This vulnerability revolves around an unchecked integer underflow of the size of a record of type 0x3c, producing a heap overflow, within a Workbook stream in an XLS file handled by Ichitaro.
Disk Savvy server is prone to a buffer-overflow vulnerability when handling a crafted GET request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.
Viscosity for Windows suffers from a privilege escalation vulnerability. By abusing the named pipe configuration channel between the client and the underlying service, a local attacker can gain SYSTEM privileges.
A stack-based buffer overflow vulnerability has been identified, where an attacker with a specially crafted packet could overflow the fixed length buffer. This could allow remote code execution.
The vulnerability is caused due to the usage of vulnerable collection of libraries that are part of DCMTK Toolkit, specifically the parser for the DICOM Upper Layer Protocol or DUL.
Buffer overflow/underflow can be triggered when sending and processing wrong length of ACSE data structure received over the network by the DICOM Store-SCP service.
Buffer overflow/underflow can be triggered when sending and processing wrong length of ACSE data structure received over the network by the DICOM Store-SCP service.
An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java object to the Jenkins CLI, making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading to code execution, bypassing existing protection mechanisms.
This module exploits a vulnerability in win32k.sys. By forcing an invalid combination of window style and window menu a local attacker can trigger a kernel arbitrary write and elevate privileges.
This update adds support to Windows 2008 (32 and 64 bits) and Windows 2008 R2 (64 bits)
This update adds support to Windows 2008 (32 and 64 bits) and Windows 2008 R2 (64 bits)
This module exploits a stack-based buffer overflow vulnerability in the web interface of DiskSavvy Enterprise caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server.
This module exploits a stack-based buffer overflow vulnerability in the web interface of Dup Scout Enterprise caused by improper bounds checking on the login process sent to the built-in web server.
Cisco WebEx extension for Chrome includes an OS command injection vulnerability. This module serves a specially crafted web page using HTTPS. If a vulnerable version of the extension is installed and the web browser connects to Impact's web server, this module will deploys an OS agent.