The 'recentVersion' explude_ip parameter in the discoveries endpoint is vulnerable to OS Command Injection, this module exploits this vulneravility in order to install an agent
This module exploits an OS command injection vulnerability in Artica Pandora FMS. The lack of sanitisation for the input of the Events function could be exploited to allow an authenticated attacker to run remote code on the underlying operating system an deploy an agent.
This module exploits a deserialization vulnerability present in the BrowserNavigationCorrector class of Microsoft SQL Server Reporting Services to deploy an agent. The deployed agent will run with the Report Server service account privileges.
This module exploits a deserialization vulnerability in the Microsoft Exchange Control Panel. The lack of randomization in the validationKey and decryptionKey values allows an attacker to create a crafted viewstate to execute OS commands an deploy an agent. The deployed agent will run with SYSTEM privileges.
This module exploits an OS command injection vulnerability in Kinetica. The lack of sanitisation for the input of the getLogs function could be exploited to allow an authenticated attacker to run remote code on the underlying operating system an deploy an agent.
This module exploits an unauthenticated OS command injection vulnerability in rConfig using the rootUname parameter present in ajaxServerSettingsChk.php. Also, this module exploits an authenticated OS command injection vulnerability using the catCommand parameter present in search.crud.php.
This module exploits a javascript command injection vulnerability in Kibana, in the Timelion application.
This module exploits an OS command injection vulnerability in Apache Solr, via the Velocity Template.
An unauthenticated attacker can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host. The attacker must have network access to the Oracle Weblogic Server T3 interface.
This module exploits a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. The ContactAdministrators action doesn't require authentication but it's not enabled by default. The SendBulkMail does require authentication and the "JIRA Administrators" access level.