The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.

Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp

The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer.

The specific flaw exists within the handling of HSC files. When parsing the IndirectAddrR attribute, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator.

D-Link Central WiFiManager has an FTP server listening on port 9000 by default with fixed credentials. This allows to unauthenticated users to upload and execute PHP files in the web root, leading to remote code execution.



This update fixes vulnerability URLs

D-Link Central WiFiManager has an FTP server listening on port 9000 by default with fixed credentials. This allows to unauthenticated users to upload and execute PHP files in the web root, leading to remote code execution.

The specific flaw exists within the dbman service, which listens on TCP port 2810 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM.

In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerability.

A Buffer Overflow exists when parsing .wav files. The vulnerability is caused due to a boundary error when handling a crafted .wav files.

ABB Panel Builder is prone to a Heap-Overflow when handling specially cracted .PBA files.