In WinRAR versions prior to 6.23, there is a vulnerability that allows attackers to execute arbitrary code. This vulnerability occurs when a user tries to open a harmless file within a ZIP archive. The issue arises when the ZIP archive contains a benign file, such as a regular .PDF file, and also a folder with the same name as the benign file. During an attempt to access the benign file, the contents of the folder, which may include executable content, are processed, leading to the execution of arbitrary code.
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
This module exploits an SQL injection to deploy an agent in Progress MOVEit Transfer. The vulnerability is in the UserCheckClientCert function of MOVEit.DMZ.ClassLib.UserEngine class. The deployed agent will run with moveitsvc user privileges.
This module exploits an SQL injection to deploy an agent in Progress MOVEit Transfer. The vulnerability is in the UserProcessPassChangeRequest function of MOVEit.DMZ.ClassLib.UserEngine class. The deployed agent will run with moveitsvc user privileges.
An elevation of privilege vulnerability exists due to the Windows kernel improperly validating input passed from user mode to the kernel. The vulnerability could allow an attacker to run code with elevated privileges.
This module exploits an SQL injection to deploy an agent in Progress MOVEit Transfer. The vulnerability is in the UserCheckClientCert function of MOVEit.DMZ.ClassLib.UserEngine class. The deployed agent will run with moveitsvc user privileges.
This module exploits an SQL injection to deploy an agent in Progress MOVEit Transfer. The vulnerability is in the UserCheckClientCert function of MOVEit.DMZ.ClassLib.UserEngine class. The deployed agent will run with moveitsvc user privileges.
This exploit uses a format stack buffer overflow located in the rlprd ns_aaa_gwtest_get_event_and_target_names() function to install an agent. The deployed agent will run with root user privileges.
This module exploits a java deserialization vulnerability present in InternalClusterController class that is reachable via several endpoints of VMware Aria Operations for Logs. The deployed agent will run with root privileges.
Foxit PDF Reader, in an oversight, exposes a JavaScript interface capable of writing arbitrary files. This mishap is what makes the software susceptible to attacks. An adversary can manipulate this vulnerability to execute code within the context of the current user, thereby gaining unauthorized control over the system. The vulnerable method is exportXFAData. This exploit will write the agent to the startup folder. This means that the user must logoff and login again in order to execute the agent.