An authentication bypass vulnerability in Progress OpenEdge allows unauthenticated remote attackers to authenticate in the target application as NT AUTHORITY/SYSTEM. The vulnerability is present in the native system library auth.dll, and is reached via the authorizeUser function. This module performs the vulnerability verification by creating an instance of the com.progress.chimera.adminserver.AdminContext class via the com.progress.chimera.adminserver.IAdminServer interface. All requests to target will be made using Java RMI requests.
An unmarshal reflection vulnerability in GlobalProtect feature of Palo Alto Networks PAN-OS software allows unauthenticated remote attackers to create empty arbitrary directories and files in the operating system. If device telemetry is enabled, then remote OS command injection is possible via the dt_curl python module. This module performs the vulnerability verification in three steps. The first step, does a control check using a random filename against the /images directory. Since this file shouldn't exist in the target webapp, the webserver will return a 404 HTTP code. The second step consists in using the vulnerability to try to create the file in the given location. The final step performs the first step again. If the file exists, then a 403 HTTP code is returned, proving that the file was created with the vulnerability. Any other HTTP code will be taken as the target system being not vulnerable.
This module connects to the remote host and attempts to determine by sending specially crafted requests, if the target is vulnerable or not to CVE-2024-0204 based on the inspection of the target's response. If the target is vulnerable, the module will create a new admin user in the target system using the provided credentials. If no credentials are provided, it will generate a random one. Also, the new admin credentials will be added as an identity.
This module connects to the remote host and attempts to determine by sending specially crafted requests, if the target is vulnerable to CVE-2023-27997. The detection of the vulnerability is probabilistic. The module does ~400 requests trigguering the heap overflow in a special way that it doesn't corrupt anything used in memory and another ~400 requests without doing the overflow. Then it calculates the mean of each group and does a Welch's T-Test. It could be the case that the result of the test is not reliable. In that case, the module is going to repeat the process. Therefore the module could need several minutes 10min, in order to have a good result.
This module connects to a remote target via any exposed DCE RPC endpoints and fingerprints them to determine if the machine appears to be compromised by the Conficker worm. The module is able to detect B, C and D variants of the worm.
This module connects to the remote host and attempts to determine by sending specially crafted requests, if the target is vulnerable to CVE-2023-20198 based on the inspection of the target's response. If the target is vulnerable, the module will create a new local administrator user in the target system using the provided credentials. Also, the new credentials will be added as an identity.