A vulnerability exists in the FileUploadServlet servlet of WebNMS Framework Server. This servlet allows unauthenticated file uploads. By uploading a JSP file, an attacker can achieve remote code execution.
The specific flaw exists within the edit_lf_process function of the service. The issue lies in in the ability to write arbitrary files with controlled data. This vulnerability is related to Reprise License Server so all the products that uses this 3rd party software might be vulnerable.
The specific flaw exists within the activate_doit function of the service. The issue lies in the handling of the Reprise License Menager server akey parameter which can result in overflowing a stack-based buffer.
ManageEngine OpManager is vulnerable to abuse a SQL query functionality that allows attackers to insert and export a crafted WAR using 'IntegrationUser' hidden account credentials allowing us to install an agent.
Jenkins is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the commons-collections Java library. By opening a JRMP listener, it is possible to remotely load a InvokerTransformer Java class, wich allows the execution of system commands.
JBoss Application Server is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the commons-collections java library. By exploiting known methods, it is possible to remotely load a InvokerTransformer java class, wich allows the execution of system commands.
The specific flaw exists in ELCSimulator.exe when handling specially crafted TCP packets.
Atlassian Bamboo is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the commons-collections Java library. By exploiting known methods, it is possible to remotely load a InvokerTransformer Java class, wich allows the execution of system commands.
This module exploits a vulnerability in win32k.sys by creating special Windows menus with crafted parameters.
This module exploits a design flaw in Microsoft Windows. By spoofing NBNS responses, an unprivileged user can abuse a local HTTP->SMB credentials reflection vulnerability to install an agent. If that approach fails, on supported platforms the exploit falls back to a local WEBDAV->SMB credential reflection (MS16-075).