Yokogawa CENTUM is prone to a buffer overflow when handling a specially crafted packet through BKCLogSrv.exe on UDP port 52302
A vulnerability in GNU Bash when processing trailing strings after function definitions in the values of environment variables allows remote attackers to execute arbitrary code via a crafted environment.
This vulnerability can be leveraged to bypass restricted SSH access (i.e. when the SSH server forces the execution of a specific command, ignoring any command supplied by the client, either by specifying a 'ForceCommand' directive in the 'sshd_config' file, or by using the 'command' keyword in the 'authorized_keys' file) when the default shell for the user is Bash, allowing the remote attacker to execute arbitrary commands on the vulnerable system.
The module included leverages this vulnerability to install an agent.
This vulnerability can be leveraged to bypass restricted SSH access (i.e. when the SSH server forces the execution of a specific command, ignoring any command supplied by the client, either by specifying a 'ForceCommand' directive in the 'sshd_config' file, or by using the 'command' keyword in the 'authorized_keys' file) when the default shell for the user is Bash, allowing the remote attacker to execute arbitrary commands on the vulnerable system.
The module included leverages this vulnerability to install an agent.
MediaWiki with DjVU or PDF file upload allows a remote attackers to execute arbitrary commands by exploting a bug in the with parameter in thumb.php while previewing the uploaded file.
This update includes a module exploiting a vulnerability found in Bash. When using PureFTPd in conjuntion with the vulnerable Bash version for user authentication, a Core Impact agent is installed.
On x86_64 Intel CPUs, sysret to a non-canonical address causes a fault on the sysret instruction itself after the stack pointer has been set to a usermode-controlled value, but before the current privilege level (CPL) is changed.
A flaw in the ptrace subsystem of the Linux kernel allows a tracer process to set the RIP register of the tracee to a non-canonical address, which is later used when returning to user space with a sysret instruction instead of iret after a system call, thus bypassing sanity checks that were previously introduced to fix related vulnerabilities.
This vulnerability can be used by a local unprivileged attacker to corrupt kernel memory and gain root privileges on the affected system.
A flaw in the ptrace subsystem of the Linux kernel allows a tracer process to set the RIP register of the tracee to a non-canonical address, which is later used when returning to user space with a sysret instruction instead of iret after a system call, thus bypassing sanity checks that were previously introduced to fix related vulnerabilities.
This vulnerability can be used by a local unprivileged attacker to corrupt kernel memory and gain root privileges on the affected system.
This module exploits a double-free vulnerability in "afd.sys" by calling to "AfdTransmiteFile" function with crafted parameters.
This update adds support to Impact 2014 R2.
This update adds support to Impact 2014 R2.
The vulnerability lies in the failure to validate the size of the input buffer before copying it into a fixed-size buffer on the stack within the handling of the loadExtensionFactory method.
Insufficient sanitization in Openfile's /admin/system.html 'Hostname' field, leads to remote code execution.
This update fixes the exploit category.
This update fixes the exploit category.
Foxit Reader is prone to a vulnerability that may allow the loading and execution of any library file named imgseg.dll, if this dll is located in a determined subfolder where a .PDF file is.
Buffer overflow in Kolibri Web Server allows remote attackers to execute arbitrary code via a long URI in a GET request.