This Metasploit module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled.

HP Security Bulletin HPSBGN03622 1 – A potential security vulnerability has been identified in the Apache Commons Collections (ACC) component in HPE Universal CMDB, HPE Universal Discovery, and HPE Universal CMDB Configuration Manager. The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.

HP Security Bulletin HPSBGN03623 1 – A potential security vulnerability has been identified in HPE Universal CMDB. The vulnerability could be exploited remotely to allow remote disclosure of sensitive information. Revision 1 of this advisory.

Debian Linux Security Advisory 3598-1 – Patrick Coleman discovered that missing input sanitising in the ADPCM decoder of the VLC media player may result in the execution of arbitrary code if a malformed media file is opened.

Ubuntu Security Notice 2995-1 – Yuriy M. Kaminskiy discovered that the Squid pinger utility incorrectly handled certain ICMPv6 packets. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly cause Squid to leak information into log files. Yuriy M. Kaminskiy discovered that the Squid cachemgr.cgi tool incorrectly handled certain crafted data. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

HP Security Bulletin HPSBGN03621 1 – Several potential security vulnerabilities have been identified in the OpenSSL library for HPE Universal CMDB. These vulnerabilities could be exploited remotely to allow disclosure of sensitive information. Revision 1 of this advisory.