IBM i Access Client Solutions is vulnerable to DLL hijacking when certain features are run on a Windows operating system that leverage native code. IBM has addressed this CVE by providing a fix to IBM i Access Client Solutions as described in the remediation/fixes section. The attacker must entice a victim into opening a specially crafted .hod, .bchx, .ws, .dttx and dtfx file. This file and the associated binary may be delivered to a user through remote WebDAV shares or zipped attach. An attacker may exploit this issue to execute arbitrary code.
This module exploits a java deserialization vulnerability present in the CewolfRenderer servlet. Also, this module exploits a blind XXE vulnerability present in the ProcessTrackingListener class.
This module exploits a java deserialization vulnerability present in the CewolfRenderer servlet. Also, this module exploits a blind XXE vulnerability present in the ProcessTrackingListener class.
This module exploits an Arbitrary File Deletion performed by a normal user in protected folders
The vulnerability is a win32k window object type confusion leading to an OOB (out-of-bounds) write which can be used to create arbitrary memory read and write capabilities within the Windows kernel to achieve elevated privileges.
This module crashes the target machine producing a blue screen by sending a malformed HTTP packet.
This module exploits a default erlang cluster node cookie vulnerability to deploy an agent in Apache CouchDB that will run with couchdb user privileges.
This module exploits an Integer Overflow in module sxssrv of CSRSS to produce an integer overflow and generate a Denial of Service
This module exploits a Zoho ManageEngine Password Manager Pro present in the org.apache.xmlrpc.parser.XmlRpcRequestParser class of Zoho ManageEngine Password Manager Pro. The deployed agent will run with SYSTEM privileges.
This module triggers a null pointer dereference vulnerability in the SMB service by sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session.