This module exploits an OS command injection vulnerability present in the validateClaimRuleCondition function of ClaimTransformationHelper class of VMware Workspace ONE Access.
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut MF. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM.
This module exploits an OS command injection vulnerability present in the ChangePasswordAction function of Zoho ManageEngine ADManager Plus.
The Common Log File System Driver (clfs.sys) present in Microsoft Windows is vulnerable to a memory corruption vulnerability. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by creating a specially crafted base log file.
A vulnerability in the Backup Service of Veeam Backup and Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
This update adds a module that checks the vulnerability and retrieves all the credentials and another module to deploy an agent.
This update adds a module that checks the vulnerability and retrieves all the credentials and another module to deploy an agent.
This module exploits an information disclosure vulnerability, a remote file download vulnerability and a directory traversal vulnerability in VMware vRealize Log Insight to deploy an agent with root privileges.
A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device.
A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device.
The cause of the vulnerability is due to the lack of a strict bounds check for the SignaturesOffset field in the Base Block for the base log file (BLF) in CLFS.sys. This issue can lead to a Privilege Escalation.This version adds support for Windows 10 and some Windows servers.
The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to an arbitrary memory overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL to the vulnerable driver.