The Admin framework in Apple OS X contains a hidden backdoor API to gain root privileges. A local user can exploit this flaw in the checking of XPC entitlements.
This module exploits a vulnerability in "Windows Secondary Logon Service" when it fails to properly manage request handles in memory. As a result, a system thread handle is obtained.
Jenkins is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the XStream Java library. By exploiting known methods, it is possible to remotely load a ProcessBuilder Java class, which allows the execution of system commands.
Exim installations compiled with Perl support do not perform sanitation of the environment before loading a perl script defined with perl_startup setting in exim config file. This can be exploited by malicious local attackers to gain root privileges.
The Filter function of the VBScript engine in Microsoft Internet Explorer is prone to a type confusion vulnerability when processing specially crafted parameters. This vulnerability allows attackers to execute arbitrary code on vulnerable machines by enticing unsuspecting users to visit a specially crafted website. In order to bypass ASLR, this module also exploits a memory disclosure vulnerability from the same Microsoft security bulletin. This second vulnerability exists in the IE JavaScript engine when dealing with ArrayBuffer objects.
The specific flaw exists within the implementation of the 0x13C83 opcode in the webvrpcs Service BwWebSvc.dll . A stack-based buffer overflow vulnerability exists in a call to sprint. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
This module exploits a vulnerability in the NVIDIA Stereoscopic 3D Driver Service. It will wait for users to login on the target system, installing agents for every user, until being able to install an agent for a user in the Built In Administrators group.
The amd64_set_ldt() function in sys/amd64/amd64/sys_machdep.c in the FreeBSD kernel code is prone to an integer signedness error when processing a system call with specially crafted parameters originated from user space. This issue ultimately leads to a kernel heap overflow, which can be used by unprivileged local attackers to cause a kernel panic and crash the machine.
This module exploits a SQL Injection vulnerability in Joomla which allows gathering of users and password hashes by parsing SQL output errors
A vulnerability exists in the FileUpload2Controller servlet. This servlet allows unauthenticated file uploads. By uploading a JSP file, an attacker can achieve remote code execution.