This module exploits a privilege escalation vulnerability in OrientDB by abusing SQL queries on OUser/ORole without the privileges which allows users to get Code Execution

This module exploits a Java deserialization bug in Apache Struts REST XStreamHandler which allows users to get Code Execution

This module exploits an arbitrary file upload in DotCMS to install an agent.

This module exploits a command injection vulnerability in REDDOXX Appliance to install an agent. The deployed agent will run with ROOT privileges.

This module exploits an arbitrary file upload in Trend Micro Mobile Security for Enterprise to install an agent.

This module exploits a zip file upload directory traversal in ATutor AContent to install an agent.

This module exploits a directory traversal arbitrary file upload in Schneider Electric U.Motion Builder to install an agent.

Remote Code Execution when performing file upload based on Jakarta Multipart parser.

This module exploits a SQL Injection vulnerability in Joomla which allows gathering of users and password hashes by parsing SQL output errors

PHPMailer is prone to a abuse the mailSend function. This vulnerability allows remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. The attack will not leave any trace. This exploit installs an OS Agent.