Test a web page's parameters trying to detect potential SQL Injection vulnerabilities.



The module can be configured to look for vulnerabilities in GET & POST parameters and cookies.



This update adds an additional trigger to the FAST set of SQL injection triggers for the SQL Injection analyzer to use.

The vulnerability exists within the QuickTimeVR.qtx component when processing a QTVRStringAtom having an overly large "stringLength" parameter. This can be exploited to cause a based buffer overflow and execute arbitrary code under the context of the user running the application.

This update adds support for Internet Explorer 6 and 8 and bypass DEP.

Also allows to send the mov file by email to open it directly with QuickTimePlayer.

The vulnerability is caused due to a boundary error within Simple Web Server when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command.

A stack buffer overflow exist in FlexNet License Server Manager due to the insecure usage of memcpy in the lmgrd service when handling crafted network packets.

The spywall/blocked_file.php script of Symantec Web Gateway allows remote unauthenticated users to upload files with arbitrary extensions. This can be abused by attackers to execute arbitrary PHP code on vulnerable systems.

This module exploits a remote format string vulnerability in FireFly Media Server by sending a sequence of HTTP requests to the 3689/TCP port.

The vulnerability is caused by scripts using "unserialize()" with user controlled input. This can be exploited to execute arbitrary PHP code via the "__destruct()" method of the "SugarTheme" class or passing an ad-hoc serialized object through the $_REQUEST['current_query_by_page'] input variable.

The vulnerability is caused due to an error when processing qcd chunk structure.

This vulnerability exists within the tm1admsd.exe component Of IBM Cognos TM1. This process listens on TCP port 5498 by default. Multiple opcodes fail to validate user supplied length and data fields before copying their contents to a fixed length buffer on the stack.

Unsafe type handling performed by the AtomicReferenceArray class of the Oracle Java Runtime Environment can be abused to cause a type confusion error.

This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.