The specific flaw exists within the 'factory' object's loadExtensionFactory method. The issue lies in a failure to validate the size of an attacker-supplied input before copying it into a fixed-size buffer on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process.

This module exploits a vulnerability in Internet Explorer 10/11 by downgrading the encryption from TLS 1.x to SSLv3.

After that, part of the encrypted text plain will be decrypted.

This module exploits a remote code execution vulnerability in HP Data Protector by sending a specially crafted request

This module exploits a heap-based buffer overflow in Adobe Flash Player. The bug is triggered by calling BitmapData.copyPixelsToByteArray() with a reference to a ByteArray that has its position property set very large, close to 2^32. This results in an integer overflow in 32-bit arithmetic and allows an attacker to take control of the target machine.

This update is to add the exploit in order to attack Drupal core CMS 7.x versions prior to 7.32 using default configuration (CVE-2014-3704).

This module exploits a Integer Overflow vulnerability in the HTTP Server by sending a malformed packet to the 80/TCP port to crash the application.

The vulnerability exists within the isObjectModel ActiveX control's RemoveParameter property in Schneider Electric DTM libraries.

The TCP/IP Driver (tcpip.sys) present in Microsoft Windows fails to sufficiently validate memory objects used during the processing of a user-provided IOCTL. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL (0x00120028) to the vulnerable driver.

Untrusted search path vulnerability in CorelDRAW X7 17.1.0.572, Corel Photo-Paint X7 17.1.0.572, Corel PaintShop Pro X7 17.0.0.199, Corel Painter 2015 14.0.0.728, Corel PDF Fusion 1.12 Build 16/04/2013 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as an .cdr, .cpt, .pspimage, .rif or .pdf file.

This vulnerabilities allows remote attackers writing to the host filesystem on vulnerable installations of software utilizing Oracle Forms and Reporting.