The specific flaw exists within the handling of XML files. When parsing the ShortMessage SMtext element, the process does not properly validate the length of user-supplied data prior to copying it to a buffer.
Unauthenticated remote command injection vulnerability in Indusoft Web Studio 8.1 SP2. The vulnerability is exercised via the custom remote agent protocol that is typically found on port 1234 or 51234. An attacker can issue a specially crafted command 66 which causes IWS to load a DB connection file off of a network share using SMB. The DB file can contain OS commands that will be executed at the privilege level used by IWS.
This update adds support for Windows 7 SP1 x64.
The Solarwinds Dameware Mini Remote Client agent supports smart card authentication by default which allows a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable.
A vulnerability in the Apache Solr Velocity template allows unauthenticated attackers to execute arbitrary OS commands.
This update adds automatic core name detection and newer supported versions.
This update adds automatic core name detection and newer supported versions.
A vulnerability in the Apache Solr Velocity template allows unauthenticated attackers to execute arbitrary OS commands.
A Buffer Overflow exists when parsing .XML files by Command Import. The vulnerability is caused due to a boundary error when handling a crafted .XML files.
The flaw exists in the GetUserPasswd function in BwPAlarm.dll due to improper validation of user-supplied data before copying the data to a fixed size stack-based buffer when processing an IOCTL 70603 RPC message.
By abusing document's event feature in LibreOffice and the LibreLogo script, an attacker can execute arbitrary python code from within a malicious document silently, without user warning.
This module performs a bypass of CVE-2019-9848 by using global script events.
This module performs a bypass of CVE-2019-9848 by using global script events.
Check Point Endpoint Security includes data security, network security, advanced threat prevention, forensics, and remote access VPN solutions.
Some parts of the software run as a Windows service executed as ''NT AUTHORITY\SYSTEM,'' which provides it with very powerful permissions, this vulnerability can be exploited to achieve privilege escalation, gaining access with NT AUTHORITY\SYSTEM level privileges.
Some parts of the software run as a Windows service executed as ''NT AUTHORITY\SYSTEM,'' which provides it with very powerful permissions, this vulnerability can be exploited to achieve privilege escalation, gaining access with NT AUTHORITY\SYSTEM level privileges.