VX Search Enterprise is prone to a buffer-overflow vulnerability when handling a crafted request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.
Disk Pulse server is prone to a buffer-overflow vulnerability when handling a crafted POST request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.
The module exploit a buffer overflow vulnerability in the SNMP code of the Cisco ASA.
PowerFolder Server is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the commons-collections java library. By exploiting known methods, it is possible to remotely load a java class and inject custom Java bytecode. The exploit abuses this to download and execute an executable with Impact's agent.
A vulnerability exists in the FileUploadServlet servlet of WebNMS Framework Server. This servlet allows unauthenticated file uploads. By uploading a JSP file, an attacker can achieve remote code execution.
Trend Micro InterScan Web Security Virtual Appliance is prone to an OS command injection vulnerability when handling HTTP requests for the /rest/domains resource. This vulnerability can be leveraged by a remote, unauthenticated attacker to execute arbitrary code on the vulnerable server.
Trend Micro InterScan Web Security Virtual Appliance is prone to an OS command injection vulnerability when handling HTTP requests for the /rest/wmi_domain_controllers resource. This vulnerability can be leveraged by a remote, unauthenticated attacker to execute arbitrary code on the vulnerable server.
Trend Micro InterScan Web Security Virtual Appliance is prone to an OS command injection vulnerability when handling HTTP requests for the /rest/testConfiguration resource. This vulnerability can be leveraged by a remote, unauthenticated attacker to execute arbitrary code on the vulnerable server.
Solarwinds Virtualization Manager is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine.
The specific flaw exists within the edit_lf_process function of the service. The issue lies in in the ability to write arbitrary files with controlled data. This vulnerability is related to Reprise License Server so all the products that uses this 3rd party software might be vulnerable.