Oracle WebLogic Server is prone to a remote vulnerability that allows attackers to take advantage of a Java deserialization vulnerability. By exploiting known methods, it is possible to remotely connect to the RMI Registry to load a UnicastRef Object, wich allows the execution of system commands.
The specific flaw exists within the implementation of the 0x13C80 IOCTL in the BwOpcTool subsystem in VdBroadWinGetLocalDataLogEx. When parsing the NamedObject structure, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer.
Delta Industrial Automation COMMGR is prone to a buffer-overflow vulnerability when handling a crafted packet.
Advantech WebAccess is prone to a buffer overflow vulnerability on the RPC interface that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer.
DiskBoss Enterprise is prone to a buffer-overflow vulnerability when handling a crafted packet, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.
DiskSavvy server is prone to a buffer-overflow vulnerability (using port 9124), this can trigger an overflow in a finite-sized internal memory buffer, and install an agent.
In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. DiskPulse server is prone to a buffer-overflow SEH vulnerability (using port 80).
DiskBoss server is prone to a buffer-overflow vulnerability (using port 80), this can trigger an overflow in a finite-sized internal memory buffer, and install an agent.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing VX Search Web Server. The vulnerability is caused due to a boundary error within VX Search Web Server when processing HTTP command name POST Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Authentication is not required to exploit this vulnerability.
A stack overflow found in CloudMe Sync by supplying a malformed network request.
Pagination
- Previous page
- Page 10
- Next page