This module exploits a vulnerability in win32k.sys. By forcing an invalid combination of window style and window menu, a local attacker can trigger a kernel arbitrary right, resulting in elevated privileges.
VX Search Enterprise is prone to a buffer-overflow vulnerability when handling a crafted request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.
Disk Pulse server is prone to a buffer-overflow vulnerability when handling a crafted POST request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.
Samsung Security Manager is prone to a privilege-escalation vulnerability that affects Apache Felix Gogo runtime. Due to an insecure default installation of the runtime, an attacker could then send commands that will be executed by the mentioned runtime. This module uses the previous vulnerability to inject an agent inside lsass.exe process.
This module exploits a vulnerability in Rivatuner's core (Rivatuner*.sys, RTCore*.sys), a driver used by hardware tweaking apps Rivatuner, MSI Afterburner, EVGA Precision X (and possibly others). During app operation, the driver is loaded and used to read and write physical memory, MSR registers, io ports, etc. This module abuses said functionality to escalate privileges.
PowerFolder Server is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the commons-collections java library. By exploiting known methods, it is possible to remotely load a java class and inject custom Java bytecode. The exploit abuses this to download and execute an executable with Impact's agent.
The vulnerability resides in parsing crafted PowerPoint documents and produces a Buffer Overflow in the stack. This module was tested on the Symantec Endpoint Manager version 12.1.4013.4013. Other versions may be are vulnerable too.
The REST plugin in the Apache Struts 2 framework is prone to a remote code execution vulnerability when evaluating OGNL expressions when Dynamic Method Invocation is enabled. This vulnerability allows remote attackers to execute arbitrary Java code on the affected server. This module exploits the vulnerability in any web application built on top of vulnerable versions of Apache Struts 2 making use of the REST plugin with the Dynamic Method Invocation feature enabled. This exploit installs an OS Agent.
A vulnerability exists in the FileUploadServlet servlet of WebNMS Framework Server. This servlet allows unauthenticated file uploads. By uploading a JSP file, an attacker can achieve remote code execution.
The specific flaw exists within the edit_lf_process function of the service. The issue lies in in the ability to write arbitrary files with controlled data. This vulnerability is related to Reprise License Server so all the products that uses this 3rd party software might be vulnerable.