This module uses a file upload vulnerability in Elefant CMS to gain arbitrary code execution on the affected system.
This module exploits an authentication bypass and a file upload vulnerability in Boonex Dolphin to install an agent.
A vulnerability exists in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP addresses from accessing the device. By abusing the blockip variable, an attacker can achieve remote code execution.
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site. This registration works even when registration has been disabled. This module exploits this vulnerability to add an administrator user to the Joomla database. Notice that this account could need registration confirmation (activation).
An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java object to the Jenkins CLI, making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading to code execution, bypassing existing protection mechanisms. This can be exploited by malicious local attackers to gain SYSTEM privileges on Windows targets.
A buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header in a PROPFIND request.
HPE Intelligent Management Center is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the RMI Registry service used to manage and monitor the Java Virtual Machine.
The CG6Service Service has the SetPeLauncherState method which allows a user to launch a debugger automatically for a determined process. This can be abused by an attacker to gain SYSTEM privileges by attaching to a SYSTEM process.
3S-Smart Software Solutions GmbH CODESYS Web Server is prone to upload a crafted configuration file and it produce a buffer-overflow vulnerability when handling a XML tag content, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with same privileges than server.
Ichitaro Office is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .XLS document. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.