This module first exploits a server side request forgery vulnerability present in Microsoft.Exchange.HttpProxy of Microsoft Exchange Server to bypass authentication. Then an arbitrary file write vulnerability present in WriteFileActivity of Microsoft.Exchange.Management.ControlPanel.DIService is used to deploy a .aspx file and execute commands. The deployed agent will run with the SYSTEM privileges.
This module exploits a path traversal vulnerability in the FortiOS SSL VPN web portal which allows an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.
An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
This module exploits a vulnerability in SaferVPN loading a malicious OpenSSL engine.
An elevation of privilege vulnerability exists in the way the Windows WalletService handles objects in memory.
An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system bypassing CVE-2020-1048.
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system.