This module connects to the remote host and attempts to determine by sending specially crafted requests, if the target is vulnerable or not to CVE-2023-22518 based on the inspection of the target's response.
This module exploits an AJP request smuggling vulnerability present in the Traffic Management User Interface (TMUI) of F5 BIG-IP to deploy an agent. The deployed agent will run with root privileges.
This module exploits an AJP request smuggling vulnerability present in the Traffic Management User Interface (TMUI) of F5 BIG-IP to deploy an agent. The deployed agent will run with root privileges.
This module exploits a Java deserialization vulnerability via Openwire protocol by sending a crafted payload as a throwable class type. The deployed agent will run with the same user account privileges as the Apache ActiveMQ application.
This module uses broken access control vulnerability via SafeParametersInterceptor class in Atlassian Confluence to create a new admin user in the target system using the provided credentials. If no credentials are provided, it will generate a random one. This admin account is then used to upload a Servlet plugin JAR file to deploy an agent. The deployed agent will run with the same privileges than the Confluence instance.
The mskssrv.sys driver before 10.0.22621.1 exposes functionality that allows low-privileged users to read and write arbitrary memory via specially crafted IOCTL requests and elevate system privileges.
Arcserve UDP Agent from version 7.0 to 9.0 allows authentication bypass. The method getVersionInfo in WebServiceImpl/services/FlashServiceImpl exposes the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. It is also possible to obtain administrator credentials. Also, the credentials of the ArcServe UDP Agent are added as an identity. This module tries to determine remotely, if the target host is either vulnerable to CVE-2023-26258 or not.
This module exploits an OS Command Injection to deploy an agent in Jetbrains TeamCity. The vulnerability is in the requestPreHandlingAllowed function, which doesn't enforce authentication in HTTP requests with a path that ends with /RPC2.
This module exploits an OS Command Injection to deploy an agent in Jetbrains TeamCity. The vulnerability is in the requestPreHandlingAllowed function, which doesn't enforce authentication in HTTP requests with a path that ends with /RPC2.
This module exploits a .NET deserialization vulnerability in the Ad hoc Transfer Module of Progress WS_FTP Server. The vulnerability is in the DeserializeProcessor function of the MyFileUpload.UploadManager class.