This Metasploit module exploits a vulnerability in the update functionality of Malwarebytes Anti-Malware consumer before 2.0.3 and Malwarebytes Anti-Exploit consumer 1.03.1.1220. Due to the lack of proper update package validation a man-in-the-middle attacker could execute arbitrary code by spoofing the update server data-cdn.mbamupdates.com and uploading an executable. This Metasploit module has been tested successfully with MBAM 2.0.2.1012 and MBAE 1.03.1.1220.

EMC Documentum D2 suffers from sensitive information disclosure and privilege escalation vulnerabilities.

Fork CMS version 3.8.5 suffers from a remote SQL injection vulnerability.

Debian Linux Security Advisory 3153-1 – Multiples vulnerabilities have been found in krb5, the MIT implementation of Kerberos.

Cisco Security Advisory – A vulnerability in the administrative web interface of Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary commands on the affected system and on the devices managed by the affected system. The vulnerability is due to improper user input validation. An attacker could exploit this vulnerability by crafting input into the affected fields of the web interface.

Red Hat Security Advisory 2015-0126-01 – The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A heap-based buffer overflow was found in glibc’s __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

Red Hat Security Advisory 2015-0125-01 – Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release serves as a replacement for Red Hat JBoss Web Framework Kit 2.6.0, and includes bug fixes and enhancements.

Ubuntu Security Notice 2494-1 – Francisco Alonso discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to crash, resulting in a denial of service. Thomas Jarosch discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to hang or crash, resulting in a denial of service. Thomas Jarosch discovered that file incorrectly limited recursion. An attacker could use this issue to cause file to hang or crash, resulting in a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 2469-2 – USN-2469-1 fixed vulnerabilities in Django. The security fix for CVE-2015-0221 introduced a regression on Ubuntu 10.04 LTS and Ubuntu 12.04 LTS when serving static content through GZipMiddleware. This update fixes the problem. Various other issues were also addressed.