This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing Kolibri Web Server. The vulnerability is caused due to a boundary error within Kolibri Web Server when processing HTTP POST Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Authentication is not required to exploit this vulnerability.
An internal memory buffer may be overrun while handling "HEAD" command. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the Kolibri webserver process (Kolibri.exe).
KingView Scada is vulnerable to a buffer overflow error in the HistorySvr.exe module when processing malformed packets sent to port 777/TCP. This update adds new indirection using shell32.dll version 6.0.0.2900.5512.
Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet.
This module exploits a vulnerability in Microsoft's implementation of the Kerberos authentication protocol, impersonating a user of the domain's Administrators group to install an agent in the domain controller with System privileges.
An input sanitization flaw exists in the way JBoss Seam processes certain parameterized JBoss Expression Language (EL) expressions. A remote unauthenticated attacker could use this flaw to execute arbitrary code via GET requests, containing specially-crafted expression language parameters, provided to web applications based on the JBoss Seam Framework. This module exploits the vulnerability in any web application based on vulnerable versions of the Seam 2 Framework.
The JMX-Console web application in JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method. This module uploads an arbitrary .JSP file to the target in order to deploy an agent on it.
A directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server allows remote attackers who are able to access the console manager to create files on arbitrary locations of the filesystem. This can be abused to gain execution of arbitrary code by sending special HTTP requests to the JMX Console. This module uploads an arbitrary .JSP file to the target in order to deploy an agent on it.
Invision Power Board is vulnerable to a remote code execution due to the use of the unserialize method on user input passed through cookies without a proper sanitization. This module exploits the vulnerability and installs an agent into the target host.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing IntraSrv Simple Web Server. The vulnerability is caused due to a boundary error within IntraSrv Simple Web Server when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Authentication is not required to exploit this vulnerability.