This module exploits a remote buffer overflow in the OmniInet.exe service included in the HP OpenView Storage Data Protector application by sending a malformed MSG_PROTOCOL packet.



This update improves exploit reliability.

Zimbra is vulnerable to a Local File Inclusion vulnerability that allows attacker to get LDAP credentials which we may use for upload a JSP file allowing us to install an agent.



This update workarounds a problem when proxying and using HTTPSConnection.

The specific flaw exists within the JOB_S_GetJobByUserFriendlyString function. By sending a crafted packet on TCP port 11460

Solarwinds FSM is vulnerable to an authentication bypass in userlogin.jsp that allows attacker to upload an agent via a weekness in the username atribute in settings-new.jsp allowing us to install an agent.

The Usermin Control Panel is vulnerable to command injection due to the function get_signature in usermin/mailbox/mailbox-lib.pl, which calls open() without any prior validation.



This vulnerability allows authenticated users to execute arbitrary code on the affected Usermin versions.

This module exploits, via a "Man In The Middle" attack, a security flaw in the Domain Controller policies downloaded by clients during the logging process



This update adds support to Windows 8.1 and Windows 2012 R2 and improves the network stability.

This module exploits a vulnerability while handling TKEY queries in the BIND service to cause a DoS.

IBM Domino is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when parsing BMP images. By sending a specially-crafted bitmap image, a remote attacker could overflow a buffer and execute arbitrary code on the system or make the application crash.

This version add encryption.

Zimbra is vulnerable to a Local File Inclusion vulnerability that allows attacker to get LDAP credentials which we may use for upload a JSP file allowing us to install an agent.

The specific flaw exists within LDAP handling functionality which listens by default on TCP port 389. The vulnerable code blindly copies attacker supplied data from a specially formatted LDAP ModifyRequest packet to a fixed length stack buffer.