This Metasploit module will edit /etc/rc.local in order to persist a payload. The payload will be executed on the next reboot.

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Ubuntu Security Notice 3745-1 - It was discovered that wpa_supplicant and hostapd incorrectly handled certain messages. An attacker could possibly use this to access sensitive information.

Debian Linux Security Advisory 4279-1 - Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of page-faults. This flaw could allow an attacker controlling an unprivileged process to read memory from arbitrary (non-user controlled) addresses, including from the kernel and all other processes running on the system or cross guest/host boundaries to read host memory.

Red Hat Security Advisory 2018-2526-01 - Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Issues addressed include code execution and traversal vulnerabilities.

Red Hat Security Advisory 2018-2523-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. Issues addressed include an information exposure vulnerability.

MC MyIT Java System Solutions SSO plugin version 4.0.13.1 suffers from a cross site scripting vulnerability.

Red Hat Security Advisory 2018-2331-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security fix: memcached: UDP server support allows spoofed traffic amplification DoS For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2018-2524-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include information exposure.

SEIG Modbus version 3.4 suffers from a denial of service vulnerability.

MyBB Moderator Log Notes plugin version 1.1 suffers from a cross site request forgery vulnerability.

Red Hat Security Advisory 2018-2332-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2018-2511-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include a memory disclosure vulnerability.

WordPress Chained Quiz plugin versions 1.0.8 and below suffer from a remote SQL injection vulnerability.

SEIG Modbus version 3.4 suffers from a remote code execution vulnerability.

SEIG SCADA System version 9 suffers from a remote code execution vulnerability.

Zortam MP3 Media Studio version 23.95 suffers from a denial of service vulnerability.

Restorator 1793 suffers from a denial of service vulnerability.

Geutebruck re_porter 16 versions prior to 7.8.974.20 suffer from a cross site scripting vulnerability.

Geutebruck re_porter 16 versions prior to 7.8.974.20 suffer from a credential disclosure vulnerability.

Slackware Security Advisory - New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

Debian Linux Security Advisory 4278-1 - Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in HTTP request smuggling.

WordPress Ninja Forms plugin version 3.3.13 suffers from a CSV injection vulnerability.

Slackware Security Advisory - New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.