This Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of DiskSavvy Enterprise versions 9.1.14 and 9.3.14, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on Windows XP SP3 and Windows 7 SP1.

SunOS version 5.11 remote ICMP weakness kernel denial of service exploit.

ntopng Web Interface version 2.4.160627 suffers from a cross site request forgery token bypass vulnerability.

Gentoo Linux Security Advisory 201701-48 – Multiple vulnerabilities have been found in Quagga, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 1.1.0-r2 are affected.

Red Hat Security Advisory 2017-0180-01 – The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties.