This module exploits an Integer Overflow in module sxssrv of CSRSS to produce an integer overflow and generate a Denial of Service
This module exploits a Zoho ManageEngine Password Manager Pro present in the org.apache.xmlrpc.parser.XmlRpcRequestParser class of Zoho ManageEngine Password Manager Pro. The deployed agent will run with SYSTEM privileges.
This module triggers a null pointer dereference vulnerability in the SMB service by sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session.
An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
This module exploits a server side request forgery present in getKeyInfoData function of oracle.security.xmlsec.keys.RetrievalMethod. Chained with a deserialization vulnerability present in the ADF Faces framework to deploy an agent in the system running Oracle Access Manager.
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
Microsoft Windows could allow a remote attacker to execute arbitrary code or BSOD the system, caused by a design flaw in the Network File System component.
An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
This module exploits a vulnerability in Microsoft MSDT, which can be leveraged to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to open a malicious document.
This module uses ioctls to produce an integer overflow and generate a Denial of Service