A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.
HTTP.sys has a use-after-free vulnerability that allows a remote attacker to crash the vulnerable machine.
Unauthenticated file upload vulnerability via uploadova plugin in VMware vCenter Server to upload and extract a TAR file.
The TAR file contains a path traversal that allows writing files at arbitraries locations.
The TAR file contains a path traversal that allows writing files at arbitraries locations.
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon processing of such messages, the service deserializes them in insecure manner, allowing remote arbitrary code execution as LocalSystem.
This update adds "Connect to" Agent Connection and fixes some issues.
This update adds "Connect to" Agent Connection and fixes some issues.
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon processing of such messages, the service deserializes them in insecure manner, allowing remote arbitrary code execution as LocalSystem.
A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets, aka 'Windows TCP/IP Remote Code Execution Vulnerability'.
Oracle WebLogic Server is prone to a remote vulnerability that allows unauthenticated attackers to execute system commands.
By exploiting known methods, it is possible to remotely instantiate several java classes that allows to execute system commands.
This update improves code readability and adds a bypass for CVE-2020-14750.
By exploiting known methods, it is possible to remotely instantiate several java classes that allows to execute system commands.
This update improves code readability and adds a bypass for CVE-2020-14750.
Oracle WebLogic Server is prone to a remote vulnerability that allows unauthenticated attackers to execute system commands.
By exploiting known methods, it is possible to remotely instantiate several java classes that allows to execute system commands.
By exploiting known methods, it is possible to remotely instantiate several java classes that allows to execute system commands.
An unauthenticated java deserialization vulnerability via T3 protocol in Oracle Weblogic Server allows an attacker to upload and execute a java class file to gain arbitrary code execution on the affected system.
This update adds xml tags to prevent pivoting.
This update adds xml tags to prevent pivoting.