983 matches found
Hewlett-Packard Virtual User Generator EmulationAdmin Service Information Disclosure Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Virtual User Generator. Authentication is not required to exploit this vulnerability. The specific flaw exists within the exposed EmulationAdminSoapBinding web service. The issue lies in the...
CA ERwin Web Portal MIMM ConfigServiceProvider Information Disclosure Vulnerability
This vulnerability allows remote attackers to read database credentials on a system with vulnerable installations of CA ERwin Web Portal's Meta Integration Metadata Management service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the "Meta...
CA ERwin Web Portal MIMM ProfileIconServlet Multiple Information Disclosure Vulnerabilities
This vulnerability allows remote attackers to read arbitrary files on a system with vulnerable installations of CA ERwin Web Portal's Meta Integration Metadata Management service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the "Meta Integration W...
HP Business Process Monitor tp_bpm_admin.exe Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Business Process Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the tpbpmadmin.exe server which listens by default...
HP Virtual User Generator EmulationAdmin Service copyFileToServer Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Virtual User Generator. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the EmulationAdmin web service. This service exposes...
Microsoft Windows TTF CMAP Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...
Microsoft Windows win32k.sys Privilege Escalation Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must run a malicious executable. The specific flaw exists within the handling of Dynamic Data Exchange...
(Pwn2Own) Microsoft Windows NtUserMessageCall Privilege Escalation Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
HP System Management Homepage JustGetSNMPQueue Command Injection
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "HP System...
HP System Management Homepage JustGetSNMPQueue Command Injection
This Metasploit module exploits a vulnerability found in HP System Management Homepage. By supplying a specially crafted HTTP request, it is possible to control the 'tempfilename' variable in function JustGetSNMPQueue found in ginkgosnmp.inc, which will be used in a exec function. This results in...
Oracle MySQL For Microsoft Windows MOF Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Oracle MySQL for Microsoft Windows MO...
ManageEngine Security Manager Plus <= 5.5 build 5505 Remote SYSTEM SQLi (MSF)
Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...
Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Endpoint Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists within SemSvc.exe which listens by default on TCP port 8443 https. The SemSvc...
Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020006 Buffer Overflow
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Citrix Provisioning Services 5.6 SP1...
Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020006 Buffer Overflow
This module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 without Hotfix CPVS56SP1E043 by sending a malformed packet with the opcode 0x40020006 GetObjetsRequest to the 6905/UDP port. The module, which allows code execution under the context of SYSTEM, has been...
Solarwinds Storage Manager 5.1.0 SQL Injection
This module exploits a SQL injection found in Solarwinds Storage Manager login interface. It will send a malicious SQL query to create a JSP file under the web root directory, and then let it download and execute our malicious executable under the context of SYSTEM. This module requires Metasploi...
Novell Netware XNFS caller_name xdrDecodeString Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP...
Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP...
HP Power Manager 'formExportDataLogs' Buffer Overflow
This module exploits a buffer overflow in HP Power Manager's 'formExportDataLogs'. By creating a malformed request specifically for the fileName parameter, a stack-based buffer overflow occurs due to a long error message which contains the fileName, which may result in arbitrary remote code...
Symantec Veritas Storage Foundation vxsvc.exe Unicode String Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the vxsvc.exe process. The problem affecting the part of the serve...