The specific flaw exists within the implementation of the 0x13C80 IOCTL in the BwOpcTool subsystem in VdBroadWinGetLocalDataLogEx. When parsing the NamedObject structure, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer.
The specific flaw exists within implementation of the 0x138bd IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.
DiskBoss is prone to a buffer-overflow when handling specially crafted packets. No authentication is required.
Easy File Sharing Web Server is prone to a buffer-overflow when handling a specially crafted POST request.
DiskBoss Enterprise server is prone to a remote buffer-overflow vulnerability.
Disk Pulse server is prone to a buffer-overflow vulnerability when handling a crafted POST request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM priviledges.
This module exploits a stack-based buffer overflow vulnerability in the web interface of DiskSavvy Enterprise caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server.
VX Search Enterprise is prone to a buffer-overflow vulnerability when handling a crafted request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.
Unauthenticated remote attackers that can connect to the "CloudMe Sync" client application listening on port 8888, can send a malicious payload causing
a Buffer Overflow condition. This will result in an attacker controlling the programs execution flow and allowing arbitrary code execution on the victims PC.
a Buffer Overflow condition. This will result in an attacker controlling the programs execution flow and allowing arbitrary code execution on the victims PC.
The vulnerability is a buffer overflow when parsing a crafted package to PORT 9221.