A vulnerability in the library Apache Santuario SAML SSO (Single Sign-On) method used by Zoho ManageEngine products allows to unauthenticated remote code attackers to execute system commands. This modules uses a specially crafted SAML against Zoho ManageEngine ServiceDesk Plus to execute system commands to deploy an agent. The deployed agent will run with the root user account privileges on Linux systems and with SYSTEM privileges on Windows systems.

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.

A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation problem.

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts.

This module exploits a XStream deserialization vulnerability to deploy an agent in VMware Workspace ONE Access that will run with root user privileges. The vulnerability is present in the resetPassword method of com.vmware.vshield.vsm.usermgmt.restcontroller.UserMgmtController class via the @RequestBody parameter with SecurityProfileDto type which sets the serializer to the vulnerable XStream.

This module exploits a XStream deserialization vulnerability to deploy an agent in VMware Workspace ONE Access that will run with root user privileges. The vulnerability is present in the resetPassword method of com.vmware.vshield.vsm.usermgmt.restcontroller.UserMgmtController class via the @RequestBody parameter with SecurityProfileDto type which sets the serializer to the vulnerable XStream.

A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.