automatic module_metadata_base.json update

Author: jenkins-metasploit

db/modules_metadata_base.json

@@ -57846,7 +57846,7 @@
       "Narendra Shinde",
       "Zack Flack <[email protected]>"
     ],
-    "description": "WARNING: Successful execution of this module results in /etc/passwd being overwritten.\n\n        This module is a port of the OpenBSD X11 Xorg exploit to run on AIX.\n\n        A permission check flaw exists for -modulepath and -logfile options when\n        starting Xorg.  This allows unprivileged users that can start the server\n        the ability to elevate privileges and run arbitrary code under root\n        privileges.\n\n        This module has been tested with AIX 7.1 and 7.2, and should also work with 6.1.\n        Due to permission restrictions of the crontab in AIX, this module does not use cron,\n        and instead overwrites /etc/passwd in order to create a new user with root privileges.\n        All currently logged in users need to be included when /etc/passwd is overwritten,\n        else AIX will throw 'Cannot get \"LOGNAME\" variable' when attempting to change user.\n        The Xorg '-fp' parameter used in the OpenBSD exploit does not work on AIX,\n        and is replaced by '-config', in conjuction with ANSI-C quotes to inject newlines when\n        overwriting /etc/passwd.",
+    "description": "WARNING: Successful execution of this module results in /etc/passwd being overwritten.\n\n          This module is a port of the OpenBSD X11 Xorg exploit to run on AIX.\n\n          A permission check flaw exists for -modulepath and -logfile options when\n          starting Xorg.  This allows unprivileged users that can start the server\n          the ability to elevate privileges and run arbitrary code under root\n          privileges.\n\n          This module has been tested with AIX 7.1 and 7.2, and should also work with 6.1.\n          Due to permission restrictions of the crontab in AIX, this module does not use cron,\n          and instead overwrites /etc/passwd in order to create a new user with root privileges.\n          All currently logged in users need to be included when /etc/passwd is overwritten,\n          else AIX will throw 'Cannot get \"LOGNAME\" variable' when attempting to change user.\n          The Xorg '-fp' parameter used in the OpenBSD exploit does not work on AIX,\n          and is replaced by '-config', in conjuction with ANSI-C quotes to inject newlines when\n          overwriting /etc/passwd.",
     "references": [
       "CVE-2018-14665",
       "URL-https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html",
@@ -57864,7 +57864,7 @@
       "IBM AIX Version 7.1",
       "IBM AIX Version 7.2"
     ],
-    "mod_time": "2021-02-17 12:33:59 +0000",
+    "mod_time": "2025-04-18 01:17:56 +0000",
     "path": "/modules/exploits/aix/local/xorg_x11_server.rb",
     "is_install_path": true,
     "ref_name": "aix/local/xorg_x11_server",
@@ -57873,7 +57873,14 @@
     "default_credential": false,
     "notes": {
       "SideEffects": [
-        "config-changes"
+        "config-changes",
+        "artifacts-on-disk"
+      ],
+      "Reliability": [
+        "unreliable-session"
+      ],
+      "Stability": [
+        "crash-service-down"
       ]
     },
     "session_types": [
@@ -57893,7 +57900,7 @@
       "Rodrigo Rubira Branco (BSDaemon)",
       "jduck <[email protected]>"
     ],
-    "description": "This module exploits a buffer overflow vulnerability in opcode 21 handled by\n        rpc.cmsd on AIX. By making a request with a long string passed to the first\n        argument of the \"rtable_create\" RPC, a stack based buffer overflow occurs. This\n        leads to arbitrary code execution.\n\n        NOTE: Unsuccessful attempts may cause inetd/portmapper to enter a state where\n        further attempts are not possible.",
+    "description": "This module exploits a buffer overflow vulnerability in opcode 21 handled by\n          rpc.cmsd on AIX. By making a request with a long string passed to the first\n          argument of the \"rtable_create\" RPC, a stack based buffer overflow occurs. This\n          leads to arbitrary code execution.\n\n          NOTE: Unsuccessful attempts may cause inetd/portmapper to enter a state where\n          further attempts are not possible.",
     "references": [
       "CVE-2009-3699",
       "OSVDB-58726",
@@ -57909,14 +57916,24 @@
     "targets": [
       "IBM AIX Version 5.1"
     ],
-    "mod_time": "2023-03-28 18:15:26 +0000",
+    "mod_time": "2025-04-18 01:17:56 +0000",
     "path": "/modules/exploits/aix/rpc_cmsd_opcode21.rb",
     "is_install_path": true,
     "ref_name": "aix/rpc_cmsd_opcode21",
     "check": false,
     "post_auth": false,
     "default_credential": false,
-    "notes": {},
+    "notes": {
+      "Reliability": [
+        "unreliable-session"
+      ],
+      "Stability": [
+        "crash-service-restarts"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
     "session_types": false,
     "needs_cleanup": null
   },
@@ -57931,7 +57948,7 @@
       "Ramon de C Valle <[email protected]>",
       "Adriano Lima <[email protected]>"
     ],
-    "description": "This module exploits a buffer overflow vulnerability in _tt_internal_realpath\n        function of the ToolTalk database server (rpc.ttdbserverd).",
+    "description": "This module exploits a buffer overflow vulnerability in _tt_internal_realpath\n          function of the ToolTalk database server (rpc.ttdbserverd).",
     "references": [
       "CVE-2009-2727",
       "OSVDB-55151"
@@ -57955,14 +57972,24 @@
       "Debug IBM AIX Version 6.1",
       "Debug IBM AIX Version 5.3"
     ],
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2025-04-18 01:17:56 +0000",
     "path": "/modules/exploits/aix/rpc_ttdbserverd_realpath.rb",
     "is_install_path": true,
     "ref_name": "aix/rpc_ttdbserverd_realpath",
     "check": false,
     "post_auth": false,
     "default_credential": false,
-    "notes": {},
+    "notes": {
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "Stability": [
+        "crash-service-restarts"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
     "session_types": false,
     "needs_cleanup": null
   },
@@ -58728,7 +58755,7 @@
       "skape <[email protected]>",
       "trew"
     ],
-    "description": "This is an exploit for an undisclosed buffer overflow\n        in the SoftCart.exe CGI as shipped with Mercantec's shopping\n        cart software.  It is possible to execute arbitrary code\n        by passing a malformed CGI parameter in an HTTP GET\n        request.  This issue is known to affect SoftCart version\n        4.00b.",
+    "description": "This is an exploit for an undisclosed buffer overflow\n          in the SoftCart.exe CGI as shipped with Mercantec's shopping\n          cart software.  It is possible to execute arbitrary code\n          by passing a malformed CGI parameter in an HTTP GET\n          request.  This issue is known to affect SoftCart version\n          4.00b.",
     "references": [
       "CVE-2004-2221",
       "OSVDB-9011",
@@ -58755,14 +58782,24 @@
     "targets": [
       "BSDi/4.3 Bruteforce"
     ],
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2025-04-18 01:31:15 +0000",
     "path": "/modules/exploits/bsdi/softcart/mercantec_softcart.rb",
     "is_install_path": true,
     "ref_name": "bsdi/softcart/mercantec_softcart",
     "check": false,
     "post_auth": false,
     "default_credential": false,
-    "notes": {},
+    "notes": {
+      "Stability": [
+        "crash-service-restarts"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
     "session_types": false,
     "needs_cleanup": null
   },
@@ -58776,14 +58813,15 @@
     "author": [
       "I)ruid <[email protected]>"
     ],
-    "description": "This exploit connects to a system's modem over dialup and exploits\n        a buffer overflow vulnerability in it's System V derived /bin/login.\n        The vulnerability is triggered by providing a large number of arguments.",
+    "description": "This exploit connects to a system's modem over dialup and exploits\n          a buffer overflow vulnerability in it's System V derived /bin/login.\n          The vulnerability is triggered by providing a large number of arguments.",
     "references": [
       "CVE-2001-0797",
       "OSVDB-690",
       "OSVDB-691",
       "BID-3681",
-      "URL-http://archives.neohapsis.com/archives/bugtraq/2002-10/0014.html",
-      "URL-http://archives.neohapsis.com/archives/bugtraq/2004-12/0404.html"
+      "URL-https://web.archive.org/web/20120114122443/http://archives.neohapsis.com/archives/bugtraq/2002-10/0014.html",
+      "URL-https://web.archive.org/web/20120114113100/http://archives.neohapsis.com/archives/bugtraq/2004-12/0404.html",
+      "URL-https://github.com/0xdea/exploits/blob/master/solaris/raptor_rlogin.c"
     ],
     "platform": "Unix",
     "arch": "tty",
@@ -58793,14 +58831,24 @@
     "targets": [
       "Solaris 2.6 - 8 (SPARC)"
     ],
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2025-04-18 10:49:46 +0000",
     "path": "/modules/exploits/dialup/multi/login/manyargs.rb",
     "is_install_path": true,
     "ref_name": "dialup/multi/login/manyargs",
     "check": false,
     "post_auth": false,
     "default_credential": false,
-    "notes": {},
+    "notes": {
+      "Stability": [
+        "crash-service-restarts"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
     "session_types": false,
     "needs_cleanup": null
   },
@@ -86935,7 +86983,7 @@
       "mainframed a.k.a. soldier of fortran",
       "S&Oxballs a.k.a. chiefascot"
     ],
-    "description": "(Submit JCL to z/OS via FTP and SITE FILE=JES.\n        This exploit requires valid credentials on the target system)",
+    "description": "Submit JCL to z/OS via FTP and SITE FILE=JES.\n          This exploit requires valid credentials on the target system.",
     "references": [],
     "platform": "Mainframe",
     "arch": "cmd",
@@ -86950,14 +86998,25 @@
     "targets": [
       "Automatic"
     ],
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2025-04-18 01:46:06 +0000",
     "path": "/modules/exploits/mainframe/ftp/ftp_jcl_creds.rb",
     "is_install_path": true,
     "ref_name": "mainframe/ftp/ftp_jcl_creds",
     "check": true,
     "post_auth": true,
     "default_credential": false,
-    "notes": {},
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
     "session_types": false,
     "needs_cleanup": null
   },