The specific flaw exists within the activate_doit function of the service. The issue lies in the handling of the Reprise License Menager server akey parameter which can result in overflowing a stack-based buffer.
OpenNMS Platform is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine.
This module exploits a directory traversal vulnerability in Novell ServiceDesk. The specific flaw is located in the import functionality provided to a user. Authenticated users can upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
ManageEngine OpManager is vulnerable to abuse a SQL query functionality that allows attackers to insert and export a crafted WAR using 'IntegrationUser' hidden account credentials allowing us to install an agent.
Jenkins is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the commons-collections Java library. By opening a JRMP listener, it is possible to remotely load a InvokerTransformer Java class, wich allows the execution of system commands.
JBoss Application Server is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the commons-collections java library. By exploiting known methods, it is possible to remotely load a InvokerTransformer java class, wich allows the execution of system commands.
The specific flaw exists in ELCSimulator.exe when handling specially crafted TCP packets.
Cisco Prime Infrastructure is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the xmpDataOperationRequestServlet servlet. By exploiting known methods, it is possible to remotely load a ProcessBuilder Java class, which allows the execution of system commands.
This module exploits a vulnerability in win32k.sys by creating special Windows menus with crafted parameters.
This module exploits a design flaw in Microsoft Windows. By spoofing NBNS responses, an unprivileged user can abuse a local HTTP->SMB credentials reflection vulnerability to install an agent. If that approach fails, on supported platforms the exploit falls back to a local WEBDAV->SMB credential reflection (MS16-075).