The GNU C library (GNU glibc) is prone to a local privilege-escalation vulnerability. This module exploits the vulnerability to install an agent with root privileges.

WARNING: This is an early release module. This is not the final version of this module.

It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations.

Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

A vulnerability exists in the TinyMCE editor, included in the tiny browser plugin, which allows uploading files without authentication. This can be exploited to upload files with multiple extensions and execute arbitrary PHP code.

This update adds support for Solaris platforms.

An input sanitization flaw was found in the way JBoss Seam processes certain parameterized JBoss Expression Language (EL) expressions. A remote unauthenticated attacker could use this flaw to execute arbitrary code via GET requests, containing specially-crafted expression language parameters, provided to web applications based on the JBoss Seam framework.



This module exploits the vulnerability in any web application based on vulnerable versions of the Seam 2 framework.

The ParametersInterceptor class of XWork framework, part of the Struts 2 web framework, as shipped with Atlassian FishEye, does not properly restrict access to server-side objects. This can be exploited by remote unauthenticated attackers to modify server-side objects and e.g. execute arbitrary commands via specially crafted OGNL (Object-Graph Navigation Language) expressions.

An important vulnerability has been identified in ColdFusion version 8.0, 8.0.1, 9.0, 9.0.1 for Windows, Macintosh and UNIX. This directory traversal vulnerability could lead to information disclosure (CVE-2010-2861). Adobe has provided a solution for this reported vulnerability. It recomends that users update their product.

Linux kernel is prone to a local privilege-escalation vulnerability because the software fails to verify access permissions.



A local user can invoke the Ext4 'move extents' ioctl call, with certain options to execute arbitrary code and gain privileged access.



Successful exploits will result in the complete compromise of affected computers.

PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps.A local attacker could exploit this to gain root privileges.

This module exploits a Chuggnutt HTML to Text Converter preg_replace using eval switch in multiple web applications in order to install an agent.



Currently, this module supports AtMail Open and RoundCube Webmail.

This module exploits a vulnerability in the udp_sendmsg function in the UDP implementation in net/ipv4/udp.c and net/ipv6/udp.c in the Linux kernel before 2.6.19 allowing local users to gain privileges via vectors involving the MSG_MORE flag and a UDP socket.

The vulnerability is caused due to boundary errors in libpurple.dll within the processing of MSNSLP messages. This can be exploited to cause an arbitrary write without user interaction.



This module updates the MSN library, because of minor changes in the handling of the HTTP encapsulation of the MSN protocol within the Microsoft MSN server.