Wireshark is prone to a format-string vulnerability. Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions.



This update adds windows 7 support.

This module exploits a buffer overflow vulnerability in Quick TFTP Server Pro when processing a very large mode field in a read or write request.

A vulnerability in Kolibri Webserver is caused by a buffer overflow error when handling overly long HEAD requests. This action could allow remote unauthenticated attackers to compromise a vulnerable web server via a specially crafted request.

The internal string handling functions of the Exim software contain a function called string_format(). The version of this function included with Exim versions prior to 4.70 contains a flaw that can result in a buffer overflow. This module exploits the vulnerability to install an agent. Additionally, this module also attempts to exploit the Alternate Configuration Privilege Escalation Vulnerability in Exim (CVE-2010-4345). If the second exploit is successful, the agent is installed with root privileges.

This module exploits a vulnerability in the WireShark ENTTEC dissector by sending a specially crafted UDP packet.

This package fixes a bug in the Apache chunked encoding exploit.

This vulnerability on installations of Golden FTP Server is due to a boundary error with the handling of passwords. This can be exploited to cause a stack-based buffer overflow via the use of overly long, specially-crafted passwords passed to the affected server.

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. This module works if map:map_yp_alias is set as the imap server address in config.php, which is not the default setting.

This module exploits a Remote Code Execution vulnerability in Mantis

version 1.1.3 when handling the sort parameter in manage_proj_page without

the proper validation that leads to a remote code execution on Mantis' Web

server.

This update adds support for the OSX platform.

FreeFloat FTP server is prone to a buffer-overflow vulnerability when handling overly long replies.