PCMan's FTP Server is prone to a buffer-overflow when handling an overly long USER command. This update improves the exploit reliability.

This update fixes several non related issues in the exploit component.

This update fixes an issue handling the report of the vulnerability.

This module exploits a buffer overflow in the Gh0st Controller Server when handling a drive list.

HP Intelligent Management Center is prone to a remote vulnerability that allows attackers to execute commands under the context of system.

CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions.

This module exploits a vulnerability in Apache Struts 2. The specific vulnerability relies on the Struts 1 plugin which might allow remote attackers to execute arbitrary code via a malicious field value passed in a raw message to the ActionMessage.

Insufficient input validation in the management interface of Solarwinds LEM Management Virtual Appliance v6.3.1 can be leveraged in order to execute arbitrary commands.

This can lead to shell access to the underlying operating system as root.

The specific flaw exists within the dbman.exe service, which listens on TCP port 2810 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call.

Trend Micro InterScan Web Security Virtual Appliance is prone to an OS command injection which allows attackers the execution of system commands.