This Metasploit module exploits a remote code execution vulnerability in PHP Utility Belt, which is a set of tools for PHP developers and should not be installed in a production environment, since this application runs arbitrary PHP code as an intended functionality.

SAP Download Manager is a Java application offered by SAP that allows downloading software packages and support notes. This program stores the user’s settings in a configuration file. Sensitive values, such as the proxy username and password if set, are stored encrypted using a fixed static key. Versions up to 2.1.142.

The Samsung SW Update tool version 2.2.5.16 suffers from a man-in-the-middle vulnerability.

Security Explorations has released details and a proof of concept to bypass a broken security fix found in the Oracle Java SE fix from September, 2013.

A Linux IPv4 firewall and traffic shaper for single hosts to small and mid-sized networks. It allows flexible rule creation, while also shipping with presets for common needs. Rules are written in simple XML, allowing various ways to group and nest the iptables arguments. An interactive mode is available in order to build configuration files in a wizard based manner. Extensive documentation is also included.

This summary lists one bulletin that is added to the March, 2016 Microsoft security bulletin.

A remote attacker may crash or execute arbitrary code in libotr by sending large OTR messages. While processing specially crafted messages, attacker controlled data on the heap is written out of bounds. No special user interaction or authorization is necessary in default configurations. libotr versions 4.1.0 and below are affected.

PuTTY / PSCP versions 0.66 and below suffer from a buffer overflow vulnerability. Proof of concept code included.

Ubuntu Security Notice 2926-1 – Markus Vervier discovered that OTR incorrectly handled large incoming messages. A remote attacker could use this issue to cause OTR to crash, resulting in a denial of service, or possibly execute arbitrary code.