This Metasploit module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain remote command execution as the SYSTEM user.
ed156b4196a5a0b6a6fd8e554208ebb6ce6da15417fc57d837d2b7e65c35c174
MobileIron Core is affected by the Log4Shell vulnerability whereby a JNDI string sent to the server will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the tomcat user. This Metasploit module will start an LDAP server that the target will need to connect to.
d15ef16680da0566fc6f0cd17aa36d661420fd2c8fbf3f002025e66fc8acc462
Ubuntu Security Notice 5545-1 - Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations.
df1ade419034de9ac52eb21a326406be8cabba33c20738622b11bea7eb141d29
Ubuntu Security Notice 5463-2 - USN-5463-1 fixed vulnerabilities in NTFS-3G. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Roman Fiedler discovered that NTFS-3G incorrectly handled certain return codes. A local attacker could possibly use this issue to intercept protocol traffic between FUSE and the kernel.
129ca2bac42b3a2a63a3ac46591acf02478ace900a70c46b3768b8b76eb57862
Multi-Language Hotel Management 2022 version 1.0 suffers from a remote SQL injection vulnerability.
0c11ae5ed3c1b7202d2009cb0d1807126f6bde6b8e241059c3663ab7153e0cf7
IObit Malware Fighter version 9.2 fails to provide sufficient anti-tampering protection and that shortcoming can be leveraged to escalate to SYSTEM privileges.
c6e27a8d7b7645ace9a03e1d2218ca5e5bdc9d279978795484de8145fd043895