Microsoft Windows could allow a remote attacker to execute arbitrary code or BSOD the system, caused by a design flaw in the Network File System component.
This module crashes the target machine producing a blue screen by sending a malformed PPTP packet.
This module exploits a default credentials on Raspberry pi because it has default username and password.
This module uses a reverse proxy bypass vulnerability to access restricted endpoints as declared in the analytics-proxy.conf file. Also, it uses an unauthenticated file upload vulnerability present in the DataAppAgentController class, when using the action=collect parameter. The deployed agent will run with root privileges.
The vulnerability has been dubbed PrintNightmare and is tracked as CVE-2021-34527. The flaw is due to the Windows Print Spooler service improperly performing privileged file operations. Microsoft says the flaw can be exploited by an authenticated user calling RpcAddPrinterDriverEx(). When exploited, an attacker gains SYSTEM privileges and can execute arbitrary code, install programs, view, change, or delete data or create new accounts with full user rights.
This module crashes the target machine producing a blue screen by sending a malformed HTTP packet.
This module uses an unauthenticated file upload vulnerability via uploadova plugin in VMware vCenter Server to upload and extract a TAR file. This TAR file contains a path traversal that allows writing files at arbitraries locations. In the vulnerable 6.5.X and 6.7.X (build 13010631 and lower) versions of VMware vCenter Server, a JSP file is deployed to gain arbitrary code execution. In the vulnerable 6.7.X (build 13643870 and greater) and 7.X versions, a file with public keys are uploaded to the vsphere-ui user home directory and then used to deploy an agent via SSH. Notice that in 6.7.X versions SSH access is disabled by default.
SolarWinds Orion is prone to a remote vulnerability that allows unauthenticated attackers to execute system commands. Using the lack of permissions that the Collector Service set on its private queues, it is possible to remotely send messages that will be deserialized allowing to execute commands as SYSTEM.
A remote code execution vulnerability exists in Windows when the DNS Server component fails to properly handle certain types of request.
This module uses an unauthenticated java deserialization vulnerability via T3 protocol in Oracle Weblogic Server to upload and execute a java class file to gain arbitrary code execution on the affected system.