The vulnerability is caused due to a boundary error when parsing the "UserID" value in the session cookie, which can be exploited to cause a stack-based buffer overflow.
The MQ Access Control Driver (mqac.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL (0x1965020F) to the vulnerable driver.
Yokogawa CS3000 is prone to a buffer overflow when handling specially crafted packets through UDP port 20010.
This module exploits a double-free vulnerability in "afd.sys" by calling to "AfdTransmiteFile" function with crafted parameters.
The On-Screen Keyboard application of Microsoft Windows is prone to a privilege escalation vulnerability when handling mouse input originated from a process running with Low Integrity Level. This vulnerability allows an agent running with Low Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
This module exploits a vulnerability in "tcpip.sys" by sending a large number of TCP packets with the Time Stamp option enabled.
This update adds support to network configuration parameters.
Besides, this update includes Windows 8.1 as supported.
This update adds support to network configuration parameters.
Besides, this update includes Windows 8.1 as supported.
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014.
This update solves an issue with the Internet Explorer version detection the module executes, that may show an error message in the browser and an indication of the browser not being supported in the web server module log, even when the version of the target browser is actually supported.
This update solves an issue with the Internet Explorer version detection the module executes, that may show an error message in the browser and an indication of the browser not being supported in the web server module log, even when the version of the target browser is actually supported.
This module exploits a remote code execution vulnerability in HP AutoPass License Server. The CommunicationServlet component in HP AutoPass License Server does not enforce authentication and has a directory traversal vulnerability allowing a remote attacker to execute arbitrary code trough a JSP page uploaded to the vulnerable server.
The /CFIDE/adminapi/customtags/l10n.cfm page in Adobe ColdFusion does not properly validate its attributes.file parameter. This can be abused by a remote unauthenticated attacker to execute arbitrary code on vulnerable servers.
The vulnerability is caused due to a boundary error in the processing of PRIVMSG IRC messages. This can be exploited to cause a stack-based buffer overflow by tricking a user into connecting to a malicious IRC server.
This update resolves SuspendOtherThread usage.
This update resolves SuspendOtherThread usage.