Impact | Core Security

This module triggers a heap-based buffer overflow vulnerability in the DHCP service by sending a malformed DHCPv6 Relay-forward message.

This module exploits an SQL injection to deploy an agent in Progress MOVEit Transfer. The vulnerability is in the UserGetUsersWithEmailAddress function of UserEngine class. The deployed agent will run with moveitsvc user privileges.

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.

An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

A vulnerability in Oracle WebLogic Server (component: Core) which can be exploited through the T3/IIOP protocol network, which transfers information between WebLogic servers and other Java programs. This vulnerability found in Oracle WebLogic Server can lead to remote code execution.

This module exploits a custom java bean validator to deploy an agent in VMware Workspace ONE Access. The vulnerability is in the validateClaimRuleCondition function of ClaimTransformationHelper class. The deployed agent will run with horizon user privileges.

A vulnerability in the SetupCompleted class allows to unauthenticated remote code attackers to execute system commands. The deployed agent will run with SYSTEM privileges.

Subscribe to Impact

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum