An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts.
IBM i Access Client Solutions is vulnerable to DLL hijacking when certain features are run on a Windows operating system that leverage native code. IBM has addressed this CVE by providing a fix to IBM i Access Client Solutions as described in the remediation/fixes section. The attacker must entice a victim into opening a specially crafted .hod, .bchx, .ws, .dttx and dtfx file. This file and the associated binary may be delivered to a user through remote WebDAV shares or zipped attach. An attacker may exploit this issue to execute arbitrary code.
This module exploits a XStream deserialization vulnerability to deploy an agent in VMware Workspace ONE Access that will run with root user privileges. The vulnerability is present in the resetPassword method of com.vmware.vshield.vsm.usermgmt.restcontroller.UserMgmtController class via the @RequestBody parameter with SecurityProfileDto type which sets the serializer to the vulnerable XStream.
This module exploits a XStream deserialization vulnerability to deploy an agent in VMware Workspace ONE Access that will run with root user privileges. The vulnerability is present in the resetPassword method of com.vmware.vshield.vsm.usermgmt.restcontroller.UserMgmtController class via the @RequestBody parameter with SecurityProfileDto type which sets the serializer to the vulnerable XStream.
Subscribe to Impact