The BITS service exposes functionality that allows low-privileged users to write arbitrary files and elevate system privileges.
The update functionality of the Cisco AnyConnect Secure Mobility Client for Windows is affected by a path traversal vulnerability that allows local attackers to create/overwrite files on arbitrary locations and gain system privileges with an uncontolled serach path vulnerability.
The vulnerability allows read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via MmMapLockedPages and MmBuildMdlForNonPagedPool.
A stack-based buffer overflow in WECON LeviStudioU allows an attacker to execute arbitrary code via crafted .XML file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Eaton HMISoft is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .VU3 document. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits a deserialization vulnerability present in the BrowserNavigationCorrector class of Microsoft SQL Server Reporting Services to deploy an agent. The deployed agent will run with the Report Server service account privileges.
This module exploits a deserialization vulnerability in the Microsoft Exchange Control Panel. The lack of randomization in the validationKey and decryptionKey values allows an attacker to create a crafted viewstate to execute OS commands an deploy an agent. The deployed agent will run with SYSTEM privileges.
This module exploits an OS command injection vulnerability in Kinetica. The lack of sanitisation for the input of the getLogs function could be exploited to allow an authenticated attacker to run remote code on the underlying operating system an deploy an agent.
This module uses an authentication bypass and a SQL injection vulnerability in order to upload and execute a JSP file in the Wildfly virtual file system webapps directory. The deployed agent will run with SYSTEM or ROOT privileges.