Trend Micro InterScan Web Security Virtual Appliance is prone to an OS command injection vulnerability when handling HTTP requests for the /rest/wmi_domain_controllers resource. This vulnerability can be leveraged by a remote, unauthenticated attacker to execute arbitrary code on the vulnerable server.
Trend Micro InterScan Web Security Virtual Appliance is prone to an OS command injection vulnerability when handling HTTP requests for the /rest/testConfiguration resource. This vulnerability can be leveraged by a remote, unauthenticated attacker to execute arbitrary code on the vulnerable server.
Solarwinds Virtualization Manager is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine.
OpenNMS Platform is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine.
This module exploits a directory traversal vulnerability in Novell ServiceDesk. The specific flaw is located in the import functionality provided to a user. Authenticated users can upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
Jenkins is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the commons-collections Java library. By opening a JRMP listener, it is possible to remotely load a InvokerTransformer Java class, wich allows the execution of system commands.
JBoss Application Server is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the commons-collections java library. By exploiting known methods, it is possible to remotely load a InvokerTransformer java class, wich allows the execution of system commands.
Cisco Prime Infrastructure is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the xmpDataOperationRequestServlet servlet. By exploiting known methods, it is possible to remotely load a ProcessBuilder Java class, which allows the execution of system commands.
This module exploits a vulnerability in the Linux kernel related to the netfilter target_offset field. This vulnerability can be exploited by a local unprivileged attacker to gain root privileges.
This module exploits a user-after-free vulnerability in the Linux Kernel. When bpf(BPF_PROG_LOAD, ...) was invoked with a BPF program whose bytecode references a non-map file descriptor as a map file descriptor, the error handling code called fdput() twice instead of once (in __bpf_map_get() and in replace_map_fd_with_map_ptr()). If the file descriptor table of the current task is shared, this causes f_count to be decremented too much, allowing the struct file to be freed while it is still in use (use-after-free). This can be exploited to gain root privileges by an unprivileged user.
Pagination
- Previous page
- Page 23
- Next page