JBoss Application Server is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the commons-collections java library. By exploiting known methods, it is possible to remotely load a InvokerTransformer java class, wich allows the execution of system commands.
IBM WebSphere Application Server is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the commons-collections java library. By exploiting known methods, it is possible to remotely load a InvokerTransformer java class, wich allows the execution of system commands.
This module exploits a vulnerability in Moxa VPort SDK. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This exploit works only with ActiveX implementation (VPortSDK.ocx) of Moxa VProt SDK through Microsoft Internet Explorer 6, 7 and 8.
The vulnerability exists in HP LoadRunner Controller when handling a specially crafted LRS file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits a command injection vulnerability in HP Client Automation. The flaw exists within the radexecd.exe component which listens by default on TCP port 3465. When handling a remote execution request the process does not properly authenticate the user issuing the request. The command to be executed is also not properly sanitized. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM. Authentication is not required to exploit this vulnerability.
Elasticsearch allows limited execution of Groovy code during search operations. A vulnerability exists in versions below 1.4.3, by which a sandbox escape is possible. This module installs an OS agent against vulnerable installations.
An elevation of privilege vulnerability exists when Windows kernel does not properly constrain impersonation levels. The vulnerability occurs because a user can place symlinks for the system drives in the per-login session device map and the kernel will follow them during impersonation. An attacker who successfully exploited this vulnerability may, for example, redirect a call to LoadLibrary, from a system service (when impersonating), to an arbitrary location.
This module exploits when sending specially crafted argument to makeMeasurement leaving objects in an inconsistent state. This produces a leak via a call to dumpMeasureData storing a file to a share folder with importante addresses and can later be retrieved .Finally using NSendApprovalToAuthorEnabled method it is possible to bypass the Javascript API restrictions and resend a new crafted PDF to the browser to produce buffer overflow and complete exploitation. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
This module exploit three different vulnerabilities in Symantec Endpoint Protection Manager (SEPM) in order to install an agent on a vunlerable target machine. CVE-2015-1486 allows unauthenticated attackers access to SEPM. CVE-2015-1487 allows reading and writing arbitrary files, resulting in the execution of arbitrary commands with 'NT Service\semsrv' privileges. CVE-2015-1489 allows the execution of arbitrary OS commands with 'NT Authority\SYSTEM' privileges.
This module exploits an integer overflow in "srvnet.sys" Windows driver by sending a crafted "Session Setup Request" SMBv2 packet to the Windows SMB Server logging mechanism.