A vulnerability in Oracle WebLogic Server (component: Core) which can be exploited through the T3/IIOP protocol network, which transfers information between WebLogic servers and other Java programs. This vulnerability found in Oracle WebLogic Server can lead to remote code execution.
This module crashes the MSMQ service by sending a malformed UserMessage packet which triggers an integer overflow vulnerability.
This module crashes the target machine producing a blue screen by sending a malformed HTTP packet.
This module triggers a null pointer dereference vulnerability in the SMB service by sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session.
Microsoft Windows could allow a remote attacker to execute arbitrary code or BSOD the system, caused by a design flaw in the Network File System component.
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution
This module crashes the target machine producing a blue screen by sending a malformed PPTP packet.
This module exploits a JNDI injection present in the log4j library. The deployed agent will run with the root user account privileges on Linux systems and with the same privileges than the user account that ran Apache James on Windows systems. This exploit will fail if the target system has jdk11.0.1 or newer.
This module exploits a default credentials on Raspberry pi because it has default username and password.
This module uses a reverse proxy bypass vulnerability to access restricted endpoints as declared in the analytics-proxy.conf file. Also, it uses an unauthenticated file upload vulnerability present in the DataAppAgentController class, when using the action=collect parameter. The deployed agent will run with root privileges.