An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
A vulnerability in Oracle WebLogic Server (component: Core) which can be exploited through the T3/IIOP protocol network, which transfers information between WebLogic servers and other Java programs. This vulnerability found in Oracle WebLogic Server can lead to remote code execution.
A vulnerability in the SetupCompleted class allows to unauthenticated remote code attackers to execute system commands. The deployed agent will run with SYSTEM privileges.
A vulnerability in the SetupCompleted class allows to unauthenticated remote code attackers to execute system commands. The deployed agent will run with SYSTEM privileges.
This module exploits an OS command injection vulnerability present in the ChangePasswordAction function.
This module exploits an OS command injection vulnerability present in the ChangePasswordAction function.
This module crashes the MSMQ service by sending a malformed UserMessage packet which triggers an integer overflow vulnerability.
The Common Log File System Driver (clfs.sys) present in Microsoft Windows is vulnerable to a memory corruption vulnerability. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by creating a specially crafted BLF file.
This module exploits the unauthenticated endpoint of the Backup Service in Veeam Backup and Replication. The deployed agent will run with the privileges of the "SQL Server" process (NT AUTHORITY\\SYSTEM).
The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to an arbitrary memory overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL to the vulnerable driver.