This module exploits a TinyWebGallery local file-include vulnerability because TinyWebGallery fails to properly sanitize user-supplied input. The module takes advantage of the logging capabilities of the attacked software to remotely execute arbitrary code.



This update fixes some issues related with an updated library.

Support for various platforms was added.

This module exploits a vulnerability present in PineApp Mail-SeCure. The specific flaw exists within the component ldapsynchnow.php, which lacks proper sanitization, thus allowing command injection.

This module exploits a vulnerability in "win32k.sys" by calling to the "TrackPopupMenuEx" function.

Exploits a buffer overflow in the Apache Connector of Oracle WebLogic Server (formerly known as BEA WebLogic Server). The target path used when launching this module against an Apache Server must be handled by the Apache Connector or the exploit will not succeed.



This update changes the default connection method for the module.

This module exploits a buffer overflow vulnerability present in Nginx by bypassing the stack cookie protection and by reordering the TCP packets to make it reliable.

This module exploits a file disclosure vulnerability on Foscam IP cameras. Due to improper access restrictions, it is possible for a remote unauthenticated attacker to read arbitrary files from the /tmpfs/ and /log/ directories. This can be exploited to obtain valuable information such as access credentials, Wi-Fi configuration and other sensitive information in plain text.

This module exploits a vulnerability in Oracle Java. The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataBitOffset" boundary checks. This vulnerability allows for remote code execution.

This module exploits a vulnerability in Oracle Java. The vulnerability is an invalid array indexing that exists within the native IntegerInterleavedRaster.verify() function inside jre/bin/awt.dll

This module exploits a vulnerability in Oracle Java. The vulnerability is an invalid array indexing that exists within the native storeImageArray() function inside jre/bin/awt.dll.

This module connects to Telephony Service and sends a message via lineSetAppPriorityW winapi32 producing a buffer overflow and installs an agent.



This update fixes a bug that occurs when this module is launched by RPT, with a newer Windows platform such as Windows Seven as target.