Disk Sorter Enterprise server is prone to a buffer-overflow vulnerability when handling a crafted login request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.
VIPA Controls WinPLC7 is prone to a buffer-overflow vulnerability when handling a crafted package, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with normal user privileges.
ConQuest DICOM server is prone to a buffer-overflow vulnerability when handling a crafted package, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with normal user privileges.
Dup Scout server is prone to a buffer-overflow vulnerability when handling a crafted login request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.
Disk Savvy server is prone to a buffer-overflow vulnerability when handling a crafted GET request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.
This module exploits a vulnerability in the WebEx extension for Chrome. The module will start a web server and serve a specially crafted page. The page will execute a series of PowerShell commands to download an executable file from Impact's web server and execute it. The vulnerability requires that the attack web page be served using HTTPS. See "Special comments" for futher detail.
This module exploits a use after free vulnerability while manipulating DOM events and removing audio elements due to errors in the handling of node adoption in Mozilla Firefox. This module runs a web server waiting for vulnerable clients (Mozilla Firefox) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a use-after-free vulnerability in SVG Animation, part of "xul.dll".
This module exploits a vulnerability in win32k.sys. By forcing an invalid combination of window style and window menu, a local attacker can trigger a kernel arbitrary right, resulting in elevated privileges.
VX Search Enterprise is prone to a buffer-overflow vulnerability when handling a crafted request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.