The vulnerability is caused due to a boundary error when handling the

"akey" POST parameter related to /goform/activate_doit, which can be

exploited to cause a stack-based buffer overflow via a specially

crafted HTTP request.

JBoss Application Server is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary java objects leading to remote code execution.

This vulnerability affects the EJBInvokerServlet component of the server.

The vulnerability resides in parsing crafted Microsoft PowerPoint documents and produces a buffer overflow in the stack, leading to a privilege escalation to System.

This module exploits a vulnerability in Windows Netbios cache by flooding crafted NBNS responses.

RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution.

The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.

Incorrect signedness comparison in the ioctl handler of the atkbd keyboard driver in the FreeBSD kernel can be leveraged by a local unprivileged user to overwrite a portion of the kernel memory, thus allowing the attacker to gain root privileges on the affected system.



This update improves the checking of preconditions before launching the attack.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists in the handling of LeviStudio Project files. By providing an overly long HmiSet Type XML attribute, an attacker can overflow a stack-based buffer and execute arbitrary code in the context of the current process.

The AccessArray function in the VBScript engine of Internet Explorer is prone to a redefinition attack.

By accessing a VBScript array using a specially crafted object as the index, it is possible to resize the array in the middle of the AccessArray function, leaving the array in an inconsistent state, which can be abused by an attacker to execute arbitrary code on systems running vulnerable versions of Internet Explorer.

The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.