The specific flaw exists in ELCSimulator.exe when handling specially crafted TCP packets.
Cisco Prime Infrastructure is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the xmpDataOperationRequestServlet servlet. By exploiting known methods, it is possible to remotely load a ProcessBuilder Java class, which allows the execution of system commands.
Atlassian Bamboo is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the commons-collections Java library. By exploiting known methods, it is possible to remotely load a InvokerTransformer Java class, wich allows the execution of system commands.
This module exploits a vulnerability in win32k.sys by creating special Windows menus with crafted parameters.
This module exploits a design flaw in Microsoft Windows. By spoofing NBNS responses, an unprivileged user can abuse a local HTTP->SMB credentials reflection vulnerability to install an agent. If that approach fails, on supported platforms the exploit falls back to a local WEBDAV->SMB credential reflection (MS16-075).
This module exploits a vulnerability in Microsoft Windows MRXDAV.SYS driver. This vulnerability allows a local attacker to execute arbitrary code with SYSTEM privileges in a vulnerable target.
This module exploits a vulnerability in the Linux kernel related to the netfilter target_offset field. This vulnerability can be exploited by a local unprivileged attacker to gain root privileges.
The ioctl handler in the atkbd keyboard driver in FreeBSD is prone to a signedness error, which can lead to a buffer overflow in the kernel when processing a SETFKEY ioctl message with specially crafted values. This vulnerability can be exploited by a local unprivileged attacker to gain root privileges. In order to reach the vulnerable code in the keyboard driver, the exploit needs a virtual terminal (/dev/ttyv*) allocated for the user under which the initial agent is running. Virtual terminals are allocated when a user logs into the physical machine, as opposed to the pseudo-terminals (/dev/pts/*) which are allocated when accessing a system via a SSH shell, for example. This module can be configured to keep waiting for an accessible virtual terminal, by setting the Advanced/TIME LIMIT parameter to the desired maximum amount of minutes to wait for.
Wireshark is prone to a vulnerability that may allow execution of riched20.dll.dll if this module is located in the same folder than .PCAP file.
The specific flaw exists in the handling of LeviStudio Project files. By providing an overly long HmiSet Type XML attribute, an attacker can overflow a stack-based buffer and execute arbitrary code in the context of the current process. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.