ECCMS version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

Mandriva Linux Security Advisory 2015-049 – A malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels.

Ubuntu Security Notice 2516-2 – USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. A flaw was discovered in the Kernel Virtual Machine’s (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. Various other issues were also addressed.

ATutor LCMS version 2.2 suffers from a cross site request forgery vulnerability.

BEdita CMS version 3.5.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. This is a POC to reproduce vulnerability. No exploitation here, just simple kernel panic.

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. This is a POC to reproduce vulnerability. No exploitation here, just simple kernel panic.

The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple “keyctl newring” operations followed by a “keyctl timeout” operation.

Fortimail version 5.2.1 suffers from reflective cross site scripting vulnerabilities.

NetCat CMS versions 1.1, 2.0, 2.1, 2.2, 2.3, 2.4, 3.0, and 3.12 suffer from multiple remote file inclusion vulnerabilities.