This module exploits a buffer overflow vulnerability in the Aladdin Knowledge System Ltd PrivAgent.ocx ActiveX Control. The exploit is triggered when the ChooseFilePath() method processes a long string argument resulting in a stack-based buffer overflow.
This module exploits a vulnerability in the ntractivex118.dll module included in the NTRglobal NTR Activex Control application. The exploit is triggered when the StopModule() method processes a crafted argument resulting in a buffer overflow.
A buffer Overflow exists within the dpwinsdr.exe process which listens on TCP port 3817 by default. The process has insufficient bounds checking on user-supplied data copied to a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed opcode 0x330 message packets to the target.
HP Data Protector Express is prone to a buffer-overflow when handling folder names in an insecure way by the dpwindtb.dll component.
This module exploits a buffer overflow vulnerability in HP Data Protector by sending a specially crafted EXEC_CMD request.
This update fixes an issue when using InjectorEgg.
This update fixes an issue when using InjectorEgg.
Buffer overflow in the ISSymbol ActiveX control in ISSymbol.ocx in Advantech Studio allow remote attackers to execute arbitrary code via a long String argument in the InternationalOrder method.
A Format string vulnerability in the nsrd RPC service within EMC NetWorker? allows remote attackers to execute arbitrary code via format string specifiers in a crafted message.
The best practice for installations of EMC Replication Manager is to register a Replication Manager Client (irccd.exe) instance with the appropiate Replication Manager Server (ird.exe) as soon as the client software is installed on a host.
Registration is performed by Replication Manager administrators from within the Replication Manager Server.
In the time span exposed before registering a Replication Manager Client instance with a Replication Manager Server, the RunProgram function of the Replication Manager Client instance can be invoked with arbitrary arguments by remote unauthenticated attackers in order to execute arbitrary code with SYSTEM privileges on the vulnerable machine.
This module exploits this misconfiguration scenario in order to install an agent on machines running still unregistered instances of EMC Replication Manager Client.
Registration is performed by Replication Manager administrators from within the Replication Manager Server.
In the time span exposed before registering a Replication Manager Client instance with a Replication Manager Server, the RunProgram function of the Replication Manager Client instance can be invoked with arbitrary arguments by remote unauthenticated attackers in order to execute arbitrary code with SYSTEM privileges on the vulnerable machine.
This module exploits this misconfiguration scenario in order to install an agent on machines running still unregistered instances of EMC Replication Manager Client.
On Intel CPUs, sysret to non-canonical addresses causes a fault on the sysret instruction itself after the stack pointer is set to guest value but before the current privilege level (CPL) is changed. Windows is vulnerable due to the way the Windows User Mode Scheduler handles system requests. This module exploits the vulnerability and installs an agent with system privileges.
This update fixes an issue in the documentation.
This update fixes an issue in the documentation.
This update fixes the failure when running this module on multiple systems.