FedEx Ship Manager (FSM) version 3704 suffers from an insecure use of .NET remoting.
5374eec020dce43a5457b925be44af09e35de3c8bc67ec604ca0b4dc0b6af4deSolarWinds TFTP Server version 11.0.4.101 suffers from a remote unauthenticated reconfiguration vulnerability that could result in code execution.
875755fa3670a1f2faa0470381eb4d5fe1671e54c578c762aea9a129387550d8A remotely exploitable vulnerability exists within HPE System Insight Manager (SIM) version 7.6.x that can be leveraged by a remote unauthenticated attacker to execute code within the context of HPE System Insight Manager's hpsimsvc.exe process, which runs with administrative privileges. The vulnerability occurs due to a failure to validate data during the deserialization process when a user submits a POST request to the /simsearch/messagebroker/amfsecure page. This module exploits this vulnerability by leveraging an outdated copy of Commons Collection, namely 3.2.2, that ships with HPE SIM, to gain remote code execution as the administrative user running HPE SIM.
345538a899771c26db9d29a59a3850937177e4ce0cf67f8b2233fabdd208dc60The Oracle CPU dated 2020 Jan 14 included patches for various issues related to database links and gateways ("Oracle Heterogeneous Services"). Two vulnerabilities in particular might lead to privilege escalation, denial of service, or code execution attacks against Oracle databases.
a6605ae9ea1c50359727048ada7d1a952d239333c8cbb8a3fb4831930530deb9EBBISLAND EBBSHAVE 6100-09-04-1441 suffers from a remote buffer overflow vulnerability.
752c0dd1427815a28ffca2405491b7679ebea46ed02260ee83be0b02302b6008JetBrains TeamCity version 2018.2.4 suffers from a remote code execution vulnerability.
0c3bfaca43dec73060f830e405b2120c3ab1e6d61f374999890652784051cad8Tomcat version 9.0.0.M1 proprietaryEvaluate sandbox escape proof of concept.
6387cb2de359a320bca8b8198ebe1e1860a11299b6b805ab3668970553e0d452Cisco DCNM JBoss version 10.4 suffers from a credential leakage vulnerability.
2e290ed0460d004995aa5c6beda5de80054af8fec723414b381b7f8d67e3a1a2HID ActivID ActivClient version 7.1.0.202 appears to include the JasPer library for parsing JPEG 2000 facial images that may be present on PIV cards. It suffers from multiple denial of service conditions.
47c4613810ea8b2e7bc632eee27806dd5a0491ef7e14a343a6f8613b2e8ece1aHID ActivID ActivClient version 7.1.0.202 may not enforce upper bounds on the size of data received from a smart card, which can lead to attacks such as memory exhaustion, or serve as a heap spraying primitive for other attacks against the software, albeit slowly.
8f152ff2c4f8e62b07f2d5b2c106633d4aa5a263ab60b54c6da64427b460e860RSA Authentication Agent for Web for both IIS and Apache Web Server version 8.0. 1 and earlier contain multiple vulnerabilities that could potentially be exploit ed by malicious users to compromise affected systems. These issues include cross site scripting, buffer overflow, and information disclosure.
824af128e2d83214afc6cfd21dd6dd7b691bc610075d88c3421407f35c6e5466ArcGIS Server version 10.3.1 suffers from an RMIClassLoader useCodebaseOnly=false remote code execution vulnerability.
545522cd9fdc53bb73cff1f212207e711bdb3b99b915d2982025352ffc2e9200In default installations of HP SiteScope version 11.32, access to Java Management Extensions (JMX) is allowed to unauthenticated users over port 28006. This configuration allows for remote code execution exploits.
52544054868c2ef0c003c8317520227934d8c939f448bb6d5e4d362256c9015cOpenManage Server Administrator version 8.4 suffers from a directory traversal vulnerability.
64df1022197272561fbf522b26472bc450a0c8b7c4f7cf66729ba27dcad0eadc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed