A vulnerability exists in the UploadServlet servlet. By providing a filename header containing a directory traversal, an attacker can upload a file to an arbitrary location on the system.

This module abuses the auto deploy feature in the server in order to achieve remote code execution.

A vulnerability exists in the UploadFileAction servlet. By providing a fileType parameter of "*" to the UploadFileUpload page, an attacker can upload a file to an arbitrary location on the system.

This module abuses the auto deploy feature in the server in order to achieve remote code execution. Also, this module makes use of an authentication bypass vulnerability to perform the attack.

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and perform a transition from Low Integrity to Medium Integrity via unspecified vectors, a different vulnerability than CVE-2015-4446 and CVE-2015-5106.

This module exploits a COM Server-based Binary Planting vulnerability on Microsoft Windows using a word document to deploy an agent.

This update adds other vulnerable dlls to the exploitation and other platforms and architectures.

This module exploits a COM Server-based Binary Planting vulnerability on Microsoft Word to deploy an agent.

This version adds wow64 support.

Spring Boot Framework 1.2.7 provides a default error page (also known as "Whitelabel Error Page"), that's prone to Spring Expression Language injection when the type of a parameter expected is not expected to be a string but a string is provided. Applications based on Spring Boot that don't deactivate the feature, or customize it in such a way as to stop the injection, are thus susceptible to execution of some Java statements and, in particular, to OS command injections.



This module checks all the parameters in the given pages and, if at least one parameter is vulnerable to the injection, installs an OS Agent.

This module exploits a COM Server-based Binary Planting vulnerability on Microsoft Windows using a word document to deploy an agent.

The specific flaw exists within BeginPreRead() processing. When handling malformed 0x7f77 type fields.

The Group Policy implementation in Microsoft Windows does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share.

A vulnerability in the Network Driver Interface Standard (NDIS) implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to trigger buffer overflow.



This allows unprivileged local users to cause an invalid dereference in kernel mode, which produces a BSoD.