This module exploits a format string vulnerability in Microsoft Windows "Print Spooler" service.

This module abuses a metacharacter injection vulnerability in the diff.php script. This flaw allows an unauthenticated attacker to execute arbitrary commands as the www-data user account.

The VMware vSphere API contains a denial of service vulnerability. This issue allows an unauthenticated user to send a maliciously crafted API request and disable the host daemon. Exploitation of the issue would prevent management activities on the host but any virtual machines running on the host would be unaffected.

This update adds the correct CVE number.

This module exploits a command injection vulnerability in WebCalendar prior to 1.2.4 in order to install an agent.

A Buffer Overflow exist in DAQFactory service who listens on the UDP port 20034 when logs the informations of the incoming NETB packets.

This module exploits a heap overflow vulnerability in Samba Server by sending a crafted request packet via DCERPC call.



This update adds support to Debian 5 (32 bits and 64 bits).

Invision Power Board is vulnerable to a remote code execution due to the use of the unserialize method on user input passed through cookies without a proper sanitization.

The specific flaw exists because Avaya IP Office Customer Call Reporter allows to upload files to the webserver through ImageUpload.ashx. The uploaded files will not be stripped of their file extensions and the directory where they are saved has no scripting restrictions.

A security vulnerability was found in the VMware vSphere Hypervisor (ESXi)

subsystem, allowing an unauthenticated remote DoS. The vulnerability could

allow denial of service if a specially crafted request is sent to the

vSphere API by an unauthenticated user.

A Format string vulnerability in the nsrd RPC service within EMC NetWorker? allows remote attackers to execute arbitrary code via format string specifiers in a crafted message.

This update adds Linux Support.