A vulnerability exists in the FileUpload2Controller servlet. This servlet allows unauthenticated file uploads. By uploading a JSP file, an attacker can achieve remote code execution.
The specific flaw exists in fsws.exe (Easy Fila Sharing server) when handling specially crafted GET requests.
The Adobe updater service, armsvc, exposes 2 service codes and a shared memory section. Those elements combined, allow a local attacker to execute code as SYSTEM.
A vulnerability exists in the UploadServlet servlet. By providing a filename header containing a directory traversal, an attacker can upload a file to an arbitrary location on the system. This module abuses the auto deploy feature in the server in order to achieve remote code execution.
A vulnerability exists in the UploadFileAction servlet. By providing a fileType parameter of "*" to the UploadFileUpload page, an attacker can upload a file to an arbitrary location on the system. This module abuses the auto deploy feature in the server in order to achieve remote code execution. Also, this module makes use of an authentication bypass vulnerability to perform the attack.
The specific flaw exists within the implementation of the 0x280B opcode in the DrawSrv subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
VMware vCenter Server is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine. By exploiting known methods, it is possible to remotely load an MLet file from an attacker controlled web server that points at a jar file.
ManageEngine EventLog Analyzer is vulnerable to abuse a SQL query functionality that allows attackers to insert and export a crafted JSP using 'guest' credentials allowing us to install an agent.
A vulnerability in the Network Driver Interface Standard (NDIS) implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to trigger buffer overflow. This allows unprivileged local user to cause an invalid dereference in kernel mode, which produces a BSoD.
Microsoft Word is prone to a vulnerability that may allow execution of a remote dll.