The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.



This update adds the 'one-shot' tag to the XML of the module.

The vulnerability is caused due to the banner-edit.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to e.g. execute arbitrary PHP code by uploading a specially crafted PHP script that contains the GIF magic number.

Exploits a missing verification of the path in the command "sudoedit", provided by the sudo package. This can be exploited to e.g. execute any command as root including a shell, allowing an unprivileged process to elevate privileges to root.



This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

phpMyAdmin is vulnerable to a remote code execution due the use of the unserialize method on user supplied data. This data is written in the config file and is accessible from the internet by default.

A buffer overflow vulnerability was found in the SYS_CONTEXT procedure in

Oracle Database Server allows a valid database user to execute arbitrary

code.



The vulnerability can be exploited by any valid database user with CONNECT privileges. The buffer overflow can then be exploited by calling the SYS_CONTEXT() function.



This module has two uses: One as a Remote Exploit, which needs authentication, and another as an SQL Injection OS Agent installer module, which needs an Oracle SQL Agent as a target.

Multiple vulnerabilities have been identified in Sun Java System Web Server, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system. These issues are caused by buffer overflow errors when processing malformed "TRACE" or "OPTIONS" requests, or overly long "Authorization: Digest" headers, which could be exploited by attackers to crash an affected server or execute arbitrary code. This exploit forces the server process to throw an unhandled exception and be restarted.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

Exploits an off-by-one bug in channel management code in OpenSSH.

This update excludes the module from automated attacks launched by the "Network Attack and Penetration" feature, since the module requires credentials of a known account on the vulnerable system, and hence won't work with default parameters.

This update fixes a documentation issue regarding supported platforms.

This module abuses the scripting functionality in Autodesk Maya to trigger remote code execution via a specially crafted file.

This module abuses the scripting functionality in Autodesk Softimage to trigger remote code execution via a project with an embedded script.