This module exploits a vulnerability in srv2.sys via a SMB 2 malformed packet.



This Update adds support for attacking over IPv6 and additional support for Windows Server 2008

This module exploits a TinyWebGallery local file-include vulnerability because TinyWebGallery fails to properly sanitize user-supplied input. The module takes advantage of the logging capabilities of the attacked software to remotely execute arbitrary code.



This update fixes some issues related with an updated library.

Support for various platforms was added.

This module exploits a vulnerability present in PineApp Mail-SeCure. The specific flaw exists within the component ldapsynchnow.php, which lacks proper sanitization, thus allowing command injection.

Exploits a buffer overflow in the Apache Connector of Oracle WebLogic Server (formerly known as BEA WebLogic Server). The target path used when launching this module against an Apache Server must be handled by the Apache Connector or the exploit will not succeed.



This update changes the default connection method for the module.

This module exploits a buffer overflow vulnerability present in Nginx by bypassing the stack cookie protection and by reordering the TCP packets to make it reliable.

This module exploits a file disclosure vulnerability on Foscam IP cameras. Due to improper access restrictions, it is possible for a remote unauthenticated attacker to read arbitrary files from the /tmpfs/ and /log/ directories. This can be exploited to obtain valuable information such as access credentials, Wi-Fi configuration and other sensitive information in plain text.

The vulnerability is caused due to a boundary error within the authentication process. This can be exploited to cause a stack-based buffer overflow by sending an overly long, specially-crafted password to the affected server. This update adds CVE Number.

The Dovecot documentation contains an example using a dangerous configuration option for Exim, which leads to a remote command execution vulnerability.

Bifrost Server is prone to a buffer overflow vulnerability which can be exploited remotely by sending a specially crafted packet to port TCP/81.

Adobe ColdFusion is vulnerable to a remote authentication-bypass, allowing the attacker to upload an agent and execute it. The agent may have SYSTEM privileges if ColdFusion is installed as a service in Windows.