The code that handles the 'Range' HTTP header in the HTTP.sys driver in Microsoft Windows, which is used by Internet Information Services (IIS), is prone to an integer overflow vulnerability when processing a specially crafted HTTP request with a very long upper range.



This integer overflow vulnerability can be leveraged to generate a memory disclosure condition, in which the HTTP.sys driver will return more data than it should from kernel memory, thus allowing remote unauthenticated attackers to obtain potentially sensitive information from the affected server.

This module exploits, via a "Man In The Middle" attack, a security flaw in the Domain Controller policies downloaded by clients during the logging process

This module exploits a vulnerability in the ClearSCADA Server service by sending a malformed packet to the 5481/TCP port to crash the application.



This Update increases the MAX TRIES default value because it has not been reliable.

The specific flaw exists within FastBackMount.exe which listens by default on TCP port 30051. When handling opcode 0x09 packets, the process blindly copies user supplied data into a stack-based buffer within CMountDismount::GetVaultDump. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

This exploit add support for x86_64.

A cross-site scripting vulnerability exists in the comments rendering in Wordpress 4.1.1 and previous versions. This exploit abuses a persistent cross site scripting vulnerability in Wordpress to install an OS Agent in the server running the Wordpress installation. This update includes a module that posts a comment with the cross site scripting code as a comment in a Wordpress post. The javascript code will attempt to install a Wordpress plugin everytime the post comment is rendered. The plugin will in turn install an OS agent in the server running Wordpress.



This update adds the option to use the module in a verification mode, so a comment can be posted to verify if it would be moderated with the current webapps scenario in use.

The AVG Administration Server is vulnerable to arbitrary configuration settings. Due to insufficient input validation, an attacker can use the StoreServerConfig command (command id 0x27) to set the value of the ClientLibraryName parameter to a UNC path. The provided value can be a path to a network share containing a malicious .dll file. This .dll file will be executed in the context of the AVG Administration Server service which runs as SYSTEM.

Oracle Database Server Core RDBMS component is prone to a remote vulnerability that allows attackers to exploit a stack-based buffer overflow in the EXECUTE procedure of DBMS_AW.

Using an overly long parameter in the CDA command with the previous procedure, a stack-based buffer overflow will occur, overwriting the saved return address.

This module requires database user credentials with 'Create Session' privilege.

Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call.

The KVMTest method in the com.ubuntu.USBCreator D-Bus service in Ubuntu Linux can invoke the kvm binary with root privileges using an arbitrary environment provided by an unprivileged user.

This flaw can be leveraged by a local unprivileged attacker to gain root privileges.

This module exploits a vulnerability in Citrix NetScaler server. Citrix NetScaler is prone to a memory-corruption vulnerability when handling certain SOAP requests.



This update improves exploit reliability.