A stack-based buffer overflow in WECON LeviStudioU Editor allows an attacker to execute arbitrary code via crafted .UMP file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

CMS Made Simple is vulnerable to an authenticated php remote file inclusion, allowing attackers to execute arbitrary php code in the system.

The vulnerability is caused due to a boundary error when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted file of said extension.

This module exploits an uninitialised stack variable vulnerability in "nxfs.sys" by calling to DeviceIoControl function using IOCTL 0x00222014 and 0x00222030 with crafted parameters.

This exploit executes code at a user-defined (local) path as SYSTEM, when the execute_installer parameter is used in an HTTP message. This occurs without properly authenticating the user

This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting an invalid pointer reference in Internet Explorer.

This module uses a OS Command Injection vulnerability present in Cisco UCS Manager ping function to gain arbitrary code execution on the affected system.

This module uses a Privilege escalation vulnerability in QNAP Qcenter Virtual Appliance and an OS Command Injection vulnerability to gain arbitrary code execution on the affected system.

This module exploits a double free when parsing a specially crafted .PDF file.

This module uses an Authentication Bypass vulnerability in Apache CouchDB and an OS Command Injection vulnerability to gain arbitrary code execution on the affected system.