This module exploits a Jenkins command injection in order to install an agent.
This update adds support for Windows and Linux platforms, and HTTPS support.
This update adds support for Windows and Linux platforms, and HTTPS support.
A vulnerability exists in the UploadServlet servlet. By providing a filename header containing a directory traversal, an attacker can upload a file to an arbitrary location on the system.
This module abuses the auto deploy feature in the server in order to achieve remote code execution.
This module abuses the auto deploy feature in the server in order to achieve remote code execution.
Improvement on Web Application Authentication Testing parameters to use a high number of values between the authentication probes.
A vulnerability exists in the UploadFileAction servlet. By providing a fileType parameter of "*" to the UploadFileUpload page, an attacker can upload a file to an arbitrary location on the system.
This module abuses the auto deploy feature in the server in order to achieve remote code execution. Also, this module makes use of an authentication bypass vulnerability to perform the attack.
This module abuses the auto deploy feature in the server in order to achieve remote code execution. Also, this module makes use of an authentication bypass vulnerability to perform the attack.
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and perform a transition from Low Integrity to Medium Integrity via unspecified vectors, a different vulnerability than CVE-2015-4446 and CVE-2015-5106.
This module exploits a COM Server-based Binary Planting vulnerability on Microsoft Windows using a word document to deploy an agent.
This update adds other vulnerable dlls to the exploitation and other platforms and architectures.
This update adds other vulnerable dlls to the exploitation and other platforms and architectures.
This module exploits a COM Server-based Binary Planting vulnerability on Microsoft Word to deploy an agent.
This version adds wow64 support.
This version adds wow64 support.
Spring Boot Framework 1.2.7 provides a default error page (also known as "Whitelabel Error Page"), that's prone to Spring Expression Language injection when the type of a parameter expected is not expected to be a string but a string is provided. Applications based on Spring Boot that don't deactivate the feature, or customize it in such a way as to stop the injection, are thus susceptible to execution of some Java statements and, in particular, to OS command injections.
This module checks all the parameters in the given pages and, if at least one parameter is vulnerable to the injection, installs an OS Agent.
This module checks all the parameters in the given pages and, if at least one parameter is vulnerable to the injection, installs an OS Agent.
This module exploits a COM Server-based Binary Planting vulnerability on Microsoft Windows using a word document to deploy an agent.
The specific flaw exists within BeginPreRead() processing. When handling malformed 0x7f77 type fields.