This module exploits an authentication bypass vulnerability present in iControl REST of F5 BIG-IP. The deployed agent will run with root privileges.
This module uses an unsafe data binding used to populate an object from request parameters to set a Tomcat specific ClassLoader in Spring MVC and Spring WebFlux applications in order to upload and execute a JSP file in the Tomcat virtual file system webapps directory.
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel's watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.
This module exploits a Deserialization vulnerability present in the OpenssoEngineController component of Oracle Access Manager.
The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands
This module exploits a JNDI injection present in the log4j library. The deployed agent will run with the same privileges than the user account that ran Solr Server. This exploit will fail if the target system has jdk8u191 or newer.
Improper initialization of the flags member of the pipe buffer structure in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel, could allow an unprivileged local user to write to pages in the page cache backed by read-only files and escalate privileges on the system. This module creates a new pipe buffer with the PIPE_BUF_FLAG_CAN_MERGE flag which controls coalescing of writes into a pipe buffer and thus allows for writing to an existing page spliced into the pipe. When a file backs this spliced page, the change is reflected to the shared system-wide view of the file in memory and any subsequent cache flush will write the manipulated data to disk ignoring existing Linux permissions settings.
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space.
This module exploits a path traversal vulnerability present in the getPluginAssets function of Grafana which allows an attacker to download system files through specially crafted HTTP resource requests.
This module exploits a JNDI injection present in the log4j library. The deployed agent will run with the admin user account privileges.