This module uses a Privilege escalation vulnerability in QNAP Qcenter Virtual Appliance and an OS Command Injection vulnerability to gain arbitrary code execution on the affected system.
This module uses an Authentication Bypass vulnerability in Apache CouchDB and an OS Command Injection vulnerability to gain arbitrary code execution on the affected system.
PhpCollab is vulnerable to an unauthenticated php remote file inclusion, allowing attackers to execute arbitrary php code in the system.
This module uses an Authentication Bypass vulnerability in Dell EMC Data Protection Advisor and an OS Command Injection vulnerability to gain arbitrary code execution on the affected system.
Drupal is prone to an OS command injection vulnerability that allows attackers to take advantage of an improper validation of user-supplied data in the Form API Ajax Requests.
HPE Operations Orchestration Central is prone to a remote vulnerability that allows attackers to take advantage of an improper validation of user-supplied data, which can result in deserialization of untrusted data in OOHttpInvokerServiceExporter. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM.
Symantec Messaging Gateway is prone to an Authentication Bypass vulnerability that allows attackers to take advantage of an improper validation of user-supplied data in the RestoreAction.performRestore method. An attacker can leverage this vulnerability to execute arbitrary code in the context of root.
HPE Intelligent Management Center is prone to a remote vulnerability that allows attackers to take advantage of an improper validation of user-supplied data, which can result in deserialization of untrusted data in WebDMDebugServlet. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM.
TrendMicro is prone to an abuse in the talker.php function to get authentication bypass, combined with the mod TMCSS user-supplied unvalidated input before using it to execute a system calls leads us to execute arbitrary code. This exploit installs an OS Agent.
This module exploits a post authentication vulnerability in pfSense by abusing the system_groupmanager.php page which allows users to get Code Execution.