This module exploits an authentication bypass in Veeam.Backup.ServiceLib.CForeignInvokerNegotiateAuthenticator.Authenticate. Then a file upload present in ExecuteUploadManagerPerformUpload is used to copy the Web.config file to the Webapp root foler in order to extract the machineKey values to create a ysoserial.NET payload to execute commands. The deployed agent will run with the privileges of the "IIS Worker Process" process (NT AUTHORITY\\NETWORK SERVICE).
This module exploits a JNDI injection present in the log4j library. The deployed agent will run with the same privileges than the user account that ran Solr Server. This exploit will fail if the target system has jdk8u191 or newer.
This module exploits a JNDI injection present in the log4j library. The deployed agent will run with the root user account privileges on Linux systems and with SYSTEM privileges on Windows systems.
Improper initialization of the flags member of the pipe buffer structure in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel, could allow an unprivileged local user to write to pages in the page cache backed by read-only files and escalate privileges on the system. This module creates a new pipe buffer with the PIPE_BUF_FLAG_CAN_MERGE flag which controls coalescing of writes into a pipe buffer and thus allows for writing to an existing page spliced into the pipe. When a file backs this spliced page, the change is reflected to the shared system-wide view of the file in memory and any subsequent cache flush will write the manipulated data to disk ignoring existing Linux permissions settings.
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space.
This module exploits a default credentials on Raspberry pi because it has default username and password.
This module exploits a heap overflow in ntfs.sys by calling to the "NtQueryEaFile" function with crafted parameters.
This module exploits a path traversal vulnerability present in the getPluginAssets function of Grafana which allows an attacker to download system files through specially crafted HTTP resource requests.
This module exploits a JNDI injection present in the log4j library. The deployed agent will run with the admin user account privileges.
This module exploits a JNDI injection present in the log4j library. The deployed agent will run with the root user account privileges on Linux systems and with SYSTEM privileges on Windows systems.