ 1
- 0
modules/auxiliary/admin/http/linksys_e1500_e2500_exec.rb View File

@@ -23,6 +23,7 @@ class MetasploitModule < Msf::Auxiliary
23 23
       'License'         => MSF_LICENSE,
24 24
       'References'      =>
25 25
         [
26
+          [ 'OSVDB', '89912' ],
26 27
           [ 'BID', '57760' ],
27 28
           [ 'EDB', '24475' ],
28 29
           [ 'URL', 'http://www.s3cur1ty.de/m1adv2013-004' ]

+ 1
- 0
modules/auxiliary/admin/http/linksys_tmunblock_admin_reset_bof.rb View File

@@ -27,6 +27,7 @@ class MetasploitModule < Msf::Auxiliary
27 27
       'References'      =>
28 28
         [
29 29
           [ 'EDB', '31758' ],
30
+          [ 'OSVDB', '103521' ],
30 31
           [ 'URL', 'http://www.devttys0.com/2014/02/wrt120n-fprintf-stack-overflow/' ] # a huge amount of details about this vulnerability and the original exploit
31 32
         ],
32 33
       'DisclosureDate' => 'Feb 19 2014'))

+ 1
- 0
modules/auxiliary/admin/http/linksys_wrt54gl_exec.rb View File

@@ -33,6 +33,7 @@ class MetasploitModule < Msf::Auxiliary
33 33
           [ 'URL', 'http://www.s3cur1ty.de/attacking-linksys-wrt54gl' ],
34 34
           [ 'EDB', '24202' ],
35 35
           [ 'BID', '57459' ],
36
+          [ 'OSVDB', '89421' ]
36 37
         ],
37 38
       'DefaultTarget'  => 0,
38 39
       'DisclosureDate' => 'Jan 18 2013'))

+ 1
- 0
modules/auxiliary/admin/http/manage_engine_dc_create_admin.rb View File

@@ -26,6 +26,7 @@ class MetasploitModule < Msf::Auxiliary
26 26
       'References'   =>
27 27
         [
28 28
           ['CVE', '2014-7862'],
29
+          ['OSVDB', '116554'],
29 30
           ['URL', 'http://seclists.org/fulldisclosure/2015/Jan/2'],
30 31
           ['URL', 'https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt'],
31 32
         ],

+ 1
- 0
modules/auxiliary/admin/http/manageengine_dir_listing.rb View File

@@ -35,6 +35,7 @@ class MetasploitModule < Msf::Auxiliary
35 35
       'References'     =>
36 36
         [
37 37
           ['CVE', '2014-7863'],
38
+          ['OSVDB', '117696'],
38 39
           ['URL', 'http://seclists.org/fulldisclosure/2015/Jan/114'],
39 40
           ['URL', 'https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_failservlet.txt']
40 41
         ],

+ 1
- 0
modules/auxiliary/admin/http/manageengine_file_download.rb View File

@@ -33,6 +33,7 @@ class MetasploitModule < Msf::Auxiliary
33 33
       'References'     =>
34 34
         [
35 35
           ['CVE', '2014-7863'],
36
+          ['OSVDB', '117695'],
36 37
           ['URL', 'http://seclists.org/fulldisclosure/2015/Jan/114'],
37 38
           ['URL', 'https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_failservlet.txt']
38 39
         ],

+ 1
- 0
modules/auxiliary/admin/http/manageengine_pmp_privesc.rb View File

@@ -33,6 +33,7 @@ class MetasploitModule < Msf::Auxiliary
33 33
       'References' =>
34 34
         [
35 35
           [ 'CVE', '2014-8499' ],
36
+          [ 'OSVDB', '114485' ],
36 37
           [ 'URL', 'http://seclists.org/fulldisclosure/2014/Nov/18' ],
37 38
           [ 'URL', 'https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_pmp_privesc.txt' ],
38 39
         ],

+ 1
- 0
modules/auxiliary/admin/http/netflow_file_download.rb View File

@@ -27,6 +27,7 @@ class MetasploitModule < Msf::Auxiliary
27 27
       'References'     =>
28 28
         [
29 29
           [ 'CVE', '2014-5445' ],
30
+          [ 'OSVDB', '115340' ],
30 31
           [ 'URL', 'http://seclists.org/fulldisclosure/2014/Dec/9' ],
31 32
           [ 'URL', 'https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_netflow_it360_file_dl.txt' ]
32 33
         ],

+ 1
- 0
modules/auxiliary/admin/http/netgear_soap_password_extractor.rb View File

@@ -32,6 +32,7 @@ class MetasploitModule < Msf::Auxiliary
32 32
       'References'  =>
33 33
         [
34 34
           [ 'BID', '72640' ],
35
+          [ 'OSVDB', '118316' ],
35 36
           [ 'URL', 'https://github.com/darkarnium/secpub/tree/master/NetGear/SOAPWNDR' ]
36 37
         ],
37 38
       'Author'      =>

+ 1
- 0
modules/auxiliary/admin/http/novell_file_reporter_filedelete.rb View File

@@ -26,6 +26,7 @@ class MetasploitModule < Msf::Auxiliary
26 26
       'References'     =>
27 27
         [
28 28
           [ 'CVE', '2011-2750' ],
29
+          [ 'OSVDB', '73729' ],
29 30
           [ 'URL', 'http://aluigi.org/adv/nfr_2-adv.txt'],
30 31
         ]
31 32
       ))

+ 1
- 0
modules/auxiliary/admin/http/openbravo_xxe.rb View File

@@ -30,6 +30,7 @@ class MetasploitModule < Msf::Auxiliary
30 30
       'References' =>
31 31
         [
32 32
           ['CVE', '2013-3617'],
33
+          ['OSVDB', '99141'],
33 34
           ['BID', '63431'],
34 35
           ['URL', 'https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats']
35 36
         ],

+ 1
- 0
modules/auxiliary/admin/http/rails_devise_pass_reset.rb View File

@@ -38,6 +38,7 @@ class MetasploitModule < Msf::Auxiliary
38 38
       'References'     =>
39 39
         [
40 40
           [ 'CVE', '2013-0233'],
41
+          [ 'OSVDB', '89642' ],
41 42
           [ 'BID', '57577' ],
42 43
           [ 'URL', 'http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/'],
43 44
           [ 'URL', 'http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html'],

+ 1
- 0
modules/auxiliary/admin/http/scrutinizer_add_user.rb View File

@@ -20,6 +20,7 @@ class MetasploitModule < Msf::Auxiliary
20 20
       'References'     =>
21 21
         [
22 22
           [ 'CVE', '2012-2626' ],
23
+          [ 'OSVDB', '84318' ],
23 24
           [ 'URL', 'https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt' ]
24 25
         ],
25 26
       'Author'         =>

+ 1
- 0
modules/auxiliary/admin/http/sophos_wpa_traversal.rb View File

@@ -28,6 +28,7 @@ class MetasploitModule < Msf::Auxiliary
28 28
       'References'  =>
29 29
         [
30 30
           [ 'CVE', '2013-2641' ],
31
+          [ 'OSVDB', '91953' ],
31 32
           [ 'BID', '58833' ],
32 33
           [ 'EDB', '24932' ],
33 34
           [ 'URL', 'http://www.sophos.com/en-us/support/knowledgebase/118969.aspx' ],

+ 1
- 0
modules/auxiliary/admin/http/tomcat_utf8_traversal.rb View File

@@ -28,6 +28,7 @@ class MetasploitModule < Msf::Auxiliary
28 28
       'References'  =>
29 29
         [
30 30
           [ 'URL', 'http://tomcat.apache.org/' ],
31
+          [ 'OSVDB', '47464' ],
31 32
           [ 'CVE', '2008-2938' ],
32 33
           [ 'URL', 'http://www.securityfocus.com/archive/1/499926' ],
33 34
         ],

+ 2
- 0
modules/auxiliary/admin/http/trendmicro_dlp_traversal.rb View File

@@ -25,6 +25,8 @@ class MetasploitModule < Msf::Auxiliary
25 25
       'References'  =>
26 26
         [
27 27
           [ 'URL', 'http://tomcat.apache.org/' ],
28
+          [ 'OSVDB', '47464' ],
29
+          [ 'OSVDB', '73447' ],
28 30
           [ 'CVE', '2008-2938' ],
29 31
           [ 'URL', 'http://www.securityfocus.com/archive/1/499926' ],
30 32
           [ 'EDB', '17388' ],

+ 1
- 0
modules/auxiliary/admin/http/typo3_sa_2009_001.rb View File

@@ -20,6 +20,7 @@ class MetasploitModule < Msf::Auxiliary
20 20
       },
21 21
       'References'     =>
22 22
         [
23
+          ['OSVDB', '51536'],
23 24
           ['URL', 'http://blog.c22.cc/advisories/typo3-sa-2009-001'],
24 25
           ['URL', 'http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/'],
25 26
         ],

+ 1
- 0
modules/auxiliary/admin/http/typo3_sa_2009_002.rb View File

@@ -22,6 +22,7 @@ class MetasploitModule < Msf::Auxiliary
22 22
       'License'        => MSF_LICENSE,
23 23
       'References'     =>
24 24
         [
25
+          ['OSVDB', '52048'],
25 26
           ['CVE', '2009-0815'],
26 27
           ['URL', 'http://secunia.com/advisories/33829/'],
27 28
           ['EDB', '8038'],

+ 1
- 0
modules/auxiliary/admin/http/vbulletin_upgrade_admin.rb View File

@@ -27,6 +27,7 @@ class MetasploitModule < Msf::Auxiliary
27 27
       'References'     =>
28 28
         [
29 29
           [ 'URL', 'http://blog.imperva.com/2013/10/threat-advisory-a-vbulletin-exploit-administrator-injection.html'],
30
+          [ 'OSVDB', '98370' ],
30 31
           [ 'URL', 'http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5']
31 32
         ],
32 33
       'DisclosureDate' => 'Oct 09 2013'))

+ 1
- 0
modules/auxiliary/admin/kerberos/ms14_068_kerberos_checksum.rb View File

@@ -32,6 +32,7 @@ class MetasploitModule < Msf::Auxiliary
32 32
         [
33 33
           ['CVE', '2014-6324'],
34 34
           ['MSB', 'MS14-068'],
35
+          ['OSVDB', '114751'],
35 36
           ['URL', 'http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx'],
36 37
           ['URL', 'https://labs.mwrinfosecurity.com/blog/2014/12/16/digging-into-ms14-068-exploitation-and-defence/'],
37 38
           ['URL', 'https://github.com/bidord/pykek'],

+ 1
- 0
modules/auxiliary/admin/maxdb/maxdb_cons_exec.rb View File

@@ -21,6 +21,7 @@ class MetasploitModule < Msf::Auxiliary
21 21
       'License'        => MSF_LICENSE,
22 22
       'References'     =>
23 23
         [
24
+          ['OSVDB', '40210' ],
24 25
           ['BID', '27206'],
25 26
           ['CVE', '2008-0244'],
26 27
         ],

+ 1
- 0
modules/auxiliary/admin/misc/sercomm_dump_config.rb View File

@@ -52,6 +52,7 @@ class MetasploitModule < Msf::Auxiliary
52 52
         ],
53 53
       'References'     =>
54 54
         [
55
+          [ 'OSVDB', '101653' ],
55 56
           [ 'URL', 'https://github.com/elvanderb/TCP-32764' ]
56 57
         ],
57 58
       'DisclosureDate' => "Dec 31 2013" ))

+ 1
- 0
modules/auxiliary/admin/motorola/wr850g_cred.rb View File

@@ -23,6 +23,7 @@ class MetasploitModule < Msf::Auxiliary
23 23
       'License'        => MSF_LICENSE,
24 24
       'References'     => [
25 25
           [ 'CVE', '2004-1550' ],
26
+          [ 'OSVDB', '10232' ],
26 27
           [ 'URL', 'http://seclists.org/bugtraq/2004/Sep/0339.html'],
27 28
       ],
28 29
       'DisclosureDate' => 'Sep 24 2004'))

+ 1
- 0
modules/auxiliary/admin/ms/ms08_059_his2006.rb View File

@@ -25,6 +25,7 @@ class MetasploitModule < Msf::Auxiliary
25 25
         [
26 26
           [ 'MSB', 'MS08-059' ],
27 27
           [ 'CVE', '2008-3466' ],
28
+          [ 'OSVDB', '49068' ],
28 29
           [ 'URL', 'http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745' ],
29 30
         ],
30 31
       'DisclosureDate' => 'Oct 14 2008'))

+ 1
- 0
modules/auxiliary/admin/officescan/tmlisten_traversal.rb View File

@@ -21,6 +21,7 @@ class MetasploitModule < Msf::Auxiliary
21 21
       },
22 22
       'References'  =>
23 23
         [
24
+          [ 'OSVDB', '48730' ],
24 25
           [ 'CVE', '2008-2439' ],
25 26
           [ 'BID', '31531' ],
26 27
           [ 'URL', 'http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1372_Readme.txt' ],

+ 1
- 0
modules/auxiliary/admin/oracle/osb_execqr.rb View File

@@ -20,6 +20,7 @@ class MetasploitModule < Msf::Auxiliary
20 20
       'References'     =>
21 21
         [
22 22
           [ 'CVE', '2008-5448' ],
23
+          [ 'OSVDB', '51342' ],
23 24
           [ 'URL', 'http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html' ],
24 25
           [ 'ZDI', '09-003' ],
25 26
         ],

+ 2
- 0
modules/auxiliary/admin/oracle/osb_execqr2.rb View File

@@ -23,7 +23,9 @@ class MetasploitModule < Msf::Auxiliary
23 23
       'References'     =>
24 24
         [
25 25
           [ 'CVE', '2009-1977' ],
26
+          [ 'OSVDB', '55903' ],
26 27
           [ 'CVE', '2009-1978' ],
28
+          [ 'OSVDB', '55904' ],
27 29
           [ 'ZDI', '09-058' ],
28 30
           [ 'ZDI', '09-059' ],
29 31
         ],

+ 1
- 0
modules/auxiliary/admin/oracle/osb_execqr3.rb View File

@@ -23,6 +23,7 @@ class MetasploitModule < Msf::Auxiliary
23 23
       'References'     =>
24 24
         [
25 25
           [ 'CVE', '2010-0904' ],
26
+          [ 'OSVDB', '66338'],
26 27
           [ 'ZDI', '10-118' ],
27 28
         ],
28 29
       'DisclosureDate' => 'Jul 13 2010'))

+ 1
- 0
modules/auxiliary/admin/pop2/uw_fileretrieval.rb View File

@@ -26,6 +26,7 @@ class MetasploitModule < Msf::Auxiliary
26 26
       'License'        => MSF_LICENSE,
27 27
       'References'     =>
28 28
         [
29
+          [ 'OSVDB', '368' ],
29 30
           [ 'BID', '1484' ],
30 31
         ],
31 32
       'DisclosureDate' => 'Jul 14 2000'))

+ 1
- 0
modules/auxiliary/admin/sap/sap_configservlet_exec_noauth.rb View File

@@ -24,6 +24,7 @@ class MetasploitModule < Msf::Auxiliary
24 24
       'License'         => MSF_LICENSE,
25 25
       'References'      =>
26 26
         [
27
+          [ 'OSVDB', '92704' ],
27 28
           [ 'EDB', '24963' ],
28 29
           [ 'URL', 'http://erpscan.com/wp-content/uploads/2012/11/Breaking-SAP-Portal-HackerHalted-2012.pdf']
29 30
         ],

+ 1
- 0
modules/auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.rb View File

@@ -25,6 +25,7 @@ class MetasploitModule < Msf::Auxiliary
25 25
         [
26 26
           [ 'CVE', '2014-0763' ],
27 27
           [ 'ZDI', '14-077' ],
28
+          [ 'OSVDB', '105572' ],
28 29
           [ 'BID', '66740' ],
29 30
           [ 'URL', 'https://ics-cert.us-cert.gov/advisories/ICSA-14-079-03' ]
30 31
         ],

+ 1
- 0
modules/auxiliary/admin/scada/ge_proficy_substitute_traversal.rb View File

@@ -28,6 +28,7 @@ class MetasploitModule < Msf::Auxiliary
28 28
       'References'  =>
29 29
         [
30 30
           [ 'CVE', '2013-0653' ],
31
+          [ 'OSVDB', '89490' ],
31 32
           [ 'BID', '57505' ],
32 33
           [ 'URL', 'http://ics-cert.us-cert.gov/advisories/ICSA-13-022-02' ]
33 34
         ],

+ 1
- 0
modules/auxiliary/admin/serverprotect/file.rb View File

@@ -29,6 +29,7 @@ class MetasploitModule < Msf::Auxiliary
29 29
       'References'     =>
30 30
         [
31 31
           [ 'CVE', '2007-6507' ],
32
+          [ 'OSVDB', '44318' ],
32 33
           [ 'ZDI', '07-077'],
33 34
         ],
34 35
       'Actions'        =>

+ 1
- 0
modules/auxiliary/admin/smb/psexec_command.rb View File

@@ -34,6 +34,7 @@ class MetasploitModule < Msf::Auxiliary
34 34
       'License'        => MSF_LICENSE,
35 35
       'References'     => [
36 36
         [ 'CVE', '1999-0504'], # Administrator with no password (since this is the default)
37
+        [ 'OSVDB', '3106'],
37 38
         [ 'URL', 'http://www.accuvant.com/blog/2012/11/13/owning-computers-without-shell-access' ],
38 39
         [ 'URL', 'http://sourceforge.net/projects/smbexec/' ],
39 40
         [ 'URL', 'http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx' ]

+ 1
- 0
modules/auxiliary/admin/smb/samba_symlink_traversal.rb View File

@@ -34,6 +34,7 @@ class MetasploitModule < Msf::Auxiliary
34 34
         ],
35 35
       'References'  =>
36 36
         [
37
+          ['OSVDB', '62145'],
37 38
           ['URL', 'http://www.samba.org/samba/news/symlink_attack.html']
38 39
         ],
39 40
       'License'     => MSF_LICENSE

+ 1
- 0
modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb View File

@@ -32,6 +32,7 @@ class MetasploitModule < Msf::Auxiliary
32 32
       'References'     =>
33 33
         [
34 34
           ['CVE', '2003-0027'],
35
+          ['OSVDB', '8201'],
35 36
           ['BID', '6665'],
36 37
           ['URL', 'http://marc.info/?l=bugtraq&m=104326556329850&w=2']
37 38
         ],

+ 1
- 0
modules/auxiliary/admin/tikiwiki/tikidblib.rb View File

@@ -23,6 +23,7 @@ class MetasploitModule < Msf::Auxiliary
23 23
       'License'        => MSF_LICENSE,
24 24
       'References'     =>
25 25
         [
26
+          ['OSVDB', '30172'],
26 27
           ['BID', '20858'],
27 28
           ['CVE', '2006-5702'],
28 29
           ['URL', 'http://secunia.com/advisories/22678/'],

+ 1
- 0
modules/auxiliary/admin/vnc/realvnc_41_bypass.rb View File

@@ -29,6 +29,7 @@ class MetasploitModule < Msf::Auxiliary
29 29
       'References'     =>
30 30
         [
31 31
           ['BID', '17978'],
32
+          ['OSVDB', '25479'],
32 33
           ['URL', 'http://secunia.com/advisories/20107/'],
33 34
           ['CVE', '2006-2369'],
34 35
         ],

+ 1
- 0
modules/auxiliary/admin/vxworks/apple_airport_extreme_password.rb View File

@@ -26,6 +26,7 @@ class MetasploitModule < Msf::Auxiliary
26 26
       'License'        => MSF_LICENSE,
27 27
       'References'     =>
28 28
         [
29
+          ['OSVDB', '66842'],
29 30
           ['URL', 'http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html'],
30 31
           ['US-CERT-VU', '362332']
31 32
         ]

+ 1
- 0
modules/auxiliary/admin/vxworks/dlink_i2eye_autoanswer.rb View File

@@ -26,6 +26,7 @@ class MetasploitModule < Msf::Auxiliary
26 26
       'License'        => MSF_LICENSE,
27 27
       'References'     =>
28 28
         [
29
+          ['OSVDB', '66842'],
29 30
           ['URL', 'http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html'],
30 31
           ['US-CERT-VU', '362332']
31 32
         ]

+ 1
- 0
modules/auxiliary/admin/vxworks/wdbrpc_memory_dump.rb View File

@@ -21,6 +21,7 @@ class MetasploitModule < Msf::Auxiliary
21 21
       'License'        => MSF_LICENSE,
22 22
       'References'     =>
23 23
         [
24
+          ['OSVDB', '66842'],
24 25
           ['URL', 'http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html'],
25 26
           ['US-CERT-VU', '362332']
26 27
         ],

+ 1
- 0
modules/auxiliary/admin/vxworks/wdbrpc_reboot.rb View File

@@ -23,6 +23,7 @@ class MetasploitModule < Msf::Auxiliary
23 23
       'License'        => MSF_LICENSE,
24 24
       'References'     =>
25 25
         [
26
+          ['OSVDB', '66842'],
26 27
           ['URL', 'http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html'],
27 28
           ['US-CERT-VU', '362332']
28 29
         ],

+ 1
- 0
modules/auxiliary/admin/webmin/edit_html_fileaccess.rb View File

@@ -27,6 +27,7 @@ class MetasploitModule < Msf::Auxiliary
27 27
       'License'        => MSF_LICENSE,
28 28
       'References'     =>
29 29
         [
30
+          ['OSVDB', '85247'],
30 31
           ['BID', '55446'],
31 32
           ['CVE', '2012-2983'],
32 33
           ['URL', 'http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf'],

+ 1
- 0
modules/auxiliary/admin/webmin/file_disclosure.rb View File

@@ -26,6 +26,7 @@ class MetasploitModule < Msf::Auxiliary
26 26
       'License'        => MSF_LICENSE,
27 27
       'References'     =>
28 28
         [
29
+          ['OSVDB', '26772'],
29 30
           ['BID', '18744'],
30 31
           ['CVE', '2006-3392'],
31 32
           ['US-CERT-VU', '999601'],

+ 1
- 0
modules/auxiliary/admin/zend/java_bridge.rb View File

@@ -23,6 +23,7 @@ class MetasploitModule < Msf::Auxiliary
23 23
       'License'        => MSF_LICENSE,
24 24
       'References'     =>
25 25
         [
26
+          [ 'OSVDB', '71420'],
26 27
           [ 'ZDI', '11-113' ],
27 28
           [ 'EDB', '17078' ],
28 29
         ],

+ 1
- 0
modules/auxiliary/dos/cisco/ios_http_percentpercent.rb View File

@@ -27,6 +27,7 @@ class MetasploitModule < Msf::Auxiliary
27 27
         [
28 28
           [ 'BID', '1154'],
29 29
           [ 'CVE', '2000-0380'],
30
+          [ 'OSVDB', '1302' ],
30 31
         ],
31 32
       'DisclosureDate' => 'Apr 26 2000'))
32 33
 

+ 1
- 0
modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb View File

@@ -29,6 +29,7 @@ class MetasploitModule < Msf::Auxiliary
29 29
       'References'    =>
30 30
         [
31 31
           [ 'CVE', '2010-2156' ],
32
+          [ 'OSVDB', '65246'],
32 33
           [ 'EDB', '14185']
33 34
         ]
34 35
     )

+ 1
- 0
modules/auxiliary/dos/freebsd/nfsd/nfsd_mount.rb View File

@@ -24,6 +24,7 @@ class MetasploitModule < Msf::Auxiliary
24 24
       'References'     =>
25 25
         [
26 26
           [ 'BID', '16838' ],
27
+          [ 'OSVDB', '23511' ],
27 28
           [ 'CVE', '2006-0900' ],
28 29
         ]))
29 30
 

+ 1
- 0
modules/auxiliary/dos/hp/data_protector_rds.rb View File

@@ -27,6 +27,7 @@ class MetasploitModule < Msf::Auxiliary
27 27
       'References'  =>
28 28
         [
29 29
           [ 'CVE', '2011-0514' ],
30
+          [ 'OSVDB', '70617' ],
30 31
           [ 'EDB', '15940' ],
31 32
         ],
32 33
       'DisclosureDate' => 'Jan 8 2011' ))

+ 1
- 0
modules/auxiliary/dos/http/3com_superstack_switch.rb View File

@@ -28,6 +28,7 @@ class MetasploitModule < Msf::Auxiliary
28 28
       'References'     =>
29 29
         [
30 30
           # patrickw - I am not sure if these are correct, but the closest match!
31
+          [ 'OSVDB', '7246' ],
31 32
           [ 'CVE', '2004-2691' ],
32 33
           [ 'URL', 'http://support.3com.com/infodeli/tools/switches/dna1695-0aaa17.pdf' ],
33 34
         ],

+ 1
- 0
modules/auxiliary/dos/http/apache_mod_isapi.rb View File

@@ -44,6 +44,7 @@ class MetasploitModule < Msf::Auxiliary
44 44
       'References'     =>
45 45
         [
46 46
           [ 'CVE', '2010-0425' ],
47
+          [ 'OSVDB', '62674'],
47 48
           [ 'BID', '38494' ],
48 49
           [ 'URL', 'https://issues.apache.org/bugzilla/show_bug.cgi?id=48509' ],
49 50
           [ 'URL', 'http://www.gossamer-threads.com/lists/apache/cvs/381537' ],

+ 1
- 0
modules/auxiliary/dos/http/apache_range_dos.rb View File

@@ -40,6 +40,7 @@ class MetasploitModule < Msf::Auxiliary
40 40
           [ 'BID', '49303'],
41 41
           [ 'CVE', '2011-3192'],
42 42
           [ 'EDB', '17696'],
43
+          [ 'OSVDB', '74721' ],
43 44
         ],
44 45
       'DisclosureDate' => 'Aug 19 2011'
45 46
     ))

+ 1
- 0
modules/auxiliary/dos/http/apache_tomcat_transfer_encoding.rb View File

@@ -29,6 +29,7 @@ class MetasploitModule < Msf::Auxiliary
29 29
       'References'     =>
30 30
         [
31 31
           [ 'CVE', '2010-2227' ],
32
+          [ 'OSVDB', '66319' ],
32 33
           [ 'BID', '41544' ]
33 34
         ],
34 35
       'DisclosureDate' => 'Jul 09 2010'))

+ 1
- 0
modules/auxiliary/dos/http/dell_openmanage_post.rb View File

@@ -29,6 +29,7 @@ class MetasploitModule < Msf::Auxiliary
29 29
         [
30 30
           [ 'URL', 'http://archives.neohapsis.com/archives/bugtraq/2004-02/0650.html' ],
31 31
           [ 'BID', '9750' ],
32
+          [ 'OSVDB', '4077' ],
32 33
           [ 'CVE', '2004-0331' ],
33 34
         ],
34 35
       'DisclosureDate' => 'Feb 26 2004'))

+ 1
- 0
modules/auxiliary/dos/http/monkey_headers.rb View File

@@ -25,6 +25,7 @@ class MetasploitModule < Msf::Auxiliary
25 25
       'References'     =>
26 26
         [
27 27
           ['CVE', '2013-3843'],
28
+          ['OSVDB', '93853'],
28 29
           ['BID', '60333']
29 30
         ],
30 31
       'DisclosureDate' => 'May 30 2013'))

+ 1
- 0
modules/auxiliary/dos/http/nodejs_pipelining.rb View File

@@ -30,6 +30,7 @@ class MetasploitModule < Msf::Auxiliary
30 30
       'References'     =>
31 31
         [
32 32
           [ 'CVE', '2013-4450' ],
33
+          [ 'OSVDB', '98724' ],
33 34
           [ 'BID' , '63229' ],
34 35
           [ 'URL', 'http://blog.nodejs.org/2013/10/22/cve-2013-4450-http-server-pipeline-flood-dos' ]
35 36
         ],

+ 1
- 0
modules/auxiliary/dos/http/rails_action_view.rb View File

@@ -30,6 +30,7 @@ class MetasploitModule < Msf::Auxiliary
30 30
       'References'     =>
31 31
         [
32 32
           [ 'CVE', '2013-6414' ],
33
+          [ 'OSVDB', '100525' ],
33 34
           [ 'BID', '64074' ],
34 35
           [ 'URL', 'http://seclists.org/oss-sec/2013/q4/400' ],
35 36
           [ 'URL', 'https://github.com/rails/rails/commit/bee3b7f9371d1e2ddcfe6eaff5dcb26c0a248068' ]

+ 1
- 0
modules/auxiliary/dos/http/rails_json_float_dos.rb View File

@@ -30,6 +30,7 @@ class MetasploitModule < Msf::Auxiliary
30 30
       'References'     =>
31 31
         [
32 32
           [ 'CVE', '2013-4164' ],
33
+          [ 'OSVDB', '100113' ],
33 34
           [ 'URL', 'https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/' ]
34 35
         ],
35 36
       'DisclosureDate' => 'Nov 22 2013'))

+ 1
- 0
modules/auxiliary/dos/http/sonicwall_ssl_format.rb View File

@@ -26,6 +26,7 @@ class MetasploitModule < Msf::Auxiliary
26 26
       'References'     => [
27 27
         [ 'BID', '35145' ],
28 28
         #[ 'CVE', '' ], # no CVE?
29
+        [ 'OSVDB', '54881' ],
29 30
         [ 'URL', 'http://www.aushack.com/200905-sonicwall.txt' ],
30 31
       ],
31 32
       'DisclosureDate' => 'May 29 2009'))

+ 1
- 0
modules/auxiliary/dos/http/webrick_regex.rb View File

@@ -24,6 +24,7 @@ class MetasploitModule < Msf::Auxiliary
24 24
       'References'     => [
25 25
         [ 'BID', '30644'],
26 26
         [ 'CVE', '2008-3656'],
27
+        [ 'OSVDB', '47471' ],
27 28
         [ 'URL', 'http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/']
28 29
       ],
29 30
       'DisclosureDate' => 'Aug 08 2008'))

+ 1
- 0
modules/auxiliary/dos/http/wordpress_long_password_dos.rb View File

@@ -27,6 +27,7 @@ class MetasploitModule < Msf::Auxiliary
27 27
       'References'      =>
28 28
         [
29 29
           ['URL', 'http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9034'],
30
+          ['OSVDB', '114857'],
30 31
           ['WPVDB', '7681']
31 32
         ],
32 33
       'DisclosureDate'  => 'Nov 20 2014'

+ 1
- 0
modules/auxiliary/dos/mdns/avahi_portzero.rb View File

@@ -21,6 +21,7 @@ class MetasploitModule < Msf::Auxiliary
21 21
       'License'     => MSF_LICENSE,
22 22
       'References'  => [
23 23
         [ 'CVE', '2008-5081' ],
24
+        [ 'OSVDB', '50929' ],
24 25
       ],
25 26
       'DisclosureDate' => 'Nov 14 2008')
26 27
 

+ 1
- 0
modules/auxiliary/dos/misc/dopewars.rb View File

@@ -22,6 +22,7 @@ class MetasploitModule < Msf::Auxiliary
22 22
       'References'	 =>
23 23
         [
24 24
           [ 'CVE', '2009-3591' ],
25
+          [ 'OSVDB', '58884' ],
25 26
           [ 'BID', '36606' ]
26 27
         ],
27 28
       'DisclosureDate' => "Oct 05 2009" ))

+ 1
- 0
modules/auxiliary/dos/misc/ibm_sametime_webplayer_dos.rb View File

@@ -45,6 +45,7 @@ class MetasploitModule < Msf::Auxiliary
45 45
       'References'   =>
46 46
         [
47 47
           [ 'CVE', '2013-3986' ],
48
+          [ 'OSVDB', '99552' ],
48 49
           [ 'BID', '63611'],
49 50
           [ 'URL', 'http://www-01.ibm.com/support/docview.wss?uid=swg21654041' ],
50 51
           [ 'URL', 'http://xforce.iss.net/xforce/xfdb/84969' ]

+ 1
- 0
modules/auxiliary/dos/misc/ibm_tsm_dos.rb View File

@@ -26,6 +26,7 @@ class MetasploitModule < Msf::Auxiliary
26 26
       'References'     =>
27 27
         [
28 28
           ['EDB', '38979'],
29
+          ['OSVDB', '132307']
29 30
         ],
30 31
       'DisclosureDate' => "Dec 15 2015",
31 32
     ))

+ 1
- 0
modules/auxiliary/dos/misc/memcached.rb View File

@@ -23,6 +23,7 @@ class MetasploitModule < Msf::Auxiliary
23 23
         [
24 24
           [ 'URL', 'https://code.google.com/p/memcached/issues/detail?id=192' ],
25 25
           [ 'CVE', '2011-4971' ],
26
+          [ 'OSVDB', '92867' ]
26 27
         ],
27 28
       'Author'       => [ 'Gregory Man <man.gregory[at]gmail.com>' ],
28 29
       'License'      => MSF_LICENSE

+ 1
- 0
modules/auxiliary/dos/ntp/ntpd_reserved_dos.rb View File

@@ -29,6 +29,7 @@ class MetasploitModule < Msf::Auxiliary
29 29
         [
30 30
           [ 'BID', '37255' ],
31 31
           [ 'CVE', '2009-3563' ],
32
+          [ 'OSVDB', '60847' ],
32 33
           [ 'URL', 'https://support.ntp.org/bugs/show_bug.cgi?id=1331' ]
33 34
         ],
34 35
       'DisclosureDate' => 'Oct 04 2009'))

+ 1
- 0
modules/auxiliary/dos/pptp/ms02_063_pptp_dos.rb View File

@@ -26,6 +26,7 @@ class MetasploitModule < Msf::Auxiliary
26 26
       [
27 27
         [ 'BID', '5807' ],
28 28
         [ 'CVE', '2002-1214' ],
29
+        [ 'OSVDB', '13422' ],
29 30
         [ 'MSB', 'MS02-063' ],
30 31
       ],
31 32
       'DisclosureDate' => 'Sep 26 2002'))

+ 0
- 0
modules/auxiliary/dos/samba/lsa_addprivs_heap.rb View File


Some files were not shown because too many files changed in this diff

Loading…
Cancel
Save