This module exploits an integer overflow in srvnet.sys Windows driver by sending a crafted SMB request to the Windows SMB Server.
This module exploits a vulnerability in the VMware Printer virtual device from the guest OS and install an agent in the host computer.
This update adds support to more VMware versions and improves the agent connection reliability from the host computer.
This update adds support to more VMware versions and improves the agent connection reliability from the host computer.
This module exploits an integer overflow vulnerability in Adobe Flash Player. The signed integer overflow exists inside the AS3 Function.apply() method and allows an attacker to take control of a vulnearble target and execute arbitrary code.
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability."
Certain Javascript APIs in Adobe Acrobat Pro can only be executed in a privileged context. By adding specially crafted Javascript code to a PDF file it's possible to bypass security restrictions and invoke privileged Javascript APIs, allowing for arbitrary code execution.
This module exploits a remote buffer overflow in the OmniInet.exe service included in the HP OpenView Storage Data Protector application by sending a malformed MSG_PROTOCOL packet.
This update improves exploit reliability.
This update improves exploit reliability.
FortiClient is prone to a privilege-escalation vulnerability that affects mdare64_48.sys, mdare32_48.sys, mdare32_52.sys, mdare64_52.sys and Fortishield.sys drivers.
All these drivers expose an API to manage processes and the windows registry, for instance, the IOCTL 0x2220c8 of the mdareXX_XX.sys driver returns a full privileged handle to a given process PID. In particular, this same function is replicated inside Fortishield.sys.
Attackers can leverage this issue to execute arbitrary code with elevated privileges in the context of any selected process.
This module uses the previous vulnerability to inject an agent inside lsass.exe process.
All these drivers expose an API to manage processes and the windows registry, for instance, the IOCTL 0x2220c8 of the mdareXX_XX.sys driver returns a full privileged handle to a given process PID. In particular, this same function is replicated inside Fortishield.sys.
Attackers can leverage this issue to execute arbitrary code with elevated privileges in the context of any selected process.
This module uses the previous vulnerability to inject an agent inside lsass.exe process.
This module allows an agent running in the context of AcroRd32.exe with Low Integrity Level/AppContainer Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level.
This update fixes an issue related to highlight preconditions when running against x86-64 targets.
This update fixes an issue related to highlight preconditions when running against x86-64 targets.
The specific flaw exists within the JOB_S_GetJobByUserFriendlyString function. By sending a crafted packet on TCP port 11460
Solarwinds FSM is vulnerable to an authentication bypass in userlogin.jsp that allows attacker to upload an agent via a weekness in the username atribute in settings-new.jsp allowing us to install an agent.