Skip to content

Commit 0ee4415

Browse files
msjenkins-r7msjenkins-r7
committed
automatic module_metadata_base.json update
1 parent 8e2dbbb commit 0ee4415

File tree

1 file changed

+101
-22
lines changed

1 file changed

+101
-22
lines changed

db/modules_metadata_base.json

Lines changed: 101 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -54968,7 +54968,7 @@
5496854968
],
5496954969
"platform": "",
5497054970
"arch": "",
54971-
"rport": null,
54971+
"rport": 445,
5497254972
"autofilter_ports": [
5497354973
139,
5497454974
445
@@ -54978,7 +54978,7 @@
5497854978
"microsoft-ds"
5497954979
],
5498054980
"targets": null,
54981-
"mod_time": "2024-02-02 14:26:43 +0000",
54981+
"mod_time": "2024-09-17 09:59:42 +0000",
5498254982
"path": "/modules/auxiliary/scanner/smb/smb_enumusers_domain.rb",
5498354983
"is_install_path": true,
5498454984
"ref_name": "scanner/smb/smb_enumusers_domain",
@@ -63477,7 +63477,7 @@
6347763477

6347863478
],
6347963479
"platform": "All",
63480-
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r",
63480+
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r, riscv32be, riscv32le, riscv64be, riscv64le, loongarch64",
6348163481
"rport": null,
6348263482
"autofilter_ports": null,
6348363483
"autofilter_services": null,
@@ -63511,7 +63511,7 @@
6351163511

6351263512
],
6351363513
"platform": "All",
63514-
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r",
63514+
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r, riscv32be, riscv32le, riscv64be, riscv64le, loongarch64",
6351563515
"rport": null,
6351663516
"autofilter_ports": null,
6351763517
"autofilter_services": null,
@@ -82530,6 +82530,71 @@
8253082530
"session_types": false,
8253182531
"needs_cleanup": null
8253282532
},
82533+
"exploit_linux/http/traccar_rce_upload": {
82534+
"name": "Traccar v5 Remote Code Execution (CVE-2024-31214 and CVE-2024-24809)",
82535+
"fullname": "exploit/linux/http/traccar_rce_upload",
82536+
"aliases": [
82537+
82538+
],
82539+
"rank": 600,
82540+
"disclosure_date": "2024-08-23",
82541+
"type": "exploit",
82542+
"author": [
82543+
"Michael Heinzl",
82544+
"yiliufeng168",
82545+
"Naveen Sunkavally"
82546+
],
82547+
"description": "Remote Code Execution in Traccar v5.1 - v5.12.\n Remote code execution can be obtained by combining two vulnerabilities: A path traversal vulnerability (CVE-2024-24809) and an unrestricted file upload vulnerability (CVE-2024-31214).\n By default, the application allows self-registration, enabling any user to register an account and exploit the issues. Moreover, the application runs by default with root privileges, potentially resulting in a complete system compromise.\n This module, which should work on any Red Hat-based Linux system, exploits these issues by adding a new cronjob file that executes the specified payload.",
82548+
"references": [
82549+
"URL-https://github.com/traccar/traccar/security/advisories/GHSA-vhrw-72f6-gwp5",
82550+
"URL-https://github.com/traccar/traccar/security/advisories/GHSA-3gxq-f2qj-c8v9",
82551+
"URL-https://www.horizon3.ai/attack-research/disclosures/traccar-5-remote-code-execution-vulnerabilities/",
82552+
"CVE-2024-31214",
82553+
"CVE-2024-24809"
82554+
],
82555+
"platform": "Linux",
82556+
"arch": "cmd",
82557+
"rport": 8082,
82558+
"autofilter_ports": [
82559+
80,
82560+
8080,
82561+
443,
82562+
8000,
82563+
8888,
82564+
8880,
82565+
8008,
82566+
3000,
82567+
8443
82568+
],
82569+
"autofilter_services": [
82570+
"http",
82571+
"https"
82572+
],
82573+
"targets": [
82574+
"Linux Command"
82575+
],
82576+
"mod_time": "2024-09-23 18:12:01 +0000",
82577+
"path": "/modules/exploits/linux/http/traccar_rce_upload.rb",
82578+
"is_install_path": true,
82579+
"ref_name": "linux/http/traccar_rce_upload",
82580+
"check": true,
82581+
"post_auth": true,
82582+
"default_credential": false,
82583+
"notes": {
82584+
"Stability": [
82585+
"crash-safe"
82586+
],
82587+
"Reliability": [
82588+
"event-dependent"
82589+
],
82590+
"SideEffects": [
82591+
"ioc-in-logs",
82592+
"config-changes"
82593+
]
82594+
},
82595+
"session_types": false,
82596+
"needs_cleanup": true
82597+
},
8253382598
"exploit_linux/http/trend_micro_imsva_exec": {
8253482599
"name": "Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution",
8253582600
"fullname": "exploit/linux/http/trend_micro_imsva_exec",
@@ -98129,7 +98194,7 @@
9812998194
"URL-https://www.youtube.com/watch?v=mkX3dO6KN54"
9813098195
],
9813198196
"platform": "Android,Apple_iOS,BSD,Java,JavaScript,Linux,Mainframe,Multi,NodeJS,OSX,PHP,Python,Ruby,Solaris,Unix,Windows",
98132-
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r",
98197+
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r, riscv32be, riscv32le, riscv64be, riscv64le, loongarch64",
9813398198
"rport": null,
9813498199
"autofilter_ports": [
9813598200

@@ -98171,7 +98236,7 @@
9817198236

9817298237
],
9817398238
"platform": "Android,Apple_iOS,BSD,Java,JavaScript,Linux,Mainframe,Multi,NodeJS,OSX,PHP,Python,Ruby,Solaris,Unix,Windows",
98174-
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r",
98239+
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r, riscv32be, riscv32le, riscv64be, riscv64le, loongarch64",
9817598240
"rport": null,
9817698241
"autofilter_ports": [
9817798242

@@ -116342,7 +116407,7 @@
116342116407
"URL-https://www.virtualbox.org/manual/ch04.html#sharedfolders"
116343116408
],
116344116409
"platform": "Ruby",
116345-
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r",
116410+
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r, riscv32be, riscv32le, riscv64be, riscv64le, loongarch64",
116346116411
"rport": null,
116347116412
"autofilter_ports": [
116348116413

@@ -202561,7 +202626,7 @@
202561202626
"URL-https://www.sempervictus.com/single-post/a-serial-case-of-air-on-the-side-channel"
202562202627
],
202563202628
"platform": "Unix",
202564-
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r",
202629+
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r, riscv32be, riscv32le, riscv64be, riscv64le, loongarch64",
202565202630
"rport": null,
202566202631
"autofilter_ports": null,
202567202632
"autofilter_services": null,
@@ -232395,7 +232460,7 @@
232395232460

232396232461
],
232397232462
"platform": "All",
232398-
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, java, ruby, dalvik, python, nodejs, firefox, zarch, r",
232463+
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, java, ruby, dalvik, python, nodejs, firefox, zarch, r, riscv32be, riscv32le, riscv64be, riscv64le, loongarch64",
232399232464
"rport": null,
232400232465
"autofilter_ports": null,
232401232466
"autofilter_services": null,
@@ -232467,7 +232532,7 @@
232467232532
"URL-https://www.sempervictus.com/single-post/once-upon-a-cloudy-air-i-crossed-a-gap-which-wasn-t-there"
232468232533
],
232469232534
"platform": "All",
232470-
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r",
232535+
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r, riscv32be, riscv32le, riscv64be, riscv64le, loongarch64",
232471232536
"rport": null,
232472232537
"autofilter_ports": null,
232473232538
"autofilter_services": null,
@@ -232503,7 +232568,7 @@
232503232568

232504232569
],
232505232570
"platform": "All",
232506-
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, java, ruby, dalvik, python, nodejs, firefox, zarch, r",
232571+
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, java, ruby, dalvik, python, nodejs, firefox, zarch, r, riscv32be, riscv32le, riscv64be, riscv64le, loongarch64",
232507232572
"rport": null,
232508232573
"autofilter_ports": null,
232509232574
"autofilter_services": null,
@@ -232539,7 +232604,7 @@
232539232604

232540232605
],
232541232606
"platform": "All",
232542-
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, java, ruby, dalvik, python, nodejs, firefox, zarch, r",
232607+
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, java, ruby, dalvik, python, nodejs, firefox, zarch, r, riscv32be, riscv32le, riscv64be, riscv64le, loongarch64",
232543232608
"rport": null,
232544232609
"autofilter_ports": null,
232545232610
"autofilter_services": null,
@@ -232575,7 +232640,7 @@
232575232640

232576232641
],
232577232642
"platform": "All",
232578-
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r",
232643+
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r, riscv32be, riscv32le, riscv64be, riscv64le, loongarch64",
232579232644
"rport": null,
232580232645
"autofilter_ports": null,
232581232646
"autofilter_services": null,
@@ -237350,7 +237415,7 @@
237350237415

237351237416
],
237352237417
"platform": "Multi",
237353-
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r",
237418+
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r, riscv32be, riscv32le, riscv64be, riscv64le, loongarch64",
237354237419
"rport": null,
237355237420
"autofilter_ports": null,
237356237421
"autofilter_services": null,
@@ -237388,7 +237453,7 @@
237388237453

237389237454
],
237390237455
"platform": "Multi",
237391-
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r",
237456+
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r, riscv32be, riscv32le, riscv64be, riscv64le, loongarch64",
237392237457
"rport": null,
237393237458
"autofilter_ports": null,
237394237459
"autofilter_services": null,
@@ -256490,7 +256555,7 @@
256490256555
"autofilter_ports": null,
256491256556
"autofilter_services": null,
256492256557
"targets": null,
256493-
"mod_time": "2023-02-08 13:47:34 +0000",
256558+
"mod_time": "2024-08-13 15:51:09 +0000",
256494256559
"path": "/modules/post/linux/manage/pseudo_shell.rb",
256495256560
"is_install_path": true,
256496256561
"ref_name": "linux/manage/pseudo_shell",
@@ -259304,30 +259369,40 @@
259304259369
"aliases": [
259305259370

259306259371
],
259307-
"rank": 300,
259372+
"rank": 600,
259308259373
"disclosure_date": null,
259309259374
"type": "post",
259310259375
"author": [
259311-
"Eliott Teissonniere"
259376+
"Eliott Teissonniere",
259377+
"Julien Voisin"
259312259378
],
259313259379
"description": "This module allows you to turn on or off the screensaver of the target computer and also\n lock the current session.",
259314259380
"references": [
259315-
259381+
"URL-https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7530"
259316259382
],
259317-
"platform": "Linux,OSX,Windows",
259383+
"platform": "Linux,OSX,Solaris,Unix,Windows",
259318259384
"arch": "",
259319259385
"rport": null,
259320259386
"autofilter_ports": null,
259321259387
"autofilter_services": null,
259322259388
"targets": null,
259323-
"mod_time": "2023-02-08 13:47:34 +0000",
259389+
"mod_time": "2024-09-09 16:49:21 +0000",
259324259390
"path": "/modules/post/multi/manage/screensaver.rb",
259325259391
"is_install_path": true,
259326259392
"ref_name": "multi/manage/screensaver",
259327259393
"check": false,
259328259394
"post_auth": false,
259329259395
"default_credential": false,
259330259396
"notes": {
259397+
"Reliability": [
259398+
259399+
],
259400+
"Stability": [
259401+
259402+
],
259403+
"SideEffects": [
259404+
259405+
]
259331259406
},
259332259407
"session_types": [
259333259408
"shell",
@@ -259346,6 +259421,10 @@
259346259421
{
259347259422
"name": "STOP",
259348259423
"description": "Stop the screensaver, user may be prompted for its password"
259424+
},
259425+
{
259426+
"name": "UNLOCK",
259427+
"description": "Unlock the current session"
259349259428
}
259350259429
]
259351259430
},
@@ -260321,7 +260400,7 @@
260321260400
"URL-https://www.mac4n6.com/blog/2018/3/21/uh-oh-unified-logs-in-high-sierra-1013-show-plaintext-password-for-apfs-encrypted-external-volumes-via-disk-utilityapp"
260322260401
],
260323260402
"platform": "OSX",
260324-
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r",
260403+
"arch": "x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r, riscv32be, riscv32le, riscv64be, riscv64le, loongarch64",
260325260404
"rport": null,
260326260405
"autofilter_ports": null,
260327260406
"autofilter_services": null,

0 commit comments

Comments
 (0)