This module chains 3 vulnerabilities to deploy an agent in VMware Workspace ONE Access that will run with root user privileges. The first vulnerability is an authentication bypass vulnerability present in OAuth2TokenResourceController Access Control Service (ACS). The second vulnerability a JDBC Injection in DBConnectionCheckController dbCheck that allow to execute remote system commands. The third vulnerability is a local privilege escalation using the publishCaCert.hzn and gatherConfig.hzn scripts.
This module exploits a Zoho ManageEngine Password Manager Pro present in the org.apache.xmlrpc.parser.XmlRpcRequestParser class of Zoho ManageEngine Password Manager Pro. The deployed agent will run with SYSTEM privileges.
An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
This module exploits a server side request forgery present in getKeyInfoData function of oracle.security.xmlsec.keys.RetrievalMethod. Chained with a deserialization vulnerability present in the ADF Faces framework to deploy an agent in the system running Oracle Access Manager.
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution
This module exploits a OGNL injection vulnerability present in the xwork jar file of Atlassian Confluence. The deployed agent will run with the confluence user privileges in linux and with NT AUTHORITY\\NETWORK SERVICE in windows.
This module exploits a vulnerability in Microsoft MSDT, which can be leveraged to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to open a malicious document.
This module exploits a server-side template injection vulnerability present in the customError.ftl filter of VMware Workspace ONE Access. The deployed agent will run with horizon user privileges.