CVE-2016-3635

SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity UCON access control list and execute arbitrary Remote Function Modules RFM by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP...

Design/Logic Flaw

SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity UCON access control list and execute arbitrary Remote Function Modules RFM by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP...

CVE-2016-3635

CVE-2016-3635 affects SAP NetWeaver 7.4. Remote authenticated users can bypass the Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by using a connection created from an earlier execution of an anonymous RFM included in a Communication Assembly (...

CVE-2007-5248

CVE-2007-5248 affects the ID Software Doom 3 engine (Doom 3 1.3.1 and earlier; Quake 4 1.4.2 and earlier; Prey 1.3 and earlier) when Punkbuster (PB) is enabled. The vulnerability arises from format string handling in two PB packets (PB_Y to YPG server; PB_U to UCON), enabling remote attackers to ...

CVE-2007-5249

CVE-2007-5249 describes multiple buffer overflows in the Unreal Engine logging function (used by America’s Army and America’s Army Special Forces 2.8.2 and earlier) that occur when PunkBuster is enabled, allowing remote DoS via long PB_Y (to YPG on UDP 1716) or PB_U (to UCON on UDP 1716) packets....

CVE-2007-5247

Multiple format string vulnerabilities in the Monolith Lithtech engine, as used by First Encounter Assault Recon F.E.A.R. 1.08 and earlier, when Punkbuster PB is enabled, allow remote attackers to execute arbitrary code or cause a denial of service daemon crash via format string specifiers in 1 a...