Maple Computer SNMP Asministrator is prone to a buffer-overflow vulnerability when handling a crafted packet.
File Share Wizard is prone to a buffer-overflow vulnerability when handling a crafted POST packet.
AVEVA InduSoft Web Studio is prone to a remote vulnerability that allows attackers to execute commands under the context of the program user.
Apache Solr is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine. By exploiting known methods, it is possible to remotely load an MLet file from an attacker controlled web server that points at a jar file.
The specific flaw exists within BwPAlarm.dll, which is accessed through the 70603 IOCTL in the webvrpcs process. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer.
Adobe ColdFusion is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JNBridge protocol.
This module exploits a win32k component vulnerability This can be exploited to execute arbitrary code with System privileges. It is working until KB4507004 update 2019/07/08 it is patched in KB4507449 Security Monthly Quality Rollup for Windows 7 x64-based Systems 2019/07/09
The vulnerability allows read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.
The -u parameter of sudo can be used to specify a user id if preceded by '#', this module exploits a flaw in how that parameter is handled, when the id -1 is provided sudo will run the command as root even if it is restricted in the sudoers file For this exploit to work, there must be at least one directive in the sudoers file that allows a non privileged user to run a command as any user, thus by exploiting the flaw this command can be ran as root Depending on the configured commands inside the sudoers file, an new privileged agent can be deployed using only those commands. This exploit currently supports deploying the agent when vi or vim are allowed by a directive
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.