This issue allows unauthenticated users to execute arbitrary commands on the server due to a command injection vulnerability in the `cmd_realtime.php` file. The vulnerability arises when the `register_argc_argv` option of PHP is enabled, which is the default setting in many environments. The `$poller_id` used in command execution is sourced from `$_SERVER['argv']`, which can be manipulated through URLs when this option is enabled. This module exploits this vulnerability sending a special request to 'cmd_realtime.php' that sets $_SERVER['argv'] into an os command.
An SQL injection vulnerability in F5 BIG-IP Next Central Manager may allow unauthenticated remote attackers to bypass authentication in the target application.
The CVE-2024-24401 vulnerability in Nagios XI version 2024R1.01 allows a remote attacker to execute arbitrary code through an SQL injection in the monitoringwizard.php component. Successful exploitation of this vulnerability can compromise the confidentiality, integrity, and availability of the affected system. The CVE-2024-24402 vulnerability affects Nagios XI version 2024R1.01, enabling a remote attacker to escalate privileges via a crafted script targeting the /usr/local/nagios/bin/npcd component. This flaw could allow unauthorized attackers to gain elevated privileges on affected systems, compromising the integrity and security of the Nagios XI monitoring system and connected infrastructure.
This update improves the module description and messages in the Module Output panel.
An elevation of privilege vulnerability exists due to the MS KS WOW Thunk kernel module allowing untrusted pointer dereference. The vulnerability could allow an attacker to run code with elevated privileges.
An authentication bypass in Palo Alto Networks PAN-OS software(CVE-2024-0012) enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions. A privilege escalation vulnerability in Palo Alto Networks PAN-OS software(CVE-2024-9474) allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. This module exploits these two vulnerabilities CVE-2024-0012 and CVE-2024-9474 in order to deploy an agent. The exploit does the following steps: Send a request containing a header parameter for authentication bypass(CVE-2024-0012) to inject a command within a 'user' request body parameter(CVE-2024-9474) and receive an elevated user session ID in the response, whereby the injected command is written to a local session cache file. Send a request with the elevated session ID to trigger evaluation of the injected local session cache file. Repeat the process with all the necessary commands to deploy an agent.
This module exploits CVE-2024-5910 to reset the password of the admin. For doing this, it will craft a special request to the endpoint /OS/startup/restore/restoreAdmin.php. After getting the admin password, it will authenticate with the admin credentials and it will exploit CVE-2024-9464 in order to deploy an agent. The exploitation of CVE-2024-9464 consists in crafting a special request to the endpoint /bin/CronJobs.php. As an authenticated user we can abuse this endpoint for inserting commands in the table cronjobs from pandb. After inserting the command into this table, the target will execute it.
A vulnerability in Kernel Streaming (ks.sys driver) allows arbitrary IOCTL_KS_PROPERTY operations. A double fetch vulnerability in KspPropertyHandler, can be used to gain system privileges.
CVE-2023-43208 stems from an insecure data deserialization process in Mirth Connect's use of the XStream library, which improperly processes untrusted XML payloads.This deserialization flaw enables us to exploit the system by sending crafted XML requests to execute code remotely on the server.
A chain of vulnerabilities in Arcserve Unified Data Protection allows unauthenticated remote attackers to execute system commands.