A DLL side loading vulnerability was found in the VMware Host Guest Client Redirector, a component of VMware Tools. This issue can be exploited by luring a victim into opening a document from the attacker’s share. An attacker can exploit this issue to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system. If the WebDAV Mini-Redirector is enabled, it is possible to exploit this issue over the internet.

The NVRmini 2 Network Video Recorder and the ReadyNAS Surveillance application are vulnerable to an unauthenticated remote code execution on the exposed web administration interface. This results in code execution as root in the NVRmini and the ‘admin’ user in ReadyNAS. This exploit has been tested on several versions of the NVRmini 2 and the ReadyNAS Surveillance. It probably also works on the NVRsolo and other Nuuo devices, but it has not been tested in those devices.

Routers manufactured by Netcore, a popular brand for networking equipment in China, have a wide-open backdoor that can be fairly easily exploited by attackers. These products are also sold under the Netis brand name outside of China. This backdoor allows cyber criminals to easily run arbitrary code on these routers, rendering it vulnerable as a security device. Some models include a non-standard echo command which doesn’t honor -e, and are therefore not currently exploitable with Metasploit. See URLs or module markdown for additional options.

The NVRmini 2 Network Video Recorder, Crystal NVR and the ReadyNAS Surveillance application are vulnerable to an authenticated remote code execution on the exposed web administration interface. An administrative account is needed to exploit this vulnerability. This results in code execution as root in the NVRmini and the ‘admin’ user in ReadyNAS. This exploit has been tested on several versions of the NVRmini 2, Crystal and the ReadyNAS Surveillance. It probably also works on the NVRsolo and other Nuuo devices, but it has not been tested in those devices.

SAP CAR archive tool suffers from security bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2016-1589-01 – IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR9-FP50. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

Ubuntu Security Notice 3060-1 – It was discovered that the GD library incorrectly handled certain malformed TGA images. If a user or automated system were tricked into processing a specially crafted TGA image, an attacker could cause a denial of service. It was discovered that the GD library incorrectly handled memory when using gdImageScale. A remote attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

Ubuntu Security Notice 3059-1 – It was discovered that xmlrpc-epi incorrectly handled lengths in the simplestring_addn function. A remote attacker could use this issue to cause applications using xmlrpc-epi such as PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Cisco Security Advisory – A vulnerability in the driver processing functions of Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a memory leak on the route processor (RP) of an affected device, which could cause the device to drop all control-plane protocols and lead to a denial of service condition (DoS) on a targeted system. The vulnerability is due to improper handling of crafted, fragmented packets that are directed to an affected device. An attacker could exploit this vulnerability by sending crafted, fragmented packets to an affected device for processing and reassembly. A successful exploit could allow the attacker to cause a memory leak on the RP of the device, which could cause the device to drop all control-plane protocols and eventually lead to a DoS condition on the targeted system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. However, there are mitigations for this vulnerability.

Red Hat Security Advisory 2016-1592-01 – Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. Security Fix: A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed.