This module exploits a file upload vulnerability in the LANDesk Lenovo ThinkManagement Console. Unrestricted file upload in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request.
The flaw exists within the sccfut.dll component which is used by
multiple vendors. The process copies the target of a crafted tag to a local stack buffer.
multiple vendors. The process copies the target of a crafted tag to a local stack buffer.
This module exploits a vulnerability in McAfee Virtual Technician MVTControl, which can be abused by using the GetObject() function to load unsafe classes, therefore allowing remote code execution under the context of the user.
This module allows remote attackers to place arbitrary files on a users file system by abusing the "saveXML" method from the "XMLSimpleAccessor" class in the HP Easy Printer HPTicketMgr.dll ActiveX Control (HPTicketMgr.dll 2.7.2.0). Code execution can be achieved by first uploading the payload to the remote machine embedding a vbs file, and then upload another mof file, which enables Windows Management Instrumentation service to execute the vbs.
A buffer overflow vulnerability exists in ispVM when processing crafted .XCF files can be exploited via an overly long version value within the ispXCF tag.
A boundary error exists in the WebPlayer ActiveX control when processing the "SRC" property with an overly long string.
The vulnerability is caused due to a boundary error when processing the tags within .PAC files. This can be exploited to cause a stack-based buffer overflow via an overly long string.
The DiagTraceR3Info function of the disp+work.exe component of SAP Netweaver is prone to a remote buffer overflow when the work process trace level is set to values 2 or 3 for the Dialog Processor component. This vulnerability can be exploited to execute arbitrary code on the vulnerable machine by sending a specially crafted packet containing ST_R3INFO CODEPAGE items.
The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The deleteReportFilter method makes use of the uncsp_DeleteFilter stored procedure, which is vulnerable to SQL Injection.
The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The DeleteReports method makes use of the uncsp_DeleteReports stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges.