This module verifies the Mark Of The Web Vulnerability.



Windows ZIP extraction bug (CVE-2022-41049) lets attackers craft ZIP files, which evade warnings on attempts to execute packaged files, even if ZIP file was downloaded from the Internet.

A SMB1 Client with write access to a share can cause server memory contents to be written into a file or printer.

JNDI features used in configuration, log messages, and parameters present in Apache Log4j2 do not protect against attacker controlled LDAP and other JNDI related endpoints. This library, used by IBM DB2 Web Query for IBM i, allows unauthenticated attackers to execute system commands.

Atlassian Questions for Confluence creates a Confluence user account with the username disabledsystemuser.

The disabledsystemuser account is created with a hardcoded password and is added to the confluence-users group, which allows viewing and editing all non-restricted pages within Confluence by default

A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access any pages the confluence-users group has access to.

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users.

A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

A new update was created in order to eliminate the necessity of passing a NetBIOS name as parameter instead of an IP address.

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. This module tries to determine remotely, if the target host is either vulnerable to CVE-2020-1472 or not.

This module will send various malformed messages over ssl to the target service in order to detect a discrepancy between the server's responses, if this is the case, it will mark said target as vulnerable to this kind of attacks (ROBOT attack)