This module exploits an improper privilege management in the AMD Radeon Graphics driver that allows an authenticated attacker to craft an IOCTL request to gain I/O control over virtual addresses resulting in a potential arbitrary code execution.
Oracle WebLogic Server is prone to a remote vulnerability that allows attackers to take advantage of a Java deserialization vulnerability. By exploiting known methods, the module establishes a remote connection to the RMI Registry and loads a UnicastRef Object. This manipulation allows for the execution of system commands, enabling remote code execution on the targeted host. The bypass technique involves changing the RMI interface type to java.rmi.activation.Activator.
This module exploits a path traversal vulnerability present in the accountID parameter of the doPost method of com.ilient.server.UserEntry class to deploy an agent. The vulnerability is used to upload a WAR file inside a subdirectory of the web server's root directory to deploy an agent. The deployed agent will run with the same privileges than the SysAid webapp.
This module exploits a path traversal vulnerability present in the accountID parameter of the doPost method of com.ilient.server.UserEntry class to deploy an agent. The vulnerability is used to upload a WAR file inside a subdirectory of the web server's root directory to deploy an agent. The deployed agent will run with the same privileges than the SysAid webapp.
This module exploits an elevation of privilege vulnerability exists due to the MS KS Server kernel module allow accessing memory out of bounds. The vulnerability could allows an attacker to run code with elevated privileges.
This module connects to the remote host and attempts to determine by sending specially crafted requests, if the target is vulnerable or not to CVE-2023-22518 based on the inspection of the target's response.
This module exploits an AJP request smuggling vulnerability present in the Traffic Management User Interface (TMUI) of F5 BIG-IP to deploy an agent. The deployed agent will run with root privileges.
This module exploits an AJP request smuggling vulnerability present in the Traffic Management User Interface (TMUI) of F5 BIG-IP to deploy an agent. The deployed agent will run with root privileges.
This module exploits a Java deserialization vulnerability via Openwire protocol by sending a crafted payload as a throwable class type. The deployed agent will run with the same user account privileges as the Apache ActiveMQ application.
The mskssrv.sys driver before 10.0.22621.1 exposes functionality that allows low-privileged users to read and write arbitrary memory via specially crafted IOCTL requests and elevate system privileges.
Pagination
- Previous page
- Page 17
- Next page