This module exploits an OS command injection vulnerability present in the ChangePasswordAction function.
A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device.
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts.
This module exploits a XStream deserialization vulnerability to deploy an agent in VMware Workspace ONE Access that will run with root user privileges. The vulnerability is present in the resetPassword method of com.vmware.vshield.vsm.usermgmt.restcontroller.UserMgmtController class via the @RequestBody parameter with SecurityProfileDto type which sets the serializer to the vulnerable XStream.
This module exploits a XStream deserialization vulnerability to deploy an agent in VMware Workspace ONE Access that will run with root user privileges. The vulnerability is present in the resetPassword method of com.vmware.vshield.vsm.usermgmt.restcontroller.UserMgmtController class via the @RequestBody parameter with SecurityProfileDto type which sets the serializer to the vulnerable XStream.
This module exploits a java deserialization vulnerability present in the CewolfRenderer servlet. Also, this module exploits a blind XXE vulnerability present in the ProcessTrackingListener class.
This module exploits a java deserialization vulnerability present in the CewolfRenderer servlet. Also, this module exploits a blind XXE vulnerability present in the ProcessTrackingListener class.