Impact | Core Security

Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp

The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer.

The specific flaw exists within the handling of HSC files. When parsing the IndirectAddrR attribute, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator.

D-Link Central WiFiManager has an FTP server listening on port 9000 by default with fixed credentials. This allows to unauthenticated users to upload and execute PHP files in the web root, leading to remote code execution.

This update fixes vulnerability URLs

The specific flaw exists within the dbman service, which listens on TCP port 2810 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM.

In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerability.

A Buffer Overflow exists when parsing .wav files. The vulnerability is caused due to a boundary error when handling a crafted .wav files.

ABB Panel Builder is prone to a Heap-Overflow when handling specially cracted .PBA files.

Opsview Web Management console allows to an authenticated administrator to test notifications that are triggered under certain configurable events.

The 'value' parameter is not properly sanitized, leading to an arbitrary command injection executed on the system with nagios user privileges.

Subscribe to Impact

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum