This module exploits a buffer overflow when parsing a specially crafted .ZIP file.
The specific flaw exists within the implementation of the 0x13C80 IOCTL in the BwOpcTool subsystem in VdBroadWinGetLocalDataLogEx. When parsing the NamedObject structure, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer.
This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
The specific flaw exists within the processing of FLN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.
Delta Industrial Automation COMMGR is prone to a buffer-overflow vulnerability when handling a crafted packet.
This module exploits a buffer overflow when parsing a specially crafted .XML file. After the file is downloaded, the user must open it from the application, clicking on the Command option in the menu bar (or right clicking in the middle window), then choosing Import Command ... and selecting the file.
PhpCollab is vulnerable to an unauthenticated php remote file inclusion, allowing attackers to execute arbitrary php code in the system.
Advantech WebAccess is prone to a buffer overflow vulnerability on the RPC interface that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer.
The vulnerability is caused due to a boundary error in DVD X Player when handling .PLF files. This can be exploited to cause a stack-based buffer overflow via a specially crafted file of said extension from the open playlist.
DiskBoss Enterprise is prone to a buffer-overflow vulnerability when handling a crafted packet, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.