This module exploits an exceptional condition in "lsasrv.dll" by sending a crafted "Session Setup Request" SMBv1 or SMBv2 packet that is affected during the NTML Auth message.
This module exploits a vulnerability in Microsoft Office Word. The flaw is related in how Microsoft Word handles OleLink objects. It is possible to open a RTF file and execute arbitrary code in vulnerables installations of Microsoft Office Word. This vulnerability was originally seen being exploited in the wild starting in October 2016.
Sync Breeze Enterprise is prone to a buffer-overflow vulnerability when handling a crafted GET request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.
HP Intelligent Management Center is prone to a remote vulnerability that allows attackers to execute commands under the context of system.
The vulnerability exists within the WdMacCtl ActiveX control This module runs a web server waiting for vulnerable clients (Internet Explorer 8) to connect to it.
Use After Free in Microsoft Office allows remote attackers to execute arbitrary code via crafted EPS file in an Office document, leading to improper memory allocation.
This module exploits a vulnerability on target via a SMB crafted packet.
DiskBoss server is prone to a buffer-overflow vulnerability when handling a crafted GET request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.
An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java object to the Jenkins CLI, making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading to code execution, bypassing existing protection mechanisms. This can be exploited by malicious local attackers to gain SYSTEM privileges on Windows targets.
A buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header in a PROPFIND request.