An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution
This module exploits a OGNL injection vulnerability present in the xwork jar file of Atlassian Confluence. The deployed agent will run with the confluence user privileges in linux and with NT AUTHORITY\\NETWORK SERVICE in windows.
This module exploits a vulnerability in Microsoft MSDT, which can be leveraged to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to open a malicious document.
This module uses ioctls to produce an integer overflow and generate a Denial of Service
This module crashes the target machine producing a blue screen by sending a malformed PPTP packet.
This module exploits a server-side template injection vulnerability present in the customError.ftl filter of VMware Workspace ONE Access. The deployed agent will run with horizon user privileges.
This module exploits a server-side template injection vulnerability present in the customError.ftl filter of VMware Workspace ONE Access. The deployed agent will run with horizon user privileges.
This module exploits an authentication bypass vulnerability present in iControl REST of F5 BIG-IP. The deployed agent will run with root privileges.
This module exploits an authentication bypass vulnerability present in iControl REST of F5 BIG-IP. The deployed agent will run with root privileges.
This module uses an unsafe data binding used to populate an object from request parameters to set a Tomcat specific ClassLoader in Spring MVC and Spring WebFlux applications in order to upload and execute a JSP file in the Tomcat virtual file system webapps directory.