The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The exportReport method makes use of the uncsp_GenerateReports_Dashboard stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges.
The PAM MOTD module in Ubuntu does not correctly handle path permissions when creating user file stamps. A local attacker can exploit this to gain root privileges.
This update improves the reliability of the exploit.
This update improves the reliability of the exploit.
The specific flaw exists within the way the ActiveX Control parses data supplied to the RunAndUploadFile function. The ActiveX control is used to create an Asset Information file for the local system to be uploaded to the IBM Tivoli Provisioning Manager Express Server.
IBM Personal Communications is prone to a stack based buffer overflow when parsing a malformed WS file. This module exploits this flaw to archive a clientside code execution.
KingView Scada is vulnerable to a buffer overflow error in the HistorySvr.exe module when processing malformed packets sent to port 777/TCP.
This update adds new indirection using shell32.dll version 6.0.0.2900.5512.
This update adds new indirection using shell32.dll version 6.0.0.2900.5512.
The vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long filename field.
This update ensures that the program receives all data.
This update ensures that the program receives all data.
This module triggers a memory corruption vulnerability in the Remote Desktop Service by sending a malformed packet to the 3389/TCP port.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some
situations. Since this module is not the final version it may contain bugs
or have limited functionality and may not have complete or accurate documentation.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some
situations. Since this module is not the final version it may contain bugs
or have limited functionality and may not have complete or accurate documentation.
Microsoft Expression Design is prone to a vulnerability that may allow the execution of any library file named wintab32.dll, if this dll is located in the same folder than a .DESIGN file.
This is an early release module. This is not the final version of this module.It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
This is an early release module. This is not the final version of this module.It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
Due to insuficient checks when accessing the memory of a process vi /proc/PID/mem the linux kernel is prone to a privilige escalation.
Argument injection vulnerability in the URI handler in Java Deployment Toolkit allows remote attackers to execute arbitrary code via the -J argument to javaws.exe, which is processed by the launch method.