Oracle WebLogic Server is prone to a remote vulnerability that allows attackers to take advantage of a Java deserialization vulnerability. By exploiting known methods, the module establishes a remote connection to the RMI Registry and loads a UnicastRef Object. This manipulation allows for the execution of system commands, enabling remote code execution on the targeted host. The bypass technique involves changing the RMI interface type to java.rmi.activation.Activator.
This module connects to the remote host and attempts to determine by sending specially crafted requests, if the target is vulnerable or not to CVE-2023-22518 based on the inspection of the target's response.
This module exploits an AJP request smuggling vulnerability present in the Traffic Management User Interface (TMUI) of F5 BIG-IP to deploy an agent. The deployed agent will run with root privileges.
This module exploits an AJP request smuggling vulnerability present in the Traffic Management User Interface (TMUI) of F5 BIG-IP to deploy an agent. The deployed agent will run with root privileges.
This module exploits a Java deserialization vulnerability via Openwire protocol by sending a crafted payload as a throwable class type. The deployed agent will run with the same user account privileges as the Apache ActiveMQ application.
This module exploits an OS Command Injection to deploy an agent in Jetbrains TeamCity. The vulnerability is in the requestPreHandlingAllowed function, which doesn't enforce authentication in HTTP requests with a path that ends with /RPC2.
This module exploits an OS Command Injection to deploy an agent in Jetbrains TeamCity. The vulnerability is in the requestPreHandlingAllowed function, which doesn't enforce authentication in HTTP requests with a path that ends with /RPC2.
This module exploits an OS Command Injection to deploy an agent in VMWare Aria Operations for Networks (aka vRealize Network Insight). The vulnerability is in the evictPublishedSupportBundles function of ScriptUtils class. The deployed agent will run with root user privileges.
This module exploits an OS Command Injection to deploy an agent in VMWare Aria Operations for Networks (aka vRealize Network Insight). The vulnerability is in the evictPublishedSupportBundles function of ScriptUtils class. The deployed agent will run with root user privileges.
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
Pagination
- Previous page
- Page 8
- Next page