This module sends HTTP requests with specially crafted data making the

PHP interpreter to consume lot of resources. This attack prevents the

victim server from processing requests from legitimate clients and

probably will make the server non-operational.



This is update fixes an issue when launching the module from an agent running in a linux system.

This module exploits a remote command execution vulnerability in the Zope web application server used by Plone, by sending a specially crafted HTTP request to the affected web site.



The vulnerability exists because it is possible to remotely invoke the popen2 function from the Python os package with arbitrary arguments in the context of the affected server. This can be exploited by remote unauthenticated attackers to execute arbitrary code on the vulnerable machine.

This vulnerability is caused by a buffer overflow in Omni-NFS Enterprise FTP Server, due to its lack of checking of user-supplied data within FTP requests.

This update add CVE.

There is a buffer overflow vulnerability in the administration web server for GoodTech Telnet Server which allows remote attackers to execute arbitrary code via a long string to port 2380.

This module exploits a remote buffer overflow in the streamprocess.exe service included in the Citrix Provisioning Services application by sending a malformed packet to the 6905/UDP port.

A buffer overflow exist in nfsd.exe in XLink Omni-NFS Server and allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd).

An internal memory buffer may be overrun while handling long "USER" command. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the FreeFTPdService.exe process.

This module sends HTTP requests with specially crafted data making the

PHP interpreter to consume lot of resources. This attack prevents the

victim server from processing requests from legitimate clients and

probably will make the server non-operational.



This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

The flaw exists in the Remote Agent (CEServer.exe) that listens by default on TCP port 4322, the process can not perform any authentication and copy the packages designed to a fixed size buffer.

This module sends HTTP requests with specially crafted data making the ASP.NET subsystem consume lot of resources. This attack prevents the victim server from processing requests from legitimate clients and probably will make the server non-operational.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.