This module exploits a deserialization vulnerability present in WebParts object via TypeConverters of Microsoft SharePoint Server to deploy an agent. The deployed agent will run with the SharePoint Server service account privileges.
This module exploits a deserialization vulnerability present in the DataSet object of Microsoft SharePoint Server to deploy an agent. The deployed agent will run with the SharePoint Server service account privileges.
This module exploits a server side include vulnerability present in CreateChildControls of Microsoft.SharePoint.WebPartPages.DataFormWebPart class of Microsoft SharePoint Server to deploy an agent. The deployed agent will run with the SharePoint Server service account privileges.
This module uses an unauthenticated java deserialization vulnerability via T3 protocol in Oracle Weblogic Server to upload and execute a java class file to gain arbitrary code execution on the affected system.
Oracle WebLogic Server is prone to a remote vulnerability that allows unauthenticated attackers to execute system commands. By exploiting known methods, it is possible to remotely instantiate several java classes that allows to execute system commands.
Oracle Coherence (Caching, CacheStore and Invocation Components) is prone to a remote vulnerability that allows attackers to take advantage of a Java deserialization vulnerability. By exploiting known methods, it is possible to remotely connect to the Coherence port via T3 protocol to invoke the extract method of the ReflectionExtractor class, which allows the execution of system commands. ExtractorComparator class is used to access ReflectionExtractor class, a bypass for the original patch for CVE-2020-2555.
Multiple stack buffer overflows were found in the MSI AmbientLink MsIo64 driver when processing IoControlCode (IOCTL) 0x80102040, 0x80102044, 0x80102050, 0x80102054. Local attackers, including low integrity processes, can exploit these vulnerabilities and consequently gain NT AUTHORITY\SYSTEM privileges.
An elevation of privilege vulnerability exists in Windows when the DNS Server component fails to properly handle certain types of request.
The vulnerability allows read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via MmMapIoSpace().
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0.