This module exploits a path traversal vulnerability present in the accountID parameter of the doPost method of com.ilient.server.UserEntry class to deploy an agent. The vulnerability is used to upload a WAR file inside a subdirectory of the web server's root directory to deploy an agent. The deployed agent will run with the same privileges than the SysAid webapp.
This module exploits a path traversal vulnerability present in the accountID parameter of the doPost method of com.ilient.server.UserEntry class to deploy an agent. The vulnerability is used to upload a WAR file inside a subdirectory of the web server's root directory to deploy an agent. The deployed agent will run with the same privileges than the SysAid webapp.
This module exploits an AJP request smuggling vulnerability present in the Traffic Management User Interface (TMUI) of F5 BIG-IP to deploy an agent. The deployed agent will run with root privileges.
This module exploits an AJP request smuggling vulnerability present in the Traffic Management User Interface (TMUI) of F5 BIG-IP to deploy an agent. The deployed agent will run with root privileges.
This module exploits an OS Command Injection to deploy an agent in Jetbrains TeamCity. The vulnerability is in the requestPreHandlingAllowed function, which doesn't enforce authentication in HTTP requests with a path that ends with /RPC2.
This module exploits an OS Command Injection to deploy an agent in Jetbrains TeamCity. The vulnerability is in the requestPreHandlingAllowed function, which doesn't enforce authentication in HTTP requests with a path that ends with /RPC2.
This module exploits a .NET deserialization vulnerability in the Ad hoc Transfer Module of Progress WS_FTP Server. The vulnerability is in the DeserializeProcessor function of the MyFileUpload.UploadManager class.
This module exploits a .NET deserialization vulnerability in the Ad hoc Transfer Module of Progress WS_FTP Server. The vulnerability is in the DeserializeProcessor function of the MyFileUpload.UploadManager class.
This module exploits an OS Command Injection to deploy an agent in VMWare Aria Operations for Networks (aka vRealize Network Insight). The vulnerability is in the evictPublishedSupportBundles function of ScriptUtils class. The deployed agent will run with root user privileges.
This module exploits an OS Command Injection to deploy an agent in VMWare Aria Operations for Networks (aka vRealize Network Insight). The vulnerability is in the evictPublishedSupportBundles function of ScriptUtils class. The deployed agent will run with root user privileges.