This exploit takes advantage of a vulnerability that allows attackers to cause ProFTP to execute arbitrary code via a malformed welcome message of the server.
This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted SWF file. This update resolves an issue with how the exploit uses client side cookies.
The RDS.Dataspace ActiveX control includes a method that can create an instance of an ActiveX control that exists on the system. The ActiveX objects created in this manner will bypass the ActiveX security model. In particular, the "safe for scripting" and killbit options are ignored. Note that in default configurations of Internet Explorer, the RDS.Dataspace ActiveX control cannot be loaded in the Internet Zone.
This module exploits a remote command execution vulnerability in DX Studio Player plugin for Firefox via an specially crafted .dxstudio file.
The vulnerability is caused due to a boundary error in the processing of .RAP files. This can be exploited to cause a stack-based buffer overflow by tricking a user into decoding a specially crafted .RAP file.
This update modifies the current NOCVE for the module and adds support for the new Impact 9 Client Side features.
This update modifies the current NOCVE for the module and adds support for the new Impact 9 Client Side features.
Awingsoft Awakening (aka Winds3D) Viewer, which runs as a plugin within most popular web browsers, is vulnerable to a remotely exploitable arbitrary command execution vulnerability which can be triggered by making the user visit a malicious link/website.
PeaZIP allows user-assisted remote attackers to execute arbitrary commands via a compressed archive with a .TXT file whose name contains | (pipe) characters and a command.
BaoFeng Storm ActiveX control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input.
This module exploits a vulnerability in the Microsoft Office Works converter that could allow remote code execution via a specially crafted Works file.
This module exploits a vulnerability in Adobe Reader and Adobe Acrobat Professional .PDF files. The vulnerability is caused due to boundary errors in the customdictionaryopen() method in Javascript api. This can be exploited to cause a heap overflow when a specially crafted PDF file is opened.
This update corrects the CVE number for this exploit.
This update corrects the CVE number for this exploit.