Oracle Coherence (Caching, CacheStore and Invocation Components) is prone to a remote vulnerability that allows attackers to take advantage of a Java deserialization vulnerability. By exploiting known methods, it is possible to remotely connect to the Coherence port via T3 protocol to invoke the extract method of the ReflectionExtractor class, which allows the execution of system commands. ExtractorComparator class is used to access ReflectionExtractor class, a bypass for the original patch for CVE-2020-2555.

This module exploits an OS command injection vulnerability in Pydio Cells. The lack of sanitisation for the input of the mailer configuration could be exploited to allow an authenticated attacker to run remote code on the underlying operating system an deploy an agent.

This module exploits a directory traversal vulnerability in F5 BIG-IP Traffic Management User Interface (TMUI). The failure in URL parsing between Apache and Java (Tomcat) allows to perform a directory traversal to access the tmshCmd.jsp page. This page allows an authenticated user to execute commands. But, using the mentioned vulnerability, an unauthenticated attacker can run remote code on the underlying operating system an deploy an agent.

Open-AudIT is vulnerable to an authenticated php file upload, allowing attackers to execute arbitrary php code in the system.

The 'recentVersion' explude_ip parameter in the discoveries endpoint is vulnerable to OS Command Injection, this module exploits this vulneravility in order to install an agent

This module uses an unauthenticated java deserialization vulnerability via JSONWS in Liferay Portal to upload and execute a java class file to gain arbitrary code execution on the affected system.

This module exploits an OS command injection vulnerability in Artica Pandora FMS. The lack of sanitisation for the input of the Events function could be exploited to allow an authenticated attacker to run remote code on the underlying operating system an deploy an agent.

Oracle Coherence (Caching, CacheStore and Invocation Components) is prone to a remote vulnerability that allows attackers to take advantage of a Java deserialization vulnerability. By exploiting known methods, it is possible to remotely connect to the Coherence port via T3 protocol to invoke the extract method of the ReflectionExtractor class, which allows the execution of system commands.

This module exploits an OS command injection vulnerability in Kinetica. The lack of sanitisation for the input of the getLogs function could be exploited to allow an authenticated attacker to run remote code on the underlying operating system an deploy an agent.

This module uses an authentication bypass and a SQL injection vulnerability in order to upload and execute a JSP file in the Wildfly virtual file system webapps directory. The deployed agent will run with SYSTEM or ROOT privileges.