This module exploits a use after free vulnerability while manipulating DOM events and removing audio elements due to errors in the handling of node adoption in Mozilla Firefox. This module runs a web server waiting for vulnerable clients (Mozilla Firefox) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

This module exploits a use-after-free vulnerability in SVG Animation, part of "xul.dll".

This module exploits a vulnerability in win32k.sys. By forcing an invalid combination of window style and window menu, a local attacker can trigger a kernel arbitrary right, resulting in elevated privileges.

VX Search Enterprise is prone to a buffer-overflow vulnerability when handling a crafted request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.

Disk Pulse server is prone to a buffer-overflow vulnerability when handling a crafted POST request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.

Samsung Security Manager is prone to a privilege-escalation vulnerability that affects Apache Felix Gogo runtime. Due to an insecure default installation of the runtime, an attacker could then send commands that will be executed by the mentioned runtime. This module uses the previous vulnerability to inject an agent inside lsass.exe process.

This module exploits a vulnerability in Rivatuner's core (Rivatuner*.sys, RTCore*.sys), a driver used by hardware tweaking apps Rivatuner, MSI Afterburner, EVGA Precision X (and possibly others). During app operation, the driver is loaded and used to read and write physical memory, MSR registers, io ports, etc. This module abuses said functionality to escalate privileges.

PowerFolder Server is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the commons-collections java library. By exploiting known methods, it is possible to remotely load a java class and inject custom Java bytecode. The exploit abuses this to download and execute an executable with Impact's agent.

The vulnerability resides in parsing crafted PowerPoint documents and produces a Buffer Overflow in the stack. This module was tested on the Symantec Endpoint Manager version 12.1.4013.4013. Other versions may be are vulnerable too.

The REST plugin in the Apache Struts 2 framework is prone to a remote code execution vulnerability when evaluating OGNL expressions when Dynamic Method Invocation is enabled. This vulnerability allows remote attackers to execute arbitrary Java code on the affected server. This module exploits the vulnerability in any web application built on top of vulnerable versions of Apache Struts 2 making use of the REST plugin with the Dynamic Method Invocation feature enabled. This exploit installs an OS Agent.