ADB backup on Android version 4.0.4 allows for file overwrite via modified tar headers.

The doSendObjectInfo() method of the MtpServer class implemented in frameworks/av/media/mtp/MtpServer.cpp on Android 4.4 does not validate the name parameter of the incoming MTP packet, leading to a path traversal vulnerability.

WordPress Content Slide plugin version 1.4.2 suffers from cross site request forgery and stored cross site scripting vulnerabilities.

Many 112 ipTIME routers / modems / firewalls suffer from a remote root code execution vulnerability.

The Android backup agent implementation was vulnerable to privilege escalation and race condition. An attacker with adb shell access could run arbitrary code as the system (1000) user (or any other valid package). The attack is tested on Android OS 4.4.4.

WordPress Citizen Space plugin version 1.1 suffers from a cross site scripting vulnerability.

Local denial of service exploit for Mac OS X kernel versions prior to 10.10.3.

Wolf CMS version 0.8.2 suffers from a remote shell upload vulnerability.