This module exploits a remote stack-based buffer overflow in Wavelink Avalanche Manager by sending a malformed packet to the 1777/TCP port.

An elevation of privilege vulnerability exists due to the Windows kernel improperly validating input passed from user mode to the kernel. The vulnerability could allow an attacker to run code with elevated privileges.

PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal.

This module tries to determine remotely, if the target host is either vulnerable to CVE-2023-39143 or not.

An SQL Injection Vulnerability in Progress MOVEit Transfer allows unauthenticated remote attackers to execute system commands.

The specific flaw exists within the Tablet Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.

The method exportXFAData has inadvertently exposed a dangerous loophole that can allow a remote attacker to execute arbitrary code on the victim's system. The exploitation process requires the victim's interaction, meaning a potential attacker would need to convince the target to visit a malicious web page or open a corrupted file. The victim's susceptibility to social engineering thus significantly increases the risk factor of this vulnerability.

The cause of the vulnerability is due to the lack of a strict bounds check for some fields in the Base Block for the base log file (BLF) in CLFS.sys. This issue can lead to a Privilege Escalation.

A denial of service vulnerability exists in DHCPv6 service when an unauthenticated attacker connects to the target system and sends specially crafted requests.

An SQL Injection Vulnerability in Progress MOVEit Transfer allows unauthenticated remote attackers to execute system commands.

HP Hardware Diagnostics EtdSupp driver is potentially vulnerable to buffer overflow and/or elevation of privilege.