This module exploits a remote code execution vulnerability in Tomcat Web Server by using an default user account to upload an arbitrary file.
This module exploits a vulnerability in the Client System Analyzer component of the Oracle Database Server.
This module exploits a vulnerability in VideoLan Media Player (VLC). A memory corruption vulnerability in the MKV demuxer plugin (ibmkv_plugin) in VLC Media Player 1.1.6.1 and earlier allowing remote attackers to execute arbitrary code via a MKV media file.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is required to exploit this vulnerability in that a logged in user must be coerced into visiting a malicious link. The specific flaw exists within the ScheduleTask method exposed by the IMAdminSchedTask.asp page hosted on the web interface. This function does not properly sanitize user input from a POST variable before passing it to an eval call. An attacker can abuse this to inject and execute arbitrary ASP under the context of the user visiting the malicious link.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is required to exploit this vulnerability in that a logged in user must be coerced into visiting a malicious link. The specific flaw exists within the ScheduleTask method exposed by the IMAdminSchedTask.asp page hosted on the web interface. This function does not properly sanitize user input from a POST variable before passing it to an eval call. An attacker can abuse this to inject and execute arbitrary ASP under the context of the user visiting the malicious link.
This module exploits a buffer overflow vulnerability in Lotus Notes 8.5.2 when parsing a malformed, specially crafted AS (Applix Spreadsheet) file.
The vulnerability is caused due to a boundary error in VisiWave Site Survey Report when handling report files. This can be exploited to cause a stack based buffer overflow via a specially crafted .VWR file. This module bypass DEP using ROP techniques.
This module exploits a remote stack-based buffer overflow in IGSSdataServer by sending a malformed packet to the 12401/TCP port.
This version add CVE.
This version add CVE.
Buffer overflow in Microsoft Office Excel allows remote attackers to execute arbitrary code via a crafted .XLS file with a malformed HFPicture (0x866) record.
QuickTime has a backdoor in QTPlugin.ocx implemented during development cycle, this can be used by execute arbitrary code under the context of the browser.
This version add CVE.
This version add CVE.