HP Data Protector Express is prone to a buffer-overflow when handling folder names in an insecure way by the dpwindtb.dll component.
This module exploits a buffer overflow vulnerability in HP Data Protector by sending a specially crafted EXEC_CMD request.
This update fixes an issue when using InjectorEgg.
This update fixes an issue when using InjectorEgg.
This module exploits a default password vulnerability in Symantec Messaging Gateway.
Buffer overflow in the ISSymbol ActiveX control in ISSymbol.ocx in Advantech Studio allow remote attackers to execute arbitrary code via a long String argument in the InternationalOrder method.
A Format string vulnerability in the nsrd RPC service within EMC NetWorker? allows remote attackers to execute arbitrary code via format string specifiers in a crafted message.
This fixes a misspelling in the identity.xml file.
Libdbus 1.5.x and earlier, when used in setuid processes not clearing the environment variables, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable.
The best practice for installations of EMC Replication Manager is to register a Replication Manager Client (irccd.exe) instance with the appropiate Replication Manager Server (ird.exe) as soon as the client software is installed on a host.
Registration is performed by Replication Manager administrators from within the Replication Manager Server.
In the time span exposed before registering a Replication Manager Client instance with a Replication Manager Server, the RunProgram function of the Replication Manager Client instance can be invoked with arbitrary arguments by remote unauthenticated attackers in order to execute arbitrary code with SYSTEM privileges on the vulnerable machine.
This module exploits this misconfiguration scenario in order to install an agent on machines running still unregistered instances of EMC Replication Manager Client.
Registration is performed by Replication Manager administrators from within the Replication Manager Server.
In the time span exposed before registering a Replication Manager Client instance with a Replication Manager Server, the RunProgram function of the Replication Manager Client instance can be invoked with arbitrary arguments by remote unauthenticated attackers in order to execute arbitrary code with SYSTEM privileges on the vulnerable machine.
This module exploits this misconfiguration scenario in order to install an agent on machines running still unregistered instances of EMC Replication Manager Client.
Test a web page's parameters trying to detect potential SQL Injection vulnerabilities.
this update is for 12.5.
this update is for 12.5.
On Intel CPUs, sysret to non-canonical addresses causes a fault on the sysret instruction itself after the stack pointer is set to guest value but before the current privilege level (CPL) is changed. Windows is vulnerable due to the way the Windows User Mode Scheduler handles system requests. This module exploits the vulnerability and installs an agent with system privileges.
This update fixes an issue in the documentation.
This update fixes an issue in the documentation.