This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing VX Search Web Server. The vulnerability is caused due to a boundary error within VX Search Web Server when processing HTTP command name POST Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Authentication is not required to exploit this vulnerability.
This vulnerability allows local attackers to escalate privileges on vulnerable installations of MalwareFox Antimalware. An attacker must first obtain the ability to execute normal privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of crafted IOCTL by the zam64.sys kernel driver. The issue lies in the failure to properly validate user-supplied data which can allows a non-privileged process to register itself. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. This module will elevate the privileges of the current agent instead of installing a new one.
This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
A Buffer Overflow exists in AllPlayer when parsing .m3u files. The vulnerability is caused due to a boundary error when handling a crafted .m3u files.
HPE Operations Orchestration Central is prone to a remote vulnerability that allows attackers to take advantage of an improper validation of user-supplied data, which can result in deserialization of untrusted data in OOHttpInvokerServiceExporter. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM.
Microsoft Office is prone to a memory corruption vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .RTF document. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits a stack overflow vulnerability in "kwatch3.sys" by calling to IOCTL 0x80030004 function with crafted parameters.
This module exploits a buffer overflow on Sync Breeze Formats plugin when parsing a specially crafted .XML file. After the file is downloaded, the user must open it from the application, clicking on the Command option in the menu bar (or right clicking in the middle window), then choosing Import Command ... and selecting the file.
A stack overflow found in CloudMe Sync by supplying a malformed network request.
HPE Intelligent Management Center is prone to a remote vulnerability that allows attackers to take advantage of an improper validation of user-supplied data, which can result in deserialization of untrusted data in WebDMDebugServlet. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM.