This module exploits a vulnerability in win32k.sys by loading a Printer Font Metric (PFM) file associated to an empty Printer Font Binary (PFB) file.
This module exploits an exceptional condition in "lsasrv.dll" by sending a crafted "Session Setup Request" SMBv1 or SMBv2 packet that is affected during the NTML Auth message.
This module exploits a "use after free" vulnerability in xul.dll.
This module exploits a vulnerability in win32k.sys. By forcing an invalid combination of window style and window menu a local attacker can trigger a kernel arbitrary write and elevate privileges.
This module exploits an exceptcional condition in "lsasrv.dll" by sending a crafted "Session Setup Request" SMBv1 or SMBv2 packet that is affected during the NTML Auth message.
The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The deleteReportFilter method makes use of the uncsp_DeleteFilter stored procedure, which is vulnerable to SQL Injection.
The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The exportReport method makes use of the uncsp_GenerateReports_Dashboard stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges.
Argument injection vulnerability in the URI handler in Java Deployment Toolkit allows remote attackers to execute arbitrary code via the -J argument to javaws.exe, which is processed by the launch method.
A buffer overflow in libtelnet/encrypt.c in Inetutils and Heimdal implementations of telnetd allows remote attackers to execute arbitrary code with root permissions via a long encryption key. This update adds support for Debian and newer FreeBSD platforms.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is required to exploit this vulnerability in that a logged in user must be coerced into visiting a malicious link. The specific flaw exists within the ScheduleTask method exposed by the IMAdminSchedTask.asp page hosted on the web interface. This function does not properly sanitize user input from a POST variable before passing it to an eval call. An attacker can abuse this to inject and execute arbitrary ASP under the context of the user visiting the malicious link.