Impact | Core Security

This module exploits a path traversal vulnerability present in the accountID parameter of the doPost method of com.ilient.server.UserEntry class to deploy an agent. The vulnerability is used to upload a WAR file inside a subdirectory of the web server's root directory to deploy an agent. The deployed agent will run with the same privileges than the SysAid webapp.

This module exploits an elevation of privilege vulnerability exists due to the MS KS Server kernel module allow accessing memory out of bounds. The vulnerability could allows an attacker to run code with elevated privileges.

This module connects to the remote host and attempts to determine by sending specially crafted requests, if the target is vulnerable or not to CVE-2023-22518 based on the inspection of the target's response.

This module exploits an AJP request smuggling vulnerability present in the Traffic Management User Interface (TMUI) of F5 BIG-IP to deploy an agent. The deployed agent will run with root privileges.

This module exploits a Java deserialization vulnerability via Openwire protocol by sending a crafted payload as a throwable class type. The deployed agent will run with the same user account privileges as the Apache ActiveMQ application.

The mskssrv.sys driver before 10.0.22621.1 exposes functionality that allows low-privileged users to read and write arbitrary memory via specially crafted IOCTL requests and elevate system privileges.

This module exploits an OS Command Injection to deploy an agent in Jetbrains TeamCity. The vulnerability is in the requestPreHandlingAllowed function, which doesn't enforce authentication in HTTP requests with a path that ends with /RPC2.

Subscribe to Impact

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum