High-Tech Bridge Security Research Lab discovered a security vulnerability in the eShop WordPress Plugin, which can be exploited by remote attackers to overwrite arbitrary PHP variables within the context of the vulnerable application. The vulnerability exists due to insufficient validation of user-supplied input in the “eshopcart” HTTP cookie. Successful exploitation of this vulnerability may potentially result in arbitrary PHP code execution.

The F5 ASM is a web application firewall designed to protect web applications from attacks. Due to the way that the system processes JSON content, it’s possible to bypass the ASM using a crafted request to a URL that processes both JSON and regular URL encoded requests. Versions 11.4.0 and 11.4.1 are confirmed vulnerable.

BIG-IQ version 0.0.7028 appears to disclose user passwords that are encrypted via an insecure direct object reference vulnerability and allows for user enumeration.

Ubuntu Security Notice 2597-1 – A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

Red Hat Security Advisory 2015-0938-01 – OpenStack Image Service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. Multiple flaws were found in the glance task API that could cause untracked image data to be left in the back end. A malicious user could use these flaws to deliberately accumulate untracked image data, and cause a denial of service via resource exhaustion.