The REST plugin in the Apache Struts 2 framework is prone to a remote code execution vulnerability when evaluating OGNL expressions when Dynamic Method Invocation is enabled. This vulnerability allows remote attackers to execute arbitrary Java code on the affected server. This module exploits the vulnerability in any web application built on top of vulnerable versions of Apache Struts 2 making use of the REST plugin with the Dynamic Method Invocation feature enabled. This exploit installs an OS Agent.
This module creates a file in the specified directory. The file abuses a command injection in ImageMagic, downloading an Impact agent and deploying it in the target system. Because ImageMagick is widely used -specially in web applications-, this module will only provide the file with the attack. The file can then used in multiple ways; for example, uploaded to a web site under test.
A vulnerability exists in the FileUploadServlet servlet of WebNMS Framework Server. This servlet allows unauthenticated file uploads. By uploading a JSP file, an attacker can achieve remote code execution.
Trend Micro InterScan Web Security Virtual Appliance is prone to an OS command injection vulnerability when handling HTTP requests for the /rest/domains resource. This vulnerability can be leveraged by a remote, unauthenticated attacker to execute arbitrary code on the vulnerable server.
Trend Micro InterScan Web Security Virtual Appliance is prone to an OS command injection vulnerability when handling HTTP requests for the /rest/wmi_domain_controllers resource. This vulnerability can be leveraged by a remote, unauthenticated attacker to execute arbitrary code on the vulnerable server.
Trend Micro InterScan Web Security Virtual Appliance is prone to an OS command injection vulnerability when handling HTTP requests for the /rest/testConfiguration resource. This vulnerability can be leveraged by a remote, unauthenticated attacker to execute arbitrary code on the vulnerable server.
Solarwinds Virtualization Manager is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine.
OpenNMS Platform is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine.
This module exploits a directory traversal vulnerability in Novell ServiceDesk. The specific flaw is located in the import functionality provided to a user. Authenticated users can upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
Jenkins is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the commons-collections Java library. By opening a JRMP listener, it is possible to remotely load a InvokerTransformer Java class, wich allows the execution of system commands.