This module exploits a .NET deserialization vulnerability in the Ad hoc Transfer Module of Progress WS_FTP Server. The vulnerability is in the DeserializeProcessor function of the MyFileUpload.UploadManager class.

The vulnerability exists due to application does not properly impose security restrictions in Windows File History Service, which leads to security restrictions bypass and privilege escalation and allows a local user to escalate privileges to NT AUTHORITY\SYSTEM.

This module exploits an OS Command Injection to deploy an agent in VMWare Aria Operations for Networks (aka vRealize Network Insight). The vulnerability is in the evictPublishedSupportBundles function of ScriptUtils class. The deployed agent will run with root user privileges.

This module exploits an OS Command Injection to deploy an agent in VMWare Aria Operations for Networks (aka vRealize Network Insight). The vulnerability is in the evictPublishedSupportBundles function of ScriptUtils class. The deployed agent will run with root user privileges.

This vulnerability allows remote attackers to execute arbitrary code on installations of Ivanti Avalanche, which can be exploited by malicious people to compromise a vulnerable system. Ivanti Avalanche is prone to a buffer-overflow vulnerability when handling a large amount of data, this can trigger an overflow in a finite-sized internal memory buffer.

The vulnerability exists due to application does not properly impose security restrictions in Windows Error Reporting Service, which leads to security restrictions bypass and privilege escalation and allows a local user (non included in Administrator group) to escalate privileges to NT AUTHORITY\SYSTEM.

In WinRAR versions prior to 6.23, there is a vulnerability that allows attackers to execute arbitrary code. This vulnerability occurs when a user tries to open a harmless file within a ZIP archive. The issue arises when the ZIP archive contains a benign file, such as a regular .PDF file, and also a folder with the same name as the benign file. During an attempt to access the benign file, the contents of the folder, which may include executable content, are processed, leading to the execution of arbitrary code.

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

This module exploits an SQL injection to deploy an agent in Progress MOVEit Transfer. The vulnerability is in the UserCheckClientCert function of MOVEit.DMZ.ClassLib.UserEngine class. The deployed agent will run with moveitsvc user privileges.

This module exploits an SQL injection to deploy an agent in Progress MOVEit Transfer. The vulnerability is in the UserProcessPassChangeRequest function of MOVEit.DMZ.ClassLib.UserEngine class. The deployed agent will run with moveitsvc user privileges.