This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits a buffer overflow on Disk Pulse Formats plugin when parsing a specially crafted .XML file. After the file is downloaded, the user must open it from the application, clicking on the Command option in the menu bar (or right clicking in the middle window), then choosing Import Command ... and selecting the file.
This module uses an arbitrary file upload vulnerability, an authentication bypass (which depends on the target version) and a information disclosure vulnerability in order to upload and execute a WAR file in the Tomcat webapps folder. Since the Apache Tomcat server is running with root (SYSTEM in Windows targets) user, the deployed agent will run with the same privileges.
The pdkinstall development plugin is incorrectly enabled in release builds of Atlassian Crowd and Crowd Data Center. An attacker can leverage this vulnerability to install a malicious plugin and execute code in the system.
An unauthenticated attacker can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host. The attacker must have network access to the Oracle Weblogic Server T3 interface.
This module exploits a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. The ContactAdministrators action doesn't require authentication but it's not enabled by default. The SendBulkMail does require authentication and the "JIRA Administrators" access level.
This module triggers a use after free vulnerability in the Remote Desktop Service by sending a malformed RDO packet to the 3389/TCP port.
This module exploits a vulnerability in Edge, getting Full Control over a file. This can be exploited to execute arbitrary code with System privileges.