This module exploits a vulnerability on srv.sys when it executes a rename command into shared folder using a long pathname.



WARNING: This is an early release module.

This is not the final version of this module.

It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations.

Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

A vulnerability has been identified in ISC BIND, which could be exploited by remote attackers to cause a denial of service. This issue is caused due to the "dns_db_findrdataset()" function failing when the prerequisite section of a dynamic update message contains a record of type "ANY" and where at least one RRset for this FQDN exists on the server, which could allow attackers to cause a vulnerable server to exit when receiving a specially crafted dynamic update message sent to a zone for which the server is the master.



This update adds more supported platforms to the exploit.
This module exploits a heap-based buffer overflow in the Microsoft SQL Server by sending a specially crafted SQL query. This update adds support for executestatement() functionality within the WebApps vector.



It has two uses: One as a Remote Exploit which needs authentication, and another as an SQL Injection Agent installer module, which needs an SQL Agent as a target.

The vulnerability is caused due to the banner-edit.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to e.g. execute arbitrary PHP code by uploading a specially crafted PHP script that contains the GIF magic number.
The vulnerability is caused due to a boundary error within the authentication process. This can be exploited to cause a stack-based buffer overflow by sending an overly long, specially-crafted password to the affected server.
Subscribe to Remote