JBoss Application Server is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the commons-collections java library. By exploiting known methods, it is possible to remotely load a InvokerTransformer java class, wich allows the execution of system commands.

The specific flaw exists in ELCSimulator.exe when handling specially crafted TCP packets.

Cisco Prime Infrastructure is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the xmpDataOperationRequestServlet servlet. By exploiting known methods, it is possible to remotely load a ProcessBuilder Java class, which allows the execution of system commands.

Atlassian Bamboo is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the commons-collections Java library. By exploiting known methods, it is possible to remotely load a InvokerTransformer Java class, wich allows the execution of system commands.

This module exploits a vulnerability in win32k.sys by creating special Windows menus with crafted parameters.

This module exploits a design flaw in Microsoft Windows. By spoofing NBNS responses, an unprivileged user can abuse a local HTTP->SMB credentials reflection vulnerability to install an agent. If that approach fails, on supported platforms the exploit falls back to a local WEBDAV->SMB credential reflection (MS16-075).

This module exploits a vulnerability in Microsoft Windows MRXDAV.SYS driver. This vulnerability allows a local attacker to execute arbitrary code with SYSTEM privileges in a vulnerable target.

This module exploits a vulnerability in the Linux kernel related to the netfilter target_offset field. This vulnerability can be exploited by a local unprivileged attacker to gain root privileges.

The ioctl handler in the atkbd keyboard driver in FreeBSD is prone to a signedness error, which can lead to a buffer overflow in the kernel when processing a SETFKEY ioctl message with specially crafted values. This vulnerability can be exploited by a local unprivileged attacker to gain root privileges. In order to reach the vulnerable code in the keyboard driver, the exploit needs a virtual terminal (/dev/ttyv*) allocated for the user under which the initial agent is running. Virtual terminals are allocated when a user logs into the physical machine, as opposed to the pseudo-terminals (/dev/pts/*) which are allocated when accessing a system via a SSH shell, for example. This module can be configured to keep waiting for an accessible virtual terminal, by setting the Advanced/TIME LIMIT parameter to the desired maximum amount of minutes to wait for.

Wireshark is prone to a vulnerability that may allow execution of riched20.dll.dll if this module is located in the same folder than .PCAP file.