Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation problem.
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts.
This module exploits a XStream deserialization vulnerability to deploy an agent in VMware Workspace ONE Access that will run with root user privileges. The vulnerability is present in the resetPassword method of com.vmware.vshield.vsm.usermgmt.restcontroller.UserMgmtController class via the @RequestBody parameter with SecurityProfileDto type which sets the serializer to the vulnerable XStream.
This module exploits a XStream deserialization vulnerability to deploy an agent in VMware Workspace ONE Access that will run with root user privileges. The vulnerability is present in the resetPassword method of com.vmware.vshield.vsm.usermgmt.restcontroller.UserMgmtController class via the @RequestBody parameter with SecurityProfileDto type which sets the serializer to the vulnerable XStream.
A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
The bpf verifier(kernel/bpf/verifier.c) did not properly restrict several *_OR_NULL pointer types which allows these types to do pointer arithmetic. An unprivileged user could use this flaw to escalate their privileges on a system. Setting parameter "kernel.unprivileged_bpf_disabled=1" prevents such privilege escalation by restricting access to bpf(2) call.
This module chains 3 vulnerabilities to deploy an agent in VMware vRealize Operations Manager that will run with root user privileges. The first vulnerability is an authentication bypass vulnerability present in com.vmware.vcops.ui.util.MainPortalFilter class. The second vulnerability an information disclosure vulnerability present in com.vmware.vcops.ui.action.SupportLogsAction that allows to read sensitive passwords from log files. The third vulnerability is a local privilege escalation by using the generateSupportBundle.py script with a crafted VCOPS_BASE environment variable. This module will change VMware vRealize Operations Manager admin user password.
Pagination
- Previous page
- Page 10
- Next page