A denial of service vulnerability has been found in the way the multiple

overlapping ranges are handled by the Apache HTTPD server.

This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

RRSIG Queries can trigger a server crash in ISC BIND servers when Response Policy Zones is in use.

This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

This module exploits a local vulnerability in the set_fs function in the Linux kernel prior to 2.6.37.

With this update, RPT will prioritize newer exploits when attacking a target.

CakePHP is vulnerable to a file inclusion attack because of its use of the

"unserialize()" function on unchecked user input. This makes it possible

to inject arbitary objects into the scope.

The Administration Console of Oracle GlassFish Server is prone to an authentication bypass vulnerability, which can be achieved by performing HTTP TRACE requests. A remote unauthenticated attacker can exploit this in order to execute arbitrary code on the vulnerable server.

This module exploits a vulnerability in Java Bridge component of Zend Server.

The specific flaw exists within the code responsible for ensuring proper privileged execution of methods. If an untrusted method in an applet attempts to call a method that requires privileges, Java will walk the call stack and for each entry verify that the method called is defined within a class that has that privilege. However, this does not take into account an untrusted object that has extended the trusted class without overwriting the target method.



Additionally, this can be bypassed by abusing a similar trust issue with interfaces. An attacker can leverage these insecurities to execute vulnerable code under the context of the user invoking the JRE.



This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime. Authentication is not required to exploit this vulnerability.

This module exploits a local race-condition vulnerability in PolicyKit, which allows local users to execute arbitrary code with root privileges.

By including shell meta characters within the second parameter to the 'urt_test_url' XML-RPC methodCall, an attacker can execute arbitrary commands. The service typically runs with root privileges.