An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as
This vulnerability allows unauthenticated attackers to read arbitrary files on the Jenkins controller file system by exploiting a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents. This could expose sensitive information and compromise the integrity of the system. This exploit does not install any agent.
This module triggers a memory corruption vulnerability in the Event Log Service by sending a malformed packet. It can be used by a remote attacker to stop recording events of important software so will left no traces. For example, if an attacker installs an agent on a domain-joined workstation. He can remotely stop the domain controller's Event Log service.
Oracle WebLogic Server is prone to a remote vulnerability that allows attackers to take advantage of a Java deserialization vulnerability. By exploiting known methods, the module establishes a remote connection to the RMI Registry and loads a UnicastRef Object. This manipulation allows for the execution of system commands, enabling remote code execution on the targeted host. The bypass technique involves changing the RMI interface type to java.rmi.activation.Activator.
This module uses an improper authorization vulnerability in Atlassian Confluence to replace the database contents and create a new admin user in the target system. The created admin account is then used to upload a Servlet plugin JAR file to deploy an agent. The deployed agent will run with the same privileges than the Confluence instance.
This module uses broken access control vulnerability via SafeParametersInterceptor class in Atlassian Confluence to create a new admin user in the target system using the provided credentials. If no credentials are provided, it will generate a random one. This admin account is then used to upload a Servlet plugin JAR file to deploy an agent. The deployed agent will run with the same privileges than the Confluence instance.
Arcserve UDP Agent from version 7.0 to 9.0 allows authentication bypass. The method getVersionInfo in WebServiceImpl/services/FlashServiceImpl exposes the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. It is also possible to obtain administrator credentials. Also, the credentials of the ArcServe UDP Agent are added as an identity. This module tries to determine remotely, if the target host is either vulnerable to CVE-2023-26258 or not.
This vulnerability allows remote attackers to execute arbitrary code on installations of Ivanti Avalanche, which can be exploited by malicious people to compromise a vulnerable system. Ivanti Avalanche is prone to a buffer-overflow vulnerability when handling a large amount of data, this can trigger an overflow in a finite-sized internal memory buffer.
This exploit uses a format stack buffer overflow located in the rlprd ns_aaa_gwtest_get_event_and_target_names() function to install an agent. The deployed agent will run with root user privileges.
This module triggers a heap-based buffer overflow vulnerability in the DHCP service by sending a malformed DHCPv6 Relay-forward message.