An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
This module exploits a server side request forgery present in getKeyInfoData function of oracle.security.xmlsec.keys.RetrievalMethod. Chained with a deserialization vulnerability present in the ADF Faces framework to deploy an agent in the system running Oracle Access Manager.
Microsoft Windows could allow a remote attacker to execute arbitrary code or BSOD the system, caused by a design flaw in the Network File System component.
An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
This module exploits a OGNL injection vulnerability present in the xwork jar file of Atlassian Confluence. The deployed agent will run with the confluence user privileges in linux and with NT AUTHORITY\\NETWORK SERVICE in windows.
This module exploits a vulnerability in Microsoft MSDT, which can be leveraged to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to open a malicious document.
This module uses ioctls to produce an integer overflow and generate a Denial of Service
This module crashes the target machine producing a blue screen by sending a malformed PPTP packet.
This module exploits a Deserialization vulnerability present in the OpenssoEngineController component of Oracle Access Manager.
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system.