This module uses an authenticated JNDI injection vulnerability via JndiBindingHandle class in Oracle Weblogic Server to upload and execute a java class file to gain arbitrary code execution on the affected system.
This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management interface and self IP addresses, to execute arbitrary system commands, create or delete files, and disable services. This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane. Exploitation can lead to complete system compromise. The BIG-IP system in Appliance mode is also vulnerable.
Apache Unomi allows conditions to use OGNL and MVEL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.
This module uses an unauthenticated file upload vulnerability via uploadova plugin in VMware vCenter Server to upload and extract a TAR file. This TAR file contains a path traversal that allows writing files at arbitraries locations. In the vulnerable 6.5.X and 6.7.X (build 13010631 and lower) versions of VMware vCenter Server, a JSP file is deployed to gain arbitrary code execution. In the vulnerable 6.7.X (build 13643870 and greater) and 7.X versions, a file with public keys are uploaded to the vsphere-ui user home directory and then used to deploy an agent via SSH. Notice that in 6.7.X versions SSH access is disabled by default.
This module exploits a file disclosure vulnerability in Pulse Connect Secure SSL VPN which allows an unauthenticated attacker to download system files through specially crafted HTTP resource requests.
This module exploits a path traversal vulnerability in the FortiOS SSL VPN web portal which allows an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.
Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
This module uses an unauthenticated java deserialization vulnerability via T3 protocol in Oracle Weblogic Server to upload and execute a java class file to gain arbitrary code execution on the affected system.
Oracle WebLogic Server is prone to a remote vulnerability that allows unauthenticated attackers to execute system commands. By exploiting known methods, it is possible to remotely instantiate several java classes that allows to execute system commands.
Oracle Coherence (Caching, CacheStore and Invocation Components) is prone to a remote vulnerability that allows attackers to take advantage of a Java deserialization vulnerability. By exploiting known methods, it is possible to remotely connect to the Coherence port via T3 protocol to invoke the extract method of the ReflectionExtractor class, which allows the execution of system commands. ExtractorComparator class is used to access ReflectionExtractor class, a bypass for the original patch for CVE-2020-2555.