AdaptCMS version 3.0.3 suffers from an authenticated arbitrary command execution vulnerability. The issue is caused due to the improper verification of uploaded files. This can be exploited to execute arbitrary PHP code by creating or uploading a malicious PHP script file that will be stored in ‘appwebrootuploads’ directory.

AdaptCMS version 3.0.3 suffers from an open redirection vulnerability due to giving implied trust to the HTTP Referer header.

AdaptCMS version 3.0.3 suffers from multiple persistent cross site scripting vulnerabilities.

Open-Xchange Server 6 / OX AppSuite versions 7.6.1 and below suffer from a cross site scripting vulnerability.

Mantis BugTracker version 1.2.17 suffers from denial of service, potential cross site scripting, and arbitrary redirection vulnerabilities.

ManageEngine products Service Desk Plus, Asset Explorer, Support Center, and IT360 suffer from file upload and directory traversal vulnerabilities.

This Metasploit module exploits a local file inclusion vulnerability in HikaShop version 2.3.3.

Red Hat Security Advisory 2015-0009-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.