JMS Object messages within Apache ActiveMQ depend on Java Serialization for marshaling/unmashaling of the message payload. This lead to execution of untrusted code when a specially crafted object is received.



This update introduces an exploit that will attempt to connect using the STOMP protocol and abuse the vulnerability to execute a Core Impact agent in the vulnerable system.

The specific flaw exists within the processing of network TCP requests by ELCSimulator.exe. A crafted request will cause a stack buffer overflow.

The vulnerability is caused due to a boundary error when handling the

"akey" POST parameter related to /goform/activate_doit, which can be

exploited to cause a stack-based buffer overflow via a specially

crafted HTTP request.

The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.

The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Trend Micro InterScan Web Security Virtual Appliance is prone to an OS command injection vulnerability when handling HTTP requests for the /rest/testConfiguration resource.

This vulnerability can be leveraged by a remote, unauthenticated attacker to execute arbitrary code on the vulnerable server.

This module exploits a directory traversal vulnerability in Novell ServiceDesk. The specific flaw is located in the import functionality provided to a user. Authenticated users can upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.

Make agent persistent and WMI module enhancement in connection type HTTP proxy - aware

This module exploits an arbitrary file upload vulnerability in Advantech WebAccess. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the FileUpload script allows unauthenticated callers to upload arbitrary code to directories in the server where the code can be automatically executed under the high-privilege context of the IIS AppPool.



Authentication is not required to exploit this vulnerability.

The DefaultActionMapper class in Apache Struts 2 supports a Dynamic Method Invocation feature via the "method:" prefix. The information contained in this prefix is not properly sanitized before being evaluated as OGNL expressions on the server side, which allows remote attackers to execute arbitrary Java code on the server.



This module exploits the vulnerability in any web application built on top of vulnerable versions of the Apache Struts 2 framework with the "struts.enable.DynamicMethodInvocation" configuration parameter in struts.xml set to True.