This module exploits a buffer overflow vulnerability in the mDNSResponder service running on certain versions of Apple Mac OS X. The vulnerability is exploited remotely by sending a specially crafted UPnP Internet Gateway Device (IGD) packet and installing an agent.

This update adds port parameter.

The vulnerability is caused due to a boundary error in the included web server when processing HTTP requests. This can be exploited to cause a stack-based buffer overflow via an overly long GET request.

This module exploits a buffer overflow in Mozilla Firefox when parsing a malformed UTF-8 encoded URL.



This update appends info to the "Supported systems notes" section.

This module exploits a format string vulnerability in CUPS lppasswd in Apple Mac OS X 10.5.6 that allows local users to get code execution with elevated privileges.

This package specify the service to be attacked, taking the info from services.py.

A vulnerability has been identified in ISC BIND, which could be exploited by remote attackers to cause a denial of service. This issue is caused due to the "dns_db_findrdataset()" function failing when the prerequisite section of a dynamic update message contains a record of type "ANY" and where at least one RRset for this FQDN exists on the server, which could allow attackers to cause a vulnerable server to exit when receiving a specially crafted dynamic update message sent to a zone for which the server is the master.



This update adds more supported platforms to the exploit.

The vulnerability is caused due to the banner-edit.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to e.g. execute arbitrary PHP code by uploading a specially crafted PHP script that contains the GIF magic number.

Exploits a missing verification of the path in the command "sudoedit", provided by the sudo package. This can be exploited to e.g. execute any command as root including a shell, allowing an unprivileged process to elevate privileges to root.



This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

Apple iTunes is prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.



An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

phpMyAdmin is vulnerable to a remote code execution due the use of the unserialize method on user supplied data. This data is written in the config file and is accessible from the internet by default.