A vulnerability exists in the FileUploadServlet servlet of WebNMS Framework Server. This servlet allows unauthenticated file uploads. By uploading a JSP file, an attacker can achieve remote code execution.
JMS Object messages within Apache ActiveMQ depend on Java Serialization for marshaling/unmashaling of the message payload. This lead to execution of untrusted code when a specially crafted object is received.
This update introduces an exploit that will attempt to connect using the STOMP protocol and abuse the vulnerability to execute a Core Impact agent in the vulnerable system.
This update introduces an exploit that will attempt to connect using the STOMP protocol and abuse the vulnerability to execute a Core Impact agent in the vulnerable system.
The specific flaw exists within the processing of network TCP requests by ELCSimulator.exe. A crafted request will cause a stack buffer overflow.
Microsoft Windows is prone to a stack-based buffer-overflow vulnerability in the Windows Graphics Rendering Engine because the software fails to perform adequate boundary-checks on user-supplied data.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
This update improves the exploit reliability.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
This update improves the exploit reliability.
A heap overflow in the ActiveX control qp2.cab in IBM Lotus Quickr for Domino allows remote attackers to execute arbitrary code via a crafted argument to the Attachment_Names method.
This update reduces user interaction, automating the focus of the mouse in the created window object.
This update reduces user interaction, automating the focus of the mouse in the created window object.
This module exploits a vulnerability in Microsoft Windows MRXDAV.SYS driver. This vulnerability allows a local attacker to execute arbitrary code with SYSTEM privileges in a vulnerable target.
This module exploits a vulnerability in the Linux kernel related to the netfilter target_offset field. This vulnerability can be exploited by a local unprivileged attacker to gain root privileges.
Internet Explorer is prone to a use-after-free vulnerability when trying to access the ArrayBuffer that was backing a Typed Array after it has been detached by transferring it to a Web Worker by calling the postMessage() function.
This vulnerability can be abused by an attacker to execute arbitrary code on systems running vulnerable versions of Internet Explorer.
This vulnerability can be abused by an attacker to execute arbitrary code on systems running vulnerable versions of Internet Explorer.
The vulnerability is caused due to the application loading a library
(riched20.dll.dll) in an insecure manner. This can be exploited to
load arbitrary libraries by tricking a user into e.g. opening a e.g.
".pcap" file located on a remote WebDAV or SMB share.
(riched20.dll.dll) in an insecure manner. This can be exploited to
load arbitrary libraries by tricking a user into e.g. opening a e.g.
".pcap" file located on a remote WebDAV or SMB share.
Action Pack in Ruby on Rails allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.