The specific flaw exists within the dbman.exe service, which listens on TCP port 2810 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call.

Trend Micro InterScan Web Security Virtual Appliance is prone to an OS command injection which allows attackers the execution of system commands.

This module exploits a vulnerability in Microsoft Office Word. The flaw is related in how Microsoft Word handles OleLink objects. It is possible to open a RTF file and execute arbitrary code in vulnerables installations of Microsoft Office Word.



This vulnerability was originally seen being exploited in the wild starting in October 2016.



This module adds support for Microsoft Office 2010, Microsoft Office 2013 and Microsoft Office 2016.

This module installs a level0 agent by writing a .so library and requesting an open pipe on the remote host.

This module exploits a SQL Injection vulnerability in Joomla which allows gathering of users and password hashes by parsing SQL output errors.

This module uses an arbitrary file upload vulnerability in Magento eCommerce Web Sites to gain arbitrary code execution on the affected system.

Authentication is required to access the administrative panel.

An elevation of privilege exists in Windows COM Aggregate Marshaler. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.

This module exploits the ms17-010 vulnerability by taking advantage of a remote pool overflow in the smb transaction handling code of the windows smb driver.

Use After Free in Microsoft Office allows remote attackers to execute arbitrary code via crafted EPS file in an Office document, leading to improper memory allocation.

This module uses a directory traversal vulnerability in the file import feature in Nuxeo Platform CMS to upload a JSP to gain arbitrary code execution on the affected system.