Exploits a buffer overflow in the Apache Connector of Oracle WebLogic Server (formerly known as BEA WebLogic Server). The target path used when launching this module against an Apache Server must be handled by the Apache Connector or the exploit will not succeed.



This update changes the default connection method for the module.

This module exploits a vulnerability in Oracle Java. The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataBitOffset" boundary checks. This vulnerability allows for remote code execution.

This module exploits a vulnerability in Oracle Java. The vulnerability is an invalid array indexing that exists within the native IntegerInterleavedRaster.verify() function inside jre/bin/awt.dll

This module exploits a vulnerability in Oracle Java. The vulnerability is an invalid array indexing that exists within the native storeImageArray() function inside jre/bin/awt.dll.

This module connects to Telephony Service and sends a message via lineSetAppPriorityW winapi32 producing a buffer overflow and installs an agent.



This update fixes a bug that occurs when this module is launched by RPT, with a newer Windows platform such as Windows Seven as target.

This module exploits a use after free in Internet Explorer by using a SetMouseCapture vulnerability in MSHTML.



This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

This module exploits a use after free in Internet Explorer by using a SetMouseCapture vulnerability in MSHTML.



This update fixes a typo in the name of the module.



This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

The vulnerability is caused due to a boundary error within the authentication process. This can be exploited to cause a stack-based buffer overflow by sending an overly long, specially-crafted password to the affected server. This update adds CVE Number.

This module exploits a stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process.

Allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.



This update fixes a bug that occurs when this module is launched by RPT, with a newer Windows platform such as Windows Seven as target.

An error in the way that the Windows kernel handles string atoms when registering a new window class allows unprivileged users to re-register atoms of privileged applications.

This vulnerability can be exploited by local unprivileged users to execute arbitrary code with SYSTEM privileges.