This module exploits a stack based buffer overflow in Netsupport Agent via a long control hostname to TCP port 5405.

This module exploits a vulnerability on "i386_set_ldt" function of "mach_kernel" creating a "call gate" entry in the LDT.

In error.php, PhpMyAdmin permits users to insert text and restricted tags (like BBCode). With the tag [a@url@page]Click Me[/a] you can insert your own page, and redirect all users to that page. This can be used to direct users to a page hosting an OS agent.

This module exploits a Remote Code Execution vulnerability in Mantis

version 1.1.3 when handling the sort parameter in manage_proj_page without

the proper validation that leads to a remote code execution on Mantis' Web

server.

This update adds support for the OSX platform.

This module exploits a Remote Code Execution vulnerability in Mantis

version 1.1.3 when handling the sort parameter in manage_proj_page without

the proper validation that leads to a remote code execution on Mantis' Web

server.

This update adds support for the AIX platform.

The problem is that "ARDAgent", which is owned by "root" and has the setuid bit set, can be invoked to execute shell commands via AppleScript (e.g. through "osascript"). This can be exploited to execute arbitrary commands with root privileges.

This update fixes the previously assigned CVE.

A sign mismatch error exist in ATSServer when handling the last offset value of the CharStrings INDEX structure.

This update adds support for Solaris platforms.

This module exploits a missing verification of the path in the command "sudoedit", provided by the sudo package. This can be exploited to execute any command as root including a shell, allowing an unprivileged process to elevate its privileges to root.



This update adds OSX 10.6 (Snow Leopard) as supported target.