Oracle Coherence (Caching, CacheStore and Invocation Components) is prone to a remote vulnerability that allows attackers to take advantage of a Java deserialization vulnerability. By exploiting known methods, it is possible to remotely connect to the Coherence port via T3 protocol to invoke the extract method of the ReflectionExtractor class, which allows the execution of system commands.
This module exploits a buffer overflow vulnerability in Advantech WebAccess DATACORE server. This vulnerability can be exploited remotely by sending a specially crafted packet to port 14592.
This module exploits a buffer overflow vulnerability in Advantech WebAccess DATACORE server. This vulnerability can be exploited remotely by sending a specially crafted packet to port 14592.
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
This module crashes the target machine producing a blue screen by sending a specially crafted SMB packet
Integard Pro is prone to a buffer-overflow vulnerability when handling a crafted POST packet.
Citrix Application Delivery Controller (ADC) and Gateway are prone to a directory traversal vulnerability that allows attackers to upload an XML file via newbm.pl and execute system commands.
The srv2.sys driver exposes functionality that allows remote users to write arbitrary memory via specially crafted packet and gain the ability to execute code on the target server.
This module triggers a memory corruption vulnerability in the Remote Desktop Service by sending a malformed packet.
Tenable found an unauthenticated remote code execution vulnerability in the SolarWinds Dameware Remote Mini Remote Client Agent Service (DWRCS.exe) version 12.1.0.89.