Insufficient sanitization in Openfile's /admin/system.html 'Hostname' field, leads to remote code execution.
This update fixes the exploit category.
This update fixes the exploit category.
Buffer overflow in Kolibri Web Server allows remote attackers to execute arbitrary code via a long URI in a GET request.
A missing boundary check in the TLS Heartbeat extension in OpenSSL can be abused by remote attackers to read up to 64 kb of memory from the server.
This memory disclosure vulnerability can be used by remote unauthenticated attackers to obtain sensitive information from the affected server, including private keys and session cookies.
This update adds features to the module, like the ability to read 64 kb of data from vulnerable services, reporting the results in the Module Output window, and saving the memory dumps to disk. It also improves the compatibility with OpenSSL services and adds support for FTPS.
This memory disclosure vulnerability can be used by remote unauthenticated attackers to obtain sensitive information from the affected server, including private keys and session cookies.
This update adds features to the module, like the ability to read 64 kb of data from vulnerable services, reporting the results in the Module Output window, and saving the memory dumps to disk. It also improves the compatibility with OpenSSL services and adds support for FTPS.
A stack buffer overflow occurs when copying a user supplied input to a fixed size stack buffer without boundary check leading to overwrite the SEH and the return address.
The copying procedure stops when a null word is found and no size check is proceeded.
The copying procedure stops when a null word is found and no size check is proceeded.
The Genesis GenBroker service is listening port 38080 and is affected by integer overflow vulnerabilities while handling crafted packets in opcode 0x4b0.
This version improves connection with all methods.
This version improves connection with all methods.
This package updates the list of network service TCP and UDP ports known to the Impact exploits framework.
A vulnerability exists in the ManagementAgentServer.putFile XMLRPC call exposed by the as_agent.exe service, which allows for uploading arbitrary files under the server root.
This module abuses the auto deploy feature in the JBoss as_ste.exe instance in order to achieve remote code execution. Abused services listen on a single machine deployment, and also in the backend role in a multiple machine deployment.
This module abuses the auto deploy feature in the JBoss as_ste.exe instance in order to achieve remote code execution. Abused services listen on a single machine deployment, and also in the backend role in a multiple machine deployment.
A path traversal vulnerability affects the Issue Collector plugin in Atlassian JIRA. This module exploits that vulnerability to achieve remote code execution. The installed agent will have SYSTEM privileges.
By setting UserID in the cookie to a long string, we can overwrite EDX which
allows us to control execution flow when the following instruction is executed.
allows us to control execution flow when the following instruction is executed.
The vulnerability is caused due to a boundary error when parsing the "UserID" value in the session cookie, which can be exploited to cause a stack-based buffer overflow.