A directory traversal vulnerability in the /clients/MyCRL endpoint of sslvpn.full allows unauthenticated remote attackers to download system files. This module exploits the directory traversal to download the file specified in the "FILE PATH" parameter and to save it locally in the location specified in the "OUTPUT PATH" parameter.

A directory traversal vulnerability in the WebResourceServiceImpl class of org.sonatype.nexus.internal.webresources allows unauthenticated remote attackers to download any file, including system files outside of Sonatype Nexus Repository Manager application scope. This module exploits the directory traversal to download the file specified in the "FILE PATH" parameter and to save it locally in the location specified in the "OUTPUT PATH" parameter.

This module uses a server side template injection vulnerability in CrushFTP to check if the target is vulnerable to CVE-2024-4040 . If the target is vulnerable, the module will download the specified file and log several server variables.

The Cloud Files Mini Filter Driver (cldflt.sys) present in Microsoft Windows is vulnerable to a buffer overflow, which can result in out-of-bounds memory write to paged pool memory. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges.

An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as

This vulnerability allows an attacker to bypass the string comparison of the request path and access the setup wizard ("/SetupWizard.aspx") even on already-configured ScreenConnect instances. By exploiting this vulnerability and gaining access to the setup wizard, an attacker can create an administrative user and upload a malicious ScreenConnect extension to achieve remote code execution (RCE) on the ScreenConnect server. The vulnerable version of the ScreenConnect program is version 23.9.7 and earlier.

This vulnerability allows an attacker to bypass the string comparison of the request path and access the setup wizard ("/SetupWizard.aspx") even on already-configured ScreenConnect instances. By exploiting this vulnerability and gaining access to the setup wizard, an attacker can create an administrative user and upload a malicious ScreenConnect extension to achieve remote code execution (RCE) on the ScreenConnect server. The vulnerable version of the ScreenConnect program is version 23.9.7 and earlier.

This module connects to the remote host and attempts to determine by sending specially crafted requests, if the target is vulnerable or not to CVE-2024-21762 based on the inspection of the target's response.

This module exploits an OS Command Injection to deploy an agent in Jetbrains TeamCity. The vulnerability is in the handleRequestInternal method of the BaseController class which allows bypass of authentication in HTTP requests with a path that return a 404 response and that contain an HTTP parameter named jsp. The path must end with the ".jsp" string and cannot contain the "admin/" string.

This module exploits an OS Command Injection to deploy an agent in Jetbrains TeamCity. The vulnerability is in the handleRequestInternal method of the BaseController class which allows bypass of authentication in HTTP requests with a path that return a 404 response and that contain an HTTP parameter named jsp. The path must end with the ".jsp" string and cannot contain the "admin/" string.