Known Vulnerabilities | Core Security

This module exploits an SQL injection to deploy an agent in Progress MOVEit Transfer. The vulnerability is in the UserCheckClientCert function of MOVEit.DMZ.ClassLib.UserEngine class. The deployed agent will run with moveitsvc user privileges.

This module exploits an SQL injection to deploy an agent in Progress MOVEit Transfer. The vulnerability is in the UserProcessPassChangeRequest function of MOVEit.DMZ.ClassLib.UserEngine class. The deployed agent will run with moveitsvc user privileges.

This module exploits an CL Command Injection in IBM i DDM Service to upload an agent as a .zip file to a writable directory using printf commands in a QSHell session. Then another QSHell session is used to execute it and then remove the zip file.

This module exploits an SQL injection to deploy an agent in Progress MOVEit Transfer. The vulnerability is in the UserGetUsersWithEmailAddress function of UserEngine class. The deployed agent will run with moveitsvc user privileges.

This module exploits a custom java bean validator to deploy an agent in VMware Workspace ONE Access. The vulnerability is in the validateClaimRuleCondition function of ClaimTransformationHelper class. The deployed agent will run with horizon user privileges.

This module exploits an OS command injection vulnerability present in the ChangePasswordAction function.

Subscribe to Known Vulnerabilities

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum