This module uses an authentication bypass and a SQL injection vulnerability in order to upload and execute a JSP file in the Wildfly virtual file system webapps directory.
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker).
This module will send various malformed messages over ssl to the target service in order to detect a discrepancy between the server's responses, if this is the case, it will mark said target as vulnerable to this kind of attacks (ROBOT attack)
Apache Solr is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine.
By exploiting known methods, it is possible to remotely load an MLet file from an attacker controlled web server that points at a jar file.
By exploiting known methods, it is possible to remotely load an MLet file from an attacker controlled web server that points at a jar file.
An unauthenticated OS command injection vulnerability in rConfig using the rootUname parameter present in ajaxServerSettingsChk.php allows an attacker to send a request that will attempt to execute OS commands with permissions of the rConfig process on the host system.
Also, an authenticated OS command injection vulnerability using the catCommand parameter present in search.crud.php allows an attackers to do the same as previous, but credentials are required.
Also, an authenticated OS command injection vulnerability using the catCommand parameter present in search.crud.php allows an attackers to do the same as previous, but credentials are required.
A vulnerability in the Apache Solr Velocity template allows unauthenticated attackers to execute arbitrary OS commands.
This update adds automatic core name detection and newer supported versions.
This update adds automatic core name detection and newer supported versions.
An arbitrary code execution vulnerability in the Kibana Timelion visualizer allows an attacker with access to the application to send a request that will attempt to execute javascript code with permissions of the Kibana process on the host system.
A vulnerability in the Apache Solr Velocity template allows unauthenticated attackers to execute arbitrary OS commands.
This module has improvements for the Linux Kernel libfutex exploit.
This module exploits a flaw in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction.