An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system.
An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects.
This module exploits a vulnerability in FreeBSD. The sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace program to modify control message headers after they were validation.
Multiple vulnerabilities in Cisco AnyConnect Posture for Windows could allow an authenticated local attacker, to execute arbitrary commands with SYSTEM user privileges.
This module exploits a OS Command Injection via ASP.NET markup vulnerability present in the WikiContentWebpart Web Part of Microsoft SharePoint Server to deploy an agent. The deployed agent will run with the SharePoint Server service account privileges.
This module exploits a deserialization vulnerability present in WebParts object via TypeConverters of Microsoft SharePoint Server to deploy an agent. The deployed agent will run with the SharePoint Server service account privileges.
This module exploits a deserialization vulnerability present in the DataSet object of Microsoft SharePoint Server to deploy an agent. The deployed agent will run with the SharePoint Server service account privileges.
This module exploits a server side include vulnerability present in CreateChildControls of Microsoft.SharePoint.WebPartPages.DataFormWebPart class of Microsoft SharePoint Server to deploy an agent. The deployed agent will run with the SharePoint Server service account privileges.
This module uses an unauthenticated java deserialization vulnerability via T3 protocol in Oracle Weblogic Server to upload and execute a java class file to gain arbitrary code execution on the affected system.
Oracle WebLogic Server is prone to a remote vulnerability that allows unauthenticated attackers to execute system commands. By exploiting known methods, it is possible to remotely instantiate several java classes that allows to execute system commands.