The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site. This registration works even when registration has been disabled.



This module exploits this vulnerability to add an administrator user to the Joomla database. Notice that this account could need registration confirmation (activation).

Vx Search Enterprise is prone to a buffer overflow vulnerability when receive a crafted request.

PowerFolder Server is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the commons-collections Java library.

The module exploit a buffer overflow vulnerability in the SNMP code of the Cisco ASA

Disk Pulse server is prone to a buffer-overflow vulnerability when handling a crafted POST request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM priviledges.

Oracle Database Server Core RDBMS component is prone to a remote vulnerability that allows attackers to exploit a stack-based buffer overflow in the EXECUTE procedure of DBMS_AW.

Using an overly long parameter in the CDA command with the previous procedure, a stack-based buffer overflow will occur, overwriting the saved return address.

This module requires database user credentials with 'Create Session' privilege.



This update fixes a variable referenced before assignment bug.

Oracle Database Server is prone to a remote vulnerability that allows attackers to poison the data handled by the remote 'TNS Listener' component of the application.

This module tries to verify if the vulnerability is present in the 'TNS Listener' component of the database server, without deploying an agent. If a database instance name is supplied, it will be used to check for the vulnerability against the TNS listener of the target, but this could affect future client connections, as long as the module is running. If no database instance name is supplied, the module will try to register a random name.



This update adds a default TNS connection timeout to the tns library.

Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.

OpenNMS Platform is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine.

A vulnerability exists in the FileUploadServlet servlet of WebNMS Framework Server. This servlet allows unauthenticated file uploads. By uploading a JSP file, an attacker can achieve remote code execution.