This Metasploit module exploits a vulnerability in a statement in the system programming guide of the Intel 64 and IA-32 architectures software developer's manual being mishandled in various operating system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS. This Metasploit module will upload the pre-compiled exploit and use it to execute the final payload in order to gain remote code execution.

This Metasploit module exploits an unauthenticated command execution vulnerability in Apache Hadoop through ResourceManager REST API.

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

VMware Security Advisory 2018-0017 - VMware Tools update addresses an out-of-bounds read vulnerability.

G DATA TOTAL SECURITY version 25.4.0.3 suffers from an active-x buffer overflow vulnerability.

A vulnerability allows local attackers to escalate privilege on TotalAV versions 4.1.7 through 4.6.19 because of weak "C:\Program Files\TotalAV" permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM.

In MicroWorld eScan Internet Security Suite (ISS) for Business version 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD).

OpenConext-EngineBlock versions 5.7.0 through 5.7.3suffers from a cross site scripting vulnerability.

Fortify SSC versions 17.10, 17.20, and 18.10 suffer from an out-of-band XML external entity injection vulnerability.

Barracuda ADC version 5.x suffers from cross site scripting vulnerabilities.

21 bytes small Linux x86_64 execve(/bin/sh) shellcode.

macOS and iOS suffer from a javascript injection bug in OfficeImporter.

Huawei eNSP version 1 suffers from a buffer overflow vulnerability that results in a denial of service condition.

Zeta Producer Desktop CMS versions 14.2.0 and below suffers from code execution and file disclosure vulnerabilities.

This Metasploit module exploits a remote code execution vulnerability that exists in Exchange Reporter Plus versions 5310 and below, caused by execution of bcp.exe file inside ADSHACluster servlet

CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.

phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1.

HP Security Bulletin MFSBGN03811 1 - An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC) allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Revision 1 of this advisory.

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system. RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.

Microsoft Edge Chakra JIT suffers from a type confusion vulnerability with hoisted SetConcatStrMultiItemBE instructions.

Ubuntu Security Notice 3714-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass CORS restrictions, obtain sensitive information, or execute arbitrary code. It was discovered that S/MIME and PGP decryption oracles can be built with HTML emails. An attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.

Red Hat Security Advisory 2018-2186-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include a remote SQL injection vulnerability.

Red Hat Security Advisory 2018-2185-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include a remote SQL injection vulnerability.

Ubuntu Security Notice 3716-1 - This update adds the latest DNSSEC validation trust anchor required for the upcoming Root Zone KSK Rollover.