Citrix EdgeSight is prone to a Denial of Service within the LauncherService.exe component which listens by default on TCP port 18747. When handling a request the process trusts a user supplied field in the packet specifying the length of data to follow, the process then copies the user supplied data, without validation, into a fixed-length buffer on the heap.
This module exploits a design flaw in HP Data Protector by sending a specially crafted EXEC_SETUP request.
The specific flaw exists within the implementation of the EXEC_SETUP command. This command instructs a Data Protector client to download and execute a setup file. A malicious attacker can instruct the client to access a file off of a share thus executing arbitrary code under the context of the current user.
The specific flaw exists within the implementation of the EXEC_SETUP command. This command instructs a Data Protector client to download and execute a setup file. A malicious attacker can instruct the client to access a file off of a share thus executing arbitrary code under the context of the current user.
Mutable Decoder in Package and Register improves the randomness in executable agents generated by Impact (Package and Register, Serve Agent in WebServer, Send Agent by email and others).
A vulnerability found on Siemens FactoryLink vulnerability occurs when CSService.exe processes a CSMSG_ListFiles_REQ message, causing a stack overflow.
This module exploits a buffer overflow vulnerability in HP Data
Protector by sending a specially crafted packet to the vulnerable
Omniinet.exe service.
Protector by sending a specially crafted packet to the vulnerable
Omniinet.exe service.
This module exploits a vulnerability in the Microsoft WINS service by sending a request packet followed by a RESET connection packet to the service.
The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service via a packet with a large data size to TCP port 1530.
DATAC Realwin is prone to a buffer-overflow when processing On_FC_CONNECT_FCS_LOGIN packets with an overly long user name.
This module exploits a vulnerability on Microsoft Windows SMB Server via a SMB crafted packet.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
The specific flaw exists within the code responsible for ensuring proper privileged execution of methods. If an untrusted method in an applet attempts to call a method that requires privileges, Java will walk the call stack and for each entry verify that the method called is defined within a class that has that privilege. However, this does not take into account an untrusted object that has extended the trusted class without overwriting the target method.
Additionally, this can be bypassed by abusing a similar trust issue with interfaces. An attacker can leverage these insecurities to execute vulnerable code under the context of the user invoking the JRE.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime. Authentication is not required to exploit this vulnerability.
Additionally, this can be bypassed by abusing a similar trust issue with interfaces. An attacker can leverage these insecurities to execute vulnerable code under the context of the user invoking the JRE.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime. Authentication is not required to exploit this vulnerability.