An SQL injection vulnerability in F5 BIG-IP Next Central Manager may allow unauthenticated remote attackers to bypass authentication in the target application. The vulnerability is reached via the /api/login endpoint. This module will use the vulnerability to retrieve the administrative user password hash.
This module exploits an issue in GitLab CE/EE that allows sending reset emails to an unverified email address. In order to takeover the account, the module will exploit the vulnerability adding the attacker's email to the JSON from /users/password endpoint, then it will connect via IMAP to the attacker's email, parse the reset email and change the password.
A SQL injection vulnerability in Fortra FileCatalyst Workflow versions 5.1.6 build 135 and earlier allows remote attackers, including anonymous ones, to exploit a SQL injection via the JOBID parameter. This could lead to unauthorized SQL commands execution such as table deletion or admin user creation. This module without authentication creates an administrative user, proceeds to authenticate with this newly created user to assess if the system is vulnerable. This module does not install an agent but instead creates an administrator user for FileCatalyst.s
This module uses a server side template injection vulnerability in CrushFTP to check if the target is vulnerable to CVE-2024-4040 . If the target is vulnerable, the module will download the specified file and log several server variables.
This vulnerability allows unauthenticated attackers to read arbitrary files on the Jenkins controller file system by exploiting a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents. This could expose sensitive information and compromise the integrity of the system. This exploit does not install any agent.
This module triggers a memory corruption vulnerability in the Event Log Service by sending a malformed packet. It can be used by a remote attacker to stop recording events of important software so will left no traces. For example, if an attacker installs an agent on a domain-joined workstation. He can remotely stop the domain controller's Event Log service.
Oracle WebLogic Server is prone to a remote vulnerability that allows attackers to take advantage of a Java deserialization vulnerability. By exploiting known methods, the module establishes a remote connection to the RMI Registry and loads a UnicastRef Object. This manipulation allows for the execution of system commands, enabling remote code execution on the targeted host. The bypass technique involves changing the RMI interface type to java.rmi.activation.Activator.
This vulnerability allows remote attackers to execute arbitrary code on installations of Ivanti Avalanche, which can be exploited by malicious people to compromise a vulnerable system. Ivanti Avalanche is prone to a buffer-overflow vulnerability when handling a large amount of data, this can trigger an overflow in a finite-sized internal memory buffer.
This exploit uses a format stack buffer overflow located in the rlprd ns_aaa_gwtest_get_event_and_target_names() function to install an agent. The deployed agent will run with root user privileges.
This module triggers a heap-based buffer overflow vulnerability in the DHCP service by sending a malformed DHCPv6 Relay-forward message.
Pagination
- Previous page
- Page 4
- Next page