OpenKM allows administrative users (those having the AdminRole) to run bean shell scripts. Due to this permission an attacker could lure an OpenKM administrator to a malicious web page that causes arbitrary OS commands to run in the administrators OpenKM session context.
The LANDesk web application does not sufficiently verify if a well-formed request was created by the user whose browser submitted the request. Using this flaw an external remote attacker can use a Cross-site Request Forgery attack via a user with a LANDesk session to run arbitrary code using the gsbadmin user (that is the user running the web-server), the gsbadmin user has sudo privileges. Looking at /etc/sudoers, you can see that the attacker can also take down the firewall (injecting: ; sudo /subin/firewall stop into DRIVES) and load arbitrary kernel modules (injecting ; sudo /subin/modprobe /tmp/a_module), effectively taking complete control of the server. In order to be able to successfully make the attack, the administrator must be logged in to the appliance with the browser that the attacker uses to make the attack (for instance, exploiting a XSS in a different tab in the browser).
This module implements the SMB Relay attack to install an agent in the target machine.
This module exploits a vulnerability in win32k.sys when a crafted OTF file is open by Internet Explorer. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it.
This module causes a DoS in win32k.sys when attempts are made to render a malformed embedded font. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it.
This module exploits a remote vulnerability in Microsoft Windows SMB client allowing the attacker to cause a DoS in the remote host.
This module exploits a vulnerability in mrxsmb.sys when it responses to the client with a malformed SMB packet.
This module sends a malformed NetBIOS packet which causes the execution of an infinite loop in the target system
This module exploits a kernel memory corruption on win32k.sys, allowing remote attackers to restart the computer via a specially crafted EMF image file.
This module causes a DoS in win32k.sys when attempts to render an embedded font. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it.