This update adds the capability to escalate privileges for python agents running on IBM i through Object Authority on User Profile

This module exploits a design flaw in Microsoft Windows. The NTLM reflection attack in local authentication allows a local attacker to write arbitrary files and get SYSTEM privileges.

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

This module verifies the Mark Of The Web Vulnerability.



Windows ZIP extraction bug (CVE-2022-41049) lets attackers craft ZIP files, which evade warnings on attempts to execute packaged files, even if ZIP file was downloaded from the Internet.

CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. This module allows us to deploy an agent in a remote vulnerable target.

Windows Backup Service allows an unprivileged user to delete files.



This Update removes the Early Release Tag, change the default file to be deleted and make a backup of the file before deleting it.

Windows Backup Service allows an unprivileged user to delete files.

A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This module allows to create a user with root privileges.

This update exploits a deserialization vulnerability in SerializationTypeConverter when converting powershell remoting objects to execute OS commands as SYSTEM.