Land rapid7#1996, references for several modules

wvu · wvu · commit 4cc1f2440db8 · 2013-06-20T11:32:55.000-05:00
diff --git a/modules/exploits/multi/browser/java_jre17_jmxbean.rb b/modules/exploits/multi/browser/java_jre17_jmxbean.rb
@@ -37,6 +37,7 @@ def initialize( info = {} )
 			'References'    =>
 				[
 					[ 'CVE', '2013-0422' ],
+					[ 'OSVDB', '89059' ],
 					[ 'US-CERT-VU', '625617' ],
 					[ 'URL', 'http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html' ],
 					[ 'URL', 'http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/' ],
diff --git a/modules/exploits/multi/http/familycms_less_exec.rb b/modules/exploits/multi/http/familycms_less_exec.rb
@@ -29,6 +29,7 @@ def initialize(info={})
 				],
 			'References'     =>
 				[
+					[ 'OSVDB', '77492' ],
 					[ 'URL', 'https://www.familycms.com/blog/2011/11/security-vulnerability-fcms-2-5-2-7-1/' ],
 					[ 'URL', 'http://sourceforge.net/apps/trac/fam-connections/ticket/407' ],
 					[ 'URL', 'http://rwx.biz.nf/advisories/fc_cms_rce_adv.html' ],
diff --git a/modules/exploits/multi/http/freenas_exec_raw.rb b/modules/exploits/multi/http/freenas_exec_raw.rb
@@ -27,7 +27,8 @@ def initialize(info = {})
 			'License'        => MSF_LICENSE,
 			'References'     =>
 				[
-					[ 'URL', 'http://sourceforge.net/projects/freenas/files/stable/0.7.2/NOTES%200.7.2.5543.txt/download' ],
+					[ 'OSVDB', '94441' ],
+					[ 'URL', 'http://sourceforge.net/projects/freenas/files/stable/0.7.2/NOTES%200.7.2.5543.txt/download' ]
 				],
 			'Payload'	=>
 				{
diff --git a/modules/exploits/multi/http/jboss_deploymentfilerepository.rb b/modules/exploits/multi/http/jboss_deploymentfilerepository.rb
@@ -29,6 +29,7 @@ def initialize(info = {})
 			'References'  =>
 				[
 					[ 'CVE', '2010-0738' ], # by using VERB other than GET/POST
+					[ 'OSVDB', '64171' ],
 					[ 'URL', 'http://www.redteam-pentesting.de/publications/jboss' ],
 					[ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=574105' ],
 				],
diff --git a/modules/exploits/multi/http/mobilecartly_upload_exec.rb b/modules/exploits/multi/http/mobilecartly_upload_exec.rb
@@ -31,8 +31,9 @@ def initialize(info={})
 				],
 			'References'     =>
 				[
-					['EDB', '20422'],
-					['BID', '55399']
+					[ 'OSVDB', '85509' ],
+					[ 'EDB', '20422 '],
+					[ 'BID', '55399 ']
 				],
 			'Payload'        =>
 				{
diff --git a/modules/exploits/multi/http/movabletype_upgrade_exec.rb b/modules/exploits/multi/http/movabletype_upgrade_exec.rb
@@ -37,10 +37,11 @@ def initialize(info = {})
 				],
 			'References'     =>
 				[
-					['CVE', '2012-6315'], # superseded by CVE-2013-0209 (duplicate)
-					['CVE', '2013-0209'],
-					['URL', 'http://www.sec-1.com/blog/?p=402'],
-					['URL', 'http://www.movabletype.org/2013/01/movable_type_438_patch.html']
+					[ 'CVE', '2012-6315' ], # superseded by CVE-2013-0209 (duplicate)
+					[ 'CVE', '2013-0209' ],
+					[ 'OSVDB', '89322' ],
+					[ 'URL', 'http://www.sec-1.com/blog/?p=402' ],
+					[ 'URL', 'http://www.movabletype.org/2013/01/movable_type_438_patch.html' ]
 				],
 			'Arch'		 => ARCH_CMD,
 			'Payload'	 =>
diff --git a/modules/exploits/multi/http/phpmyadmin_3522_backdoor.rb b/modules/exploits/multi/http/phpmyadmin_3522_backdoor.rb
@@ -22,7 +22,13 @@ def initialize(info = {})
 			},
 			'Author'         => [ 'hdm' ],
 			'License'        => MSF_LICENSE,
-			'References'     => [ ['URL', 'http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php'] ],
+			'References'     =>
+				[
+					[ 'CVE', '2012-5159' ],
+					[ 'OSVDB', '85739' ],
+					[ 'EDB', '21834' ],
+					[ 'URL', 'http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php' ]
+				],
 			'Privileged'     => false,
 			'Payload'        =>
 				{
diff --git a/modules/exploits/multi/http/rails_xml_yaml_code_exec.rb b/modules/exploits/multi/http/rails_xml_yaml_code_exec.rb
@@ -38,8 +38,9 @@ def initialize(info = {})
 			'License'        => MSF_LICENSE,
 			'References'  =>
 				[
-					['CVE', '2013-0156'],
-					['URL', 'https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156']
+					[ 'CVE', '2013-0156' ],
+					[ 'OSVDB', '89026' ],
+					[ 'URL', 'https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156' ]
 				],
 			'Platform'       => 'ruby',
 			'Arch'           => ARCH_RUBY,
diff --git a/modules/exploits/multi/http/testlink_upload_exec.rb b/modules/exploits/multi/http/testlink_upload_exec.rb
@@ -29,9 +29,9 @@ def initialize(info={})
 				],
 			'References'     =>
 				[
-					['URL', 'http://itsecuritysolutions.org/2012-08-13-TestLink-1.9.3-multiple-vulnerabilities/']
-					#['OSVDB', ''],
-					#['EDB',   ''],
+					[ 'OSVDB', '85446' ],
+					[ 'EDB',   '20500' ],
+					[ 'URL', 'http://itsecuritysolutions.org/2012-08-13-TestLink-1.9.3-multiple-vulnerabilities/' ]
 				],
 			'Payload'        =>
 				{
diff --git a/modules/exploits/osx/browser/safari_file_policy.rb b/modules/exploits/osx/browser/safari_file_policy.rb
@@ -39,9 +39,10 @@ def initialize(info={})
 				],
 			'References'     =>
 				[
-					['CVE', '2011-3230'],
-					['URL', 'http://vttynotes.blogspot.com/2011/10/cve-2011-3230-launch-any-file-path-from.html#comments'],
-					['URL', 'http://support.apple.com/kb/HT5000']
+					[ 'CVE', '2011-3230' ],
+					[ 'OSVDB', '76389' ],
+					[ 'URL', 'http://vttynotes.blogspot.com/2011/10/cve-2011-3230-launch-any-file-path-from.html#comments' ],
+					[ 'URL', 'http://support.apple.com/kb/HT5000' ]
 				],
 			'Payload'        =>
 				{
diff --git a/modules/exploits/osx/local/setuid_tunnelblick.rb b/modules/exploits/osx/local/setuid_tunnelblick.rb
@@ -31,6 +31,7 @@ def initialize(info={})
 				'References'     =>
 					[
 						[ 'CVE', '2012-3485' ],
+						[ 'OSVDB', '84706' ],
 						[ 'EDB', '20443' ],
 						[ 'URL', 'http://blog.zx2c4.com/791' ]
 					],

Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,7 @@ def initialize( info = {} )`
`37`	`37`	`'References' =>`
`38`	`38`	`[`
`39`	`39`	`[ 'CVE', '2013-0422' ],`
	`40`	`+ [ 'OSVDB', '89059' ],`
`40`	`41`	`[ 'US-CERT-VU', '625617' ],`
`41`	`42`	`[ 'URL', 'http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html' ],`
`42`	`43`	`[ 'URL', 'http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/' ],`
Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,7 @@ def initialize(info={})`
`29`	`29`	`],`
`30`	`30`	`'References' =>`
`31`	`31`	`[`
	`32`	`+ [ 'OSVDB', '77492' ],`
`32`	`33`	`[ 'URL', 'https://www.familycms.com/blog/2011/11/security-vulnerability-fcms-2-5-2-7-1/' ],`
`33`	`34`	`[ 'URL', 'http://sourceforge.net/apps/trac/fam-connections/ticket/407' ],`
`34`	`35`	`[ 'URL', 'http://rwx.biz.nf/advisories/fc_cms_rce_adv.html' ],`
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,8 @@ def initialize(info = {})`
`27`	`27`	`'License' => MSF_LICENSE,`
`28`	`28`	`'References' =>`
`29`	`29`	`[`
`30`		`- [ 'URL', 'http://sourceforge.net/projects/freenas/files/stable/0.7.2/NOTES%200.7.2.5543.txt/download' ],`
	`30`	`+ [ 'OSVDB', '94441' ],`
	`31`	`+ [ 'URL', 'http://sourceforge.net/projects/freenas/files/stable/0.7.2/NOTES%200.7.2.5543.txt/download' ]`
`31`	`32`	`],`
`32`	`33`	`'Payload' =>`
`33`	`34`	`{`
Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,7 @@ def initialize(info = {})`
`29`	`29`	`'References' =>`
`30`	`30`	`[`
`31`	`31`	`[ 'CVE', '2010-0738' ], # by using VERB other than GET/POST`
	`32`	`+ [ 'OSVDB', '64171' ],`
`32`	`33`	`[ 'URL', 'http://www.redteam-pentesting.de/publications/jboss' ],`
`33`	`34`	`[ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=574105' ],`
`34`	`35`	`],`
Original file line number	Diff line number	Diff line change
`@@ -31,8 +31,9 @@ def initialize(info={})`
`31`	`31`	`],`
`32`	`32`	`'References' =>`
`33`	`33`	`[`
`34`		`- ['EDB', '20422'],`
`35`		`- ['BID', '55399']`
	`34`	`+ [ 'OSVDB', '85509' ],`
	`35`	`+ [ 'EDB', '20422 '],`
	`36`	`+ [ 'BID', '55399 ']`
`36`	`37`	`],`
`37`	`38`	`'Payload' =>`
`38`	`39`	`{`
Original file line number	Diff line number	Diff line change
`@@ -29,9 +29,9 @@ def initialize(info={})`
`29`	`29`	`],`
`30`	`30`	`'References' =>`
`31`	`31`	`[`
`32`		`- ['URL', 'http://itsecuritysolutions.org/2012-08-13-TestLink-1.9.3-multiple-vulnerabilities/']`
`33`		`- #['OSVDB', ''],`
`34`		`- #['EDB', ''],`
	`32`	`+ [ 'OSVDB', '85446' ],`
	`33`	`+ [ 'EDB', '20500' ],`
	`34`	`+ [ 'URL', 'http://itsecuritysolutions.org/2012-08-13-TestLink-1.9.3-multiple-vulnerabilities/' ]`
`35`	`35`	`],`
`36`	`36`	`'Payload' =>`
`37`	`37`	`{`
Original file line number	Diff line number	Diff line change
`@@ -39,9 +39,10 @@ def initialize(info={})`
`39`	`39`	`],`
`40`	`40`	`'References' =>`
`41`	`41`	`[`
`42`		`- ['CVE', '2011-3230'],`
`43`		`- ['URL', 'http://vttynotes.blogspot.com/2011/10/cve-2011-3230-launch-any-file-path-from.html#comments'],`
`44`		`- ['URL', 'http://support.apple.com/kb/HT5000']`
	`42`	`+ [ 'CVE', '2011-3230' ],`
	`43`	`+ [ 'OSVDB', '76389' ],`
	`44`	`+ [ 'URL', 'http://vttynotes.blogspot.com/2011/10/cve-2011-3230-launch-any-file-path-from.html#comments' ],`
	`45`	`+ [ 'URL', 'http://support.apple.com/kb/HT5000' ]`
`45`	`46`	`],`
`46`	`47`	`'Payload' =>`
`47`	`48`	`{`