A java unsafe reflection vulnerability present in Gremlin scripting feature of Apache HugeGraph allows remote attackers to execute system commands in the context of the affected application. This module exploits the vulnerability by sending scripts to the vulnerable endpoint (/gremlin) that bypasses the checks made by the callFromWorkerWithClass function. The bypass consist in changing the current thread name to something else than doesn't contain "gremlin-server-exec" nor "task-worker".

A java unsafe reflection vulnerability present in Gremlin scripting feature of Apache HugeGraph allows remote attackers to execute system commands in the context of the affected application. This module exploits the vulnerability by sending scripts to the vulnerable endpoint (/gremlin) that bypasses the checks made by the callFromWorkerWithClass function. The bypass consist in changing the current thread name to something else than doesn't contain "gremlin-server-exec" nor "task-worker".

Wordpress POST SMPT Plugin is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover.

This module exploits a OGNL injection vulnerability present in the text-inline.vm file of Atlassian Confluence. The deployed agent will run with the confluence user privileges in linux and with NT AUTHORITY\\NETWORK SERVICE in windows.

Wordpress Ultimate Member Plugin allows to unauthenticated users to add admin members on a website.

This module exploits a Java deserialization vulnerability via Openwire protocol by sending a crafted payload as a throwable class type. The deployed agent will run with the same user account privileges as the Apache ActiveMQ application.

This module exploits a java deserialization vulnerability present in InternalClusterController class that is reachable via several endpoints of VMware Aria Operations for Logs. The deployed agent will run with root privileges.

A vulnerability in the SetupCompleted class allows to unauthenticated remote code attackers to execute system commands. The deployed agent will run with SYSTEM privileges.

A vulnerability in the SetupCompleted class allows to unauthenticated remote code attackers to execute system commands. The deployed agent will run with SYSTEM privileges.

This module exploits the unauthenticated endpoint of the Backup Service in Veeam Backup and Replication. The deployed agent will run with the privileges of the "SQL Server" process (NT AUTHORITY\\SYSTEM).