The CorsairLLAccess64.sys driver before 3.25.60 in CORSAIR iCUE exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges.
Delta Automation CNCSoft Screen Editor is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .DPB document. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits an unauthenticated OS command injection vulnerability in rConfig using the rootUname parameter present in ajaxServerSettingsChk.php. Also, this module exploits an authenticated OS command injection vulnerability using the catCommand parameter present in search.crud.php.
This module exploits a javascript command injection vulnerability in Kibana, in the Timelion application.
This module exploits an OS command injection vulnerability in Apache Solr, via the Velocity Template.
Tenable found an unauthenticated remote code execution vulnerability in the SolarWinds Dameware Remote Mini Remote Client Agent Service (DWRCS.exe) version 12.1.0.89.
This module triggers a use after free vulnerability in the Remote Desktop Service by sending a malformed packet.
Maple Computer SNMP Asministrator is prone to a buffer-overflow vulnerability when handling a crafted packet.
File Share Wizard is prone to a buffer-overflow vulnerability when handling a crafted POST packet.
AVEVA InduSoft Web Studio is prone to a remote vulnerability that allows attackers to execute commands under the context of the program user.