This module exploits a memory corruption in the Microsoft Windows TCP/IP implementation by sending a sequence of IPv6 packets with a specially crafted Router Advertisement ICMP packet.

WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs

or have limited functionality and may not have complete or accurate documentation.

The vulnerability is caused due to a boundary error when handling some commands. This can be exploited to cause a stack-based buffer overflow via an overly long command string, passed to the affected server.

This module exploits a memory corruption in the Microsoft Windows TCP/IP implementation by sending a sequence of TCP/IP packets with a specially crafted Selective Acknowledgement (SACK) values.

WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs

or have limited functionality and may not have complete or accurate documentation.

This module exploits a stack-based buffer overflow in the WireShark LWRES dissector by sending a specially crafted LWRES packet. This update adds support for more WireShark versions.

This module exploits a stack-based buffer overflow in the WireShark LWRES dissector by sending a specially crafted LWRES packet.

This module exploits a stack overflow in Serv-U Web Client by sending a specially crafted POST request.

phpMyAdmin is vulnerable to a remote code execution due the use of the unserialize method on user supplied data. This data is written in the config file and is accessible from the internet by default.

The vulnerability is caused due to a boundary error with the handling of PORT commands. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted command passed to the affected server.

A buffer overflow vulnerability was found in the SYS_CONTEXT procedure in

Oracle Database Server allows a valid database user to execute arbitrary

code.



The vulnerability can be exploited by any valid database user with CONNECT privileges. The buffer overflow can then be exploited by calling the SYS_CONTEXT() function.



This module has two uses: One as a Remote Exploit, which needs authentication, and another as an SQL Injection OS Agent installer module, which needs an Oracle SQL Agent as a target.

The vulnerability is caused due to a boundary error in the processing of eDonkey "OP_LOGINREQUEST" packets. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet to the ed2k port of an affected system.