The Pagent service component of Panda Security for Business is prone to a path traversal vulnerability when handling MESSAGE_FROM_REMOTE packets.

This vulnerability can be exploited by remote unauthenticated attackers to drop arbitrary files in the vulnerable machine in order to gain remote code execution with SYSTEM privileges.

The RTSP protocol authentication in the Zavio F3105 IP camera is disabled by default. This configuration error allows remote attackers to access the live video stream without being asked for credentials.

A buffer overflow vulnerability within the handling of functions that take a URI as a parameter allows arbitrary command execution when a user loads a specially crafted web page.

This update improves the reliability and AV Evasion of Agents generated with modules: . Package and Register Agent . Send Agent by E-Mail . Serve Agent in Web Server

Watermark Master is prone to a buffer overflow vulnerability when handling WCF files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing users to open a specially crafted WCF file.

This module exploits a vulnerability in the hypervisor of Hyper-V by sending a crafted hypercall from the "guest OS" to the "host OS".

When the "vmci.sys" driver processes a crafted call from user an array index out of bound is exploited

This module exploits a Use-After-Free vulnerability in Adobe Reader when handling a specially crafted PDF file.



This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.



This update adds Javascript obfuscation to the PDF document and fixes some documentation issues.

The mongo::mongoFind method in MongoDB makes use of uninitialized memory. A remote attacker can fill that memory address with controlled data and then call the vulnerable function in order to execute arbitrary code on the affected server.



This update adds the CVE number.

The mongo::mongoFind method in MongoDB makes use of uninitialized memory. A remote attacker can fill that memory address with controlled data and then call the vulnerable function in order to execute arbitrary code on the affected server.