This vulnerability allows unauthenticated attackers to read arbitrary files on the Jenkins controller file system by exploiting a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents. This could expose sensitive information and compromise the integrity of the system. This exploit does not install any agent.
Microsoft Windows Internet Shortcut is prone to a vulnerability that may allow remote attackers to bypass the SmartScreen security feature. The specific flaw exists within the handling of Internet Shortcut (.URL) files. The issue results from the lack of a security check on chained Internet Shortcut files. An attacker can leverage this vulnerability to execute code in the context of the current user.
This exploit leverages an Information Disclosure vulnerability in Microsoft Outlook. By sending a mail crafting a malicious path, an attacker can coerce authentication to an untrusted server and steal NTLM hashes. This exploit does not install an agent, it manages to obtain the NTML hash of a legitimate user.
This module triggers a memory corruption vulnerability in the Event Log Service by sending a malformed packet. It can be used by a remote attacker to stop recording events of important software so will left no traces. For example, if an attacker installs an agent on a domain-joined workstation. He can remotely stop the domain controller's Event Log service.
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
Wordpress POST SMPT Plugin is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover.
This exploit leverages an Information Disclosure vulnerability in Microsoft WordPad. The vulnerability is associated with legacy functionality to convert an OLE 1 storage object (OLESTREAM) to the new IStorage format. By crafting a file with a malicious OLE 1 LinkedObject, an attacker can coerce authentication to an untrusted server and steal NTLM hashes. This exploit does not install an agent, it manages to obtain the NTML hash of a legitimate user.
This module exploits a OGNL injection vulnerability present in the text-inline.vm file of Atlassian Confluence. The deployed agent will run with the confluence user privileges in linux and with NT AUTHORITY\\NETWORK SERVICE in windows.
The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to a double-fetch that causes an integer overflow, which can result in out-of-bounds memory write to non-paged pool memory. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by calling to the WSASendMsg function with crafted parameters.
Wordpress Ultimate Member Plugin allows to unauthenticated users to add admin members on a website.