Arcserve UDP Agent from version 7.0 to 9.0 allows authentication bypass. The method getVersionInfo in WebServiceImpl/services/FlashServiceImpl exposes the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. It is also possible to obtain administrator credentials. Also, the credentials of the ArcServe UDP Agent are added as an identity. This module tries to determine remotely, if the target host is either vulnerable to CVE-2023-26258 or not.
This module exploits an OS Command Injection to deploy an agent in Jetbrains TeamCity. The vulnerability is in the requestPreHandlingAllowed function, which doesn't enforce authentication in HTTP requests with a path that ends with /RPC2.
This module exploits an OS Command Injection to deploy an agent in Jetbrains TeamCity. The vulnerability is in the requestPreHandlingAllowed function, which doesn't enforce authentication in HTTP requests with a path that ends with /RPC2.
This module exploits a .NET deserialization vulnerability in the Ad hoc Transfer Module of Progress WS_FTP Server. The vulnerability is in the DeserializeProcessor function of the MyFileUpload.UploadManager class.
This module exploits a .NET deserialization vulnerability in the Ad hoc Transfer Module of Progress WS_FTP Server. The vulnerability is in the DeserializeProcessor function of the MyFileUpload.UploadManager class.
The vulnerability exists due to application does not properly impose security restrictions in Windows File History Service, which leads to security restrictions bypass and privilege escalation and allows a local user to escalate privileges to NT AUTHORITY\SYSTEM.
This module exploits an OS Command Injection to deploy an agent in VMWare Aria Operations for Networks (aka vRealize Network Insight). The vulnerability is in the evictPublishedSupportBundles function of ScriptUtils class. The deployed agent will run with root user privileges.
This module exploits an OS Command Injection to deploy an agent in VMWare Aria Operations for Networks (aka vRealize Network Insight). The vulnerability is in the evictPublishedSupportBundles function of ScriptUtils class. The deployed agent will run with root user privileges.
This vulnerability allows remote attackers to execute arbitrary code on installations of Ivanti Avalanche, which can be exploited by malicious people to compromise a vulnerable system. Ivanti Avalanche is prone to a buffer-overflow vulnerability when handling a large amount of data, this can trigger an overflow in a finite-sized internal memory buffer.
The vulnerability exists due to application does not properly impose security restrictions in Windows Error Reporting Service, which leads to security restrictions bypass and privilege escalation and allows a local user (non included in Administrator group) to escalate privileges to NT AUTHORITY\SYSTEM.