The Cloud Files Mini Filter Driver (cldflt.sys) present in Microsoft Windows is vulnerable to a buffer overflow, which can result in out-of-bounds memory write to paged pool memory. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges.
An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as
This vulnerability allows an attacker to bypass the string comparison of the request path and access the setup wizard ("/SetupWizard.aspx") even on already-configured ScreenConnect instances. By exploiting this vulnerability and gaining access to the setup wizard, an attacker can create an administrative user and upload a malicious ScreenConnect extension to achieve remote code execution (RCE) on the ScreenConnect server. The vulnerable version of the ScreenConnect program is version 23.9.7 and earlier.
This vulnerability allows an attacker to bypass the string comparison of the request path and access the setup wizard ("/SetupWizard.aspx") even on already-configured ScreenConnect instances. By exploiting this vulnerability and gaining access to the setup wizard, an attacker can create an administrative user and upload a malicious ScreenConnect extension to achieve remote code execution (RCE) on the ScreenConnect server. The vulnerable version of the ScreenConnect program is version 23.9.7 and earlier.
This module exploits an OS Command Injection to deploy an agent in Jetbrains TeamCity. The vulnerability is in the handleRequestInternal method of the BaseController class which allows bypass of authentication in HTTP requests with a path that return a 404 response and that contain an HTTP parameter named jsp. The path must end with the ".jsp" string and cannot contain the "admin/" string.
This module exploits an OS Command Injection to deploy an agent in Jetbrains TeamCity. The vulnerability is in the handleRequestInternal method of the BaseController class which allows bypass of authentication in HTTP requests with a path that return a 404 response and that contain an HTTP parameter named jsp. The path must end with the ".jsp" string and cannot contain the "admin/" string.
This vulnerability allows unauthenticated attackers to read arbitrary files on the Jenkins controller file system by exploiting a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents. This could expose sensitive information and compromise the integrity of the system. This exploit does not install any agent.
Microsoft Windows Internet Shortcut is prone to a vulnerability that may allow remote attackers to bypass the SmartScreen security feature. The specific flaw exists within the handling of Internet Shortcut (.URL) files. The issue results from the lack of a security check on chained Internet Shortcut files. An attacker can leverage this vulnerability to execute code in the context of the current user.
This exploit leverages an Information Disclosure vulnerability in Microsoft Outlook. By sending a mail crafting a malicious path, an attacker can coerce authentication to an untrusted server and steal NTLM hashes. This exploit does not install an agent, it manages to obtain the NTML hash of a legitimate user.
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.