This module exploits a Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter. This allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/3037.
This module attacks default XAMPP installations and abuses the use of default credentials for webdav. The module can also be configured to take advantage of user supplied credentials.
A unrestricted file upload vulnerability exists in includes/inline_image_upload.php within AutoSec Tools V-CMS 1.0. This allows remote attackers to execute arbitrary code by uploading a file with an executable extension and then accessing it via a direct request to the file in temp.
Input passed via the "from" and "to" POST parameters to converter.php is not properly sanitised before being stored in includes/currencies.php. This can be exploited to inject and execute arbitrary PHP code.
op5 Appliance contains an input validation flaw related to the system-portal component that allows a remote attacker to execute arbitrary shell commands via command injection.
This module abuses a metacharacter injection vulnerability in the diff.php script. This flaw allows an unauthenticated attacker to execute arbitrary commands as the www-data user account.
The default Java security properties configuration did not restrict access
to certain com.sun.org.glassfish packages. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this moduleis not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
to certain com.sun.org.glassfish packages. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this moduleis not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
Format String vulnerability in OVF Tool when parsing crafted OVF files.
Buffer Overflow when handling an attribute of "text3GTrack" elements can be exploited when Quick Player handles a specially crafted TeXML file.
This update adds the correct CVE information.
This update adds the correct CVE information.
Buffer Overflow when handling an attribute of style elements can be exploited when Quick Player handles a specially crafted TeXML file.
This update corrects CVE.
This update corrects CVE.