This module exploits a vulnerability in Microsoft Windows MRXDAV.SYS driver. This vulnerability allows a local attacker to execute arbitrary code with SYSTEM privileges in a vulnerable target.
This module exploits a vulnerability in the Linux kernel related to the netfilter target_offset field. This vulnerability can be exploited by a local unprivileged attacker to gain root privileges.
The ioctl handler in the atkbd keyboard driver in FreeBSD is prone to a signedness error, which can lead to a buffer overflow in the kernel when processing a SETFKEY ioctl message with specially crafted values. This vulnerability can be exploited by a local unprivileged attacker to gain root privileges. In order to reach the vulnerable code in the keyboard driver, the exploit needs a virtual terminal (/dev/ttyv*) allocated for the user under which the initial agent is running. Virtual terminals are allocated when a user logs into the physical machine, as opposed to the pseudo-terminals (/dev/pts/*) which are allocated when accessing a system via a SSH shell, for example. This module can be configured to keep waiting for an accessible virtual terminal, by setting the Advanced/TIME LIMIT parameter to the desired maximum amount of minutes to wait for.
Wireshark is prone to a vulnerability that may allow execution of riched20.dll.dll if this module is located in the same folder than .PCAP file.
The specific flaw exists in the handling of LeviStudio Project files. By providing an overly long HmiSet Type XML attribute, an attacker can overflow a stack-based buffer and execute arbitrary code in the context of the current process. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
The vulnerability exists within the AxEditGrid ActiveX control's Insert property. This module runs a web server waiting for vulnerable clients (Internet Explorer 8) to connect to it.
Arbitrary Write in Rockwell Automation Connected Components Workbrench allows remote attackers to execute arbitrary code. This module runs a web server waiting for vulnerable clients (Internet Explorer 11) to connect to it.
When a special NBNS request is received by this module, it starts to answer to the client by flooding responses with the name specified by the "NAME TO BE SPOOFED" parameter and the IP address specified by the "NAME's IP TO BE SPOOFED" parameter. When three NBNS request packets are received from the target, this module answers the request by sending responses to the target during 'n' seconds (parameter "Flooding time per target connection"). After that, if an HTTP request asking for "/lala2.bmp" is received, it means the target was convinced to use the spoofed name sent during the attack. When it happens, this module confirms that the attack was successful.
The AccessArray function in the VBScript engine of Internet Explorer is prone to a redefinition attack. By accessing a VBScript array using a specially crafted object as the index, it is possible to resize the array in the middle of the AccessArray function, leaving the array in an inconsistent state, which can be abused by an attacker to execute arbitrary code on systems running vulnerable versions of Internet Explorer.
Internet Explorer is prone to a use-after-free vulnerability when trying to access the ArrayBuffer that was backing a Typed Array after it has been detached by transferring it to a Web Worker by calling the postMessage() function. This vulnerability can be abused by an attacker to execute arbitrary code on systems running vulnerable versions of Internet Explorer.