This module exploits a vulnerability in the NVIDIA Stereoscopic 3D Driver Service. It will wait for users to login on the target system, installing agents for every user, until being able to install an agent for a user in the Built In Administrators group.
The amd64_set_ldt() function in sys/amd64/amd64/sys_machdep.c in the FreeBSD kernel code is prone to an integer signedness error when processing a system call with specially crafted parameters originated from user space. This issue ultimately leads to a kernel heap overflow, which can be used by unprivileged local attackers to cause a kernel panic and crash the machine.
This module exploits a SQL Injection vulnerability in Joomla which allows gathering of users and password hashes by parsing SQL output errors
A vulnerability exists in the FileUpload2Controller servlet. This servlet allows unauthenticated file uploads. By uploading a JSP file, an attacker can achieve remote code execution.
The specific flaw exists in fsws.exe (Easy Fila Sharing server) when handling specially crafted GET requests.
The Adobe updater service, armsvc, exposes 2 service codes and a shared memory section. Those elements combined, allow a local attacker to execute code as SYSTEM.
The join_session_keyring() function in security/keys/process_keys.c in the Linux kernel is prone to a reference counter overflow that occurs when a process repeatedly tries to join an already existing keyring. This vulnerability can be leveraged by local unprivileged attackers to gain root privileges on the affected systems.
A vulnerability exists in the UploadServlet servlet. By providing a filename header containing a directory traversal, an attacker can upload a file to an arbitrary location on the system. This module abuses the auto deploy feature in the server in order to achieve remote code execution.
A vulnerability exists in the UploadFileAction servlet. By providing a fileType parameter of "*" to the UploadFileUpload page, an attacker can upload a file to an arbitrary location on the system. This module abuses the auto deploy feature in the server in order to achieve remote code execution. Also, this module makes use of an authentication bypass vulnerability to perform the attack.
The specific flaw exists within the implementation of the 0x280B opcode in the DrawSrv subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.