Apache Solr is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine.
By exploiting known methods, it is possible to remotely load an MLet file from an attacker controlled web server that points at a jar file.
Unauthenticated remote command injection vulnerability in Indusoft Web Studio 8.1 SP2. The vulnerability is exercised via the custom remote agent protocol that is typically found on port 1234 or 51234. An attacker can issue a specially crafted command 66 which causes IWS to load a DB connection file off of a network share using SMB. The DB file can contain OS commands that will be executed at the privilege level used by IWS.
The Solarwinds Dameware Mini Remote Client agent supports smart card authentication by default which allows a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable.
The flaw exists in the GetUserPasswd function in BwPAlarm.dll due to improper validation of user-supplied data before copying the data to a fixed size stack-based buffer when processing an IOCTL 70603 RPC message.