Under certain conditions, the module may run into an "The handle is invalid" while obtaining registry keys and values from the victim machine. The fix is to retry a couple of times, and hope we don't hit the race condition again.
However, I see no way to actually seeing the webvulns in framework after importing the report.
In posix, a command like "echo 'foo bar'" would previously get parsed out into arguments for execve like [ "echo", "'foo", "bar'" ] which obviously isn't what you want. After this commit, it sticks the whole thing in an arg to sh so the execve call ends up looking like execve("/bin/sh", ["sh", "-c", "echo 'foo bar'"], [/* 26 vars */]) = 0 This is still a little less than ideal because shell escapes become a problem; fortunately, that's easy to deal with on the client side as long as module developers take it into account.