A vulnerability has been reported in Nagios, which can be exploited by malicious users to potentially compromise a vulnerable system.



Input passed to the "ping" parameter in statuswml.cgi is not properly sanitized before being used to invoke the ping command. This can be exploited to inject and execute arbitrary shell commands.



Additional research revealed that this parameter is vulnerable to Cross-Site Request Forgery. This module exploits the XSRF vulnerability in order to install an agent using the command injection vulnerability.

Opera is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer.

This update add Decouple feature.

The vulnerability is caused due to boundary errors in libpurple.dll within the processing of MSNSLP messages. This can be exploited to cause a stack-based buffer overflow without user interaction.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

This module exploits an array indexing vulnerability in Adobe Reader when handling a specially crafted PDF file.

This update adds support for Windows XP SP2, Windows 2000 Professional SP4 and improves reliability when exploiting from browsers.

HT-MP3Player contains a buffer prone to exploitation when handling .HT3 files, which can be exploited to cause a stack-based bufferoverflow via a specially crafted .HT3 file.

Adobe Acrobat Reader, and Flash Player are prone to a remote code-execution

by supplying a malicious Flash (.SWF) file or by embedding a malicious Flash application in a .PDF file.



WARNING: This is an early release module. This is not the final version of this module.

It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

This module exploits a vulnerability in VideoLan Media Player (VLC). A stack-based buffer overflow in the ParseRealText function in the Subtitle demux plugin (modules\demux\subtitle.c) in VLC Media Player 0.9.4 allows remote attackers to execute arbitrary code via a realtext RT media file with a header containing a crafted size value.

This module exploits a vulnerability in Mozilla Firefox 3.5 and installs an agent on the target machine.

This update adds support to mac os x.

Photo DVD Maker contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Photo DVD Maker when handling .PDM files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .PDM file.

This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted .SWF file.

WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.