This module exploits a server-side template injection vulnerability present in the customError.ftl filter of VMware Workspace ONE Access. The deployed agent will run with horizon user privileges.
This module exploits an authentication bypass vulnerability present in iControl REST of F5 BIG-IP. The deployed agent will run with root privileges.
This module exploits an authentication bypass vulnerability present in iControl REST of F5 BIG-IP. The deployed agent will run with root privileges.
This module uses an unsafe data binding used to populate an object from request parameters to set a Tomcat specific ClassLoader in Spring MVC and Spring WebFlux applications in order to upload and execute a JSP file in the Tomcat virtual file system webapps directory.
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel's watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.
This module exploits a Deserialization vulnerability present in the OpenssoEngineController component of Oracle Access Manager.
The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system.
This module exploits an authentication bypass in Veeam.Backup.ServiceLib.CForeignInvokerNegotiateAuthenticator.Authenticate. Then a file upload present in ExecuteUploadManagerPerformUpload is used to copy the Web.config file to the Webapp root foler in order to extract the machineKey values to create a ysoserial.NET payload to execute commands. The deployed agent will run with the privileges of the "IIS Worker Process" process (NT AUTHORITY\\NETWORK SERVICE).
This module exploits a JNDI injection present in the log4j library. The deployed agent will run with the same privileges than the user account that ran Solr Server. This exploit will fail if the target system has jdk8u191 or newer.