A Heap Overflow vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server.

This version improves the detection of the effectiveness in non-vulnerable targets.

This update adds support for new platforms to the MS17-010 exploitation such as Windows 7 Embedded Standard edition, and also 32 bits targets.

Path traversal vulnerability in WinRAR when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

The user can write 0 where he wants. This can be used to write SecurityDescriptor and write system processes. Therefore we can elevate privileges.

A Heap Overflow vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server.

This update improves the module to bypass UAC by adding support for Windows 10.

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated local attacker, to execute arbitrary commands with SYSTEM user privileges.

Dokan redistributable are vulnerable to a buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability.

This update adds an exploit which implements the Rotten Potato technique to perform a Local Privilege Escalation.



It leverages on local DCOM DCE/RPC connections that can be reflected back to a listening TCP socket allowing access to an NTLM authentication challenge for LocalSystem user which can be replayed to the local DCOM activation service. An attacker who successfully exploited this vulnerability could bypass security and gain elevated privileges on a targeted system.

Oracle Database Server is prone to a remote vulnerability that allows attackers to poison the data handled by the remote 'TNS Listener' component of the application.

This module tries to verify if the vulnerability is present in the 'TNS Listener' component of the database server, without deploying an agent.