Unauthenticated OS Command Injection in evictPublishedSupportBundles function of ScriptUtils class of VMWare Aria Operations for Networks (aka vRealize Network Insight)
The vulnerability exists due to application does not properly impose security restrictions in Windows Error Reporting Service, which leads to security restrictions bypass and privilege escalation and allows a local user (non included in Administrator group) to escalate privileges to NT AUTHORITY/SYSTEM.
This version adds BOF support.
This version adds BOF support.
A critical vulnerability, identified and cataloged as CVE-2023-38831, has been discovered. This vulnerability allows attackers to create modified RAR or ZIP archives that contain both harmless files and malicious ones. The malicious files are typically scripts located within a folder that shares the same name as the harmless file.
WinRAR RCE before versions 6.23
WinRAR RCE before versions 6.23
An SQL Injection Vulnerability in Progress MOVEit Transfer allows unauthenticated remote attackers to execute system commands.
This module exploits a remote stack-based buffer overflow in Wavelink Avalanche Manager by sending a malformed packet to the 1777/TCP port.
An elevation of privilege vulnerability exists due to the Windows kernel improperly validating input passed from user mode to the kernel. The vulnerability could allow an attacker to run code with elevated privileges.
An SQL Injection Vulnerability in Progress MOVEit Transfer allows unauthenticated remote attackers to execute system commands.
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks. This module exploits this in order to achieve LPE.
A stack buffer overflow in ns_aaa_gwtest_get_event_and_target_names function of nsppe process allows unauthenticated attacker to execute system commands as root via specially crafted HTTP GET request.
A java deserialization vulnerability allows unauthenticated remote attackers to execute arbitrary code on affected installations of VMware Aria Operations for Logs in the context of the root user account.