Solarwinds FSM is vulnerable to an authentication bypass in userlogin.jsp that allows attacker to upload an agent via a weekness in the username atribute in settings-new.jsp allowing us to install an agent.
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
The Usermin Control Panel is vulnerable to command injection due to the function get_signature in usermin/mailbox/mailbox-lib.pl, which calls open() without any prior validation.
This vulnerability allows authenticated users to execute arbitrary code on the affected Usermin versions.
This vulnerability allows authenticated users to execute arbitrary code on the affected Usermin versions.
The specific flaw exists within the 'factory' object's loadExtensionFactory method. The issue lies in a failure to validate the size of an attacker-supplied input before copying it into a fixed-size buffer on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process.
This version add x86_64 support.
This version add x86_64 support.
The fdctrl_handle_drive_specification_command() function in the code that emulates the Floppy Disk Controller in QEMU does not properly reset the index within a buffer when processing user-controlled data, leading to a heap-based buffer overflow in the QEMU process that runs on the Host system.
An attacker running code within a Guest operating system can exploit this vulnerability in order to escape from the QEMU virtual machine and execute arbitrary code on the Host operating system.
This update adds support for exploiting 64-bit guest systems.
An attacker running code within a Guest operating system can exploit this vulnerability in order to escape from the QEMU virtual machine and execute arbitrary code on the Host operating system.
This update adds support for exploiting 64-bit guest systems.
This module exploits, via a "Man In The Middle" attack, a security flaw in the Domain Controller policies downloaded by clients during the logging process
This update adds support to Windows 8.1 and Windows 2012 R2 and improves the network stability.
This update adds support to Windows 8.1 and Windows 2012 R2 and improves the network stability.
An elevation of privilege vulnerability exists when the Win32k.sys kernel-mode driver improperly handles objects in memory. The vulnerability exists in the Windows OS process of creating windows for applications. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
IBM Domino is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when parsing BMP images. By sending a specially-crafted bitmap image, a remote attacker could overflow a buffer and execute arbitrary code on the system or make the application crash.
This version add encryption.
This version add encryption.
This module exploits an "Use After Free" vulnerability in win32k.sys by calling to "SetClassLong" function with crafted parameters
This module exploits a vulnerability in "atmfd.dll" Windows driver by loading a crafted OTF font.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.