The specific flaw exists within the activate_doit function of the service. The issue lies in the handling of the Reprise License Menager server parameter which can result in overflowing a stack-based buffer.
This module exploits a remote code execution vulnerability in HP Data Protector by sending a specially crafted EXEC_BAR user name request. The 32-bit version of Data Protector is the only one exploitable, however, in 64-bit operating systems, the installer will always choose the 64-bit version of the software.
This module exploits an arbitrary file upload vulnerability in Advantech WebAccess. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the FileUpload script allows unauthenticated callers to upload arbitrary code to directories in the server where the code can be automatically executed under the high-privilege context of the IIS AppPool. Authentication is not required to exploit this vulnerability.
Jenkins is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the XStream Java library. By exploiting known methods, it is possible to remotely load a ProcessBuilder Java class, which allows the execution of system commands.
The specific flaw exists within the implementation of the 0x13C83 opcode in the webvrpcs Service BwWebSvc.dll . A stack-based buffer overflow vulnerability exists in a call to sprint. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
A vulnerability exists in the FileUpload2Controller servlet. This servlet allows unauthenticated file uploads. By uploading a JSP file, an attacker can achieve remote code execution.
The specific flaw exists in fsws.exe (Easy Fila Sharing server) when handling specially crafted GET requests.
A vulnerability exists in the UploadServlet servlet. By providing a filename header containing a directory traversal, an attacker can upload a file to an arbitrary location on the system. This module abuses the auto deploy feature in the server in order to achieve remote code execution.
A vulnerability exists in the UploadFileAction servlet. By providing a fileType parameter of "*" to the UploadFileUpload page, an attacker can upload a file to an arbitrary location on the system. This module abuses the auto deploy feature in the server in order to achieve remote code execution. Also, this module makes use of an authentication bypass vulnerability to perform the attack.
The specific flaw exists within the implementation of the 0x280B opcode in the DrawSrv subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Pagination
- Previous page
- Page 16
- Next page