Oracle Coherence (Caching, CacheStore and Invocation Components) is prone to a remote vulnerability that allows attackers to take advantage of a Java deserialization vulnerability. By exploiting known methods, it is possible to remotely connect to the Coherence port via T3 protocol to invoke the extract method of the ReflectionExtractor class, which allows the execution of system commands.
This module exploits a buffer overflow vulnerability in Advantech WebAccess DATACORE server. This vulnerability can be exploited remotely by sending a specially crafted packet to port 14592.
This module exploits a buffer overflow vulnerability in Advantech WebAccess DATACORE server. This vulnerability can be exploited remotely by sending a specially crafted packet to port 14592.
A Race Condition bug exists in SearchIndexer.exe, and can be triggered by the access to a shared variable between two different methods of the same instance.
The ene.sys driver before v1.00.17 in Trident Z Lighting Control exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges.
The BITS service exposes functionality that allows low-privileged users to write arbitrary files and elevate system privileges.
The update functionality of the Cisco AnyConnect Secure Mobility Client for Windows is affected by a path traversal vulnerability that allows local attackers to create/overwrite files on arbitrary locations and gain system privileges with an uncontolled serach path vulnerability.
The vulnerability allows read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via MmMapLockedPages and MmBuildMdlForNonPagedPool.
A stack-based buffer overflow in WECON LeviStudioU allows an attacker to execute arbitrary code via crafted .XML file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.