The specific flaw exists within the activate_doit function of the service. The issue lies in the handling of the Reprise License Menager server akey parameter which can result in overflowing a stack-based buffer.
OpenNMS Platform is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine.
This module exploits a directory traversal vulnerability in Novell ServiceDesk. The specific flaw is located in the import functionality provided to a user. Authenticated users can upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
ManageEngine OpManager is vulnerable to abuse a SQL query functionality that allows attackers to insert and export a crafted WAR using 'IntegrationUser' hidden account credentials allowing us to install an agent.
Jenkins is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the commons-collections Java library. By opening a JRMP listener, it is possible to remotely load a InvokerTransformer Java class, wich allows the execution of system commands.
The specific flaw exists in ELCSimulator.exe when handling specially crafted TCP packets.
Cisco Prime Infrastructure is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the xmpDataOperationRequestServlet servlet. By exploiting known methods, it is possible to remotely load a ProcessBuilder Java class, which allows the execution of system commands.
Atlassian Bamboo is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the commons-collections Java library. By exploiting known methods, it is possible to remotely load a InvokerTransformer Java class, wich allows the execution of system commands.
Apache ActiveMQ unserializes objects received using the STOMP protocol with the XStream library. This leads to remote code execution due to unsafe deserialization. This module writes and executes an agent in vulnerable systems. Privileges obtained will be those of the user running the ActiveMQ server.
The specific flaw exists within the activate_doit function of the service. The issue lies in the handling of the Reprise License Menager server parameter which can result in overflowing a stack-based buffer.