An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
This module exploits a server side request forgery present in getKeyInfoData function of oracle.security.xmlsec.keys.RetrievalMethod. Chained with a deserialization vulnerability present in the ADF Faces framework to deploy an agent in the system running Oracle Access Manager.
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
This module exploits a vulnerability in Microsoft MSDT, which can be leveraged to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to open a malicious document.
This module exploits a server-side template injection vulnerability present in the customError.ftl filter of VMware Workspace ONE Access. The deployed agent will run with horizon user privileges.
This module exploits a server-side template injection vulnerability present in the customError.ftl filter of VMware Workspace ONE Access. The deployed agent will run with horizon user privileges.
This module exploits an authentication bypass vulnerability present in iControl REST of F5 BIG-IP. The deployed agent will run with root privileges.
This module exploits an authentication bypass vulnerability present in iControl REST of F5 BIG-IP. The deployed agent will run with root privileges.
This module uses an unsafe data binding used to populate an object from request parameters to set a Tomcat specific ClassLoader in Spring MVC and Spring WebFlux applications in order to upload and execute a JSP file in the Tomcat virtual file system webapps directory.