IBM i Access Family could allows to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system.
A java deserialization vulnerability and a blind XXE vulnerability allows unauthenticated remote attackers to execute system commands in Zoho ManageEngine ADAudit Plus.
This vulnerability allows an Arbitrary File Deletion in any protected folder.
Used in conjunction with other vulnerability that allows Arbitrary File Writing, an attacker could escalate from unprivileged user to SYSTEM.
Used in conjunction with other vulnerability that allows Arbitrary File Writing, an attacker could escalate from unprivileged user to SYSTEM.
A default erlang cluster node cookie in Apache CouchDB allows attackers to access, gain admin privileges and execute system commands with couchdb user privileges.
There is an integer overflow in the BaseSrvActivationContextCacheDuplicateUnicodeString function in the sxssrv.dll module of the CSRSS process.
The vulnerable function can be accessed from the BaseSrvSxsCreateActivationContextFromMessage CSR routine. However, the default size of the CSR shared memory section is only 0x10000 bytes, so by default it is impossible to pass a large enough UNICODE_STRING to CSRSS. Fortunately, the section size is controlled entirely by the client process, and if an attacker can modify ntdll! CsrpConnectToServer early enough during the start of the process, you'll be able to pass strings larger than 0x10000 in size.
The vulnerable function can be accessed from the BaseSrvSxsCreateActivationContextFromMessage CSR routine. However, the default size of the CSR shared memory section is only 0x10000 bytes, so by default it is impossible to pass a large enough UNICODE_STRING to CSRSS. Fortunately, the section size is controlled entirely by the client process, and if an attacker can modify ntdll! CsrpConnectToServer early enough during the start of the process, you'll be able to pass strings larger than 0x10000 in size.
A java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510 allows unauthenticated attackers to send crafted XML-RPC requests with malicious serialized data to execute system commands as SYSTEM.
Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot.
The vulnerability allowed a local low-privileged user to execute arbitrary Powershell as SYSTEM due to improper file permission assignment.
Atlassian Questions for Confluence creates a Confluence user account with the username disabledsystemuser.
The disabledsystemuser account is created with a hardcoded password and is added to the confluence-users group, which allows viewing and editing all non-restricted pages within Confluence by default
A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access any pages the confluence-users group has access to.
The disabledsystemuser account is created with a hardcoded password and is added to the confluence-users group, which allows viewing and editing all non-restricted pages within Confluence by default
A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access any pages the confluence-users group has access to.
A server side request forgery present in getKeyInfoData function of oracle.security.xmlsec.keys.RetrievalMethod and a deserialization vulnerability present in the ADF Faces framework allows a unauthenticated attacker with network access via HTTP to execute system commands.