This Metasploit module exploits a vulnerability in the Watchguard XCS ‘FixCorruptMail’ script called by root’s crontab which can be exploited to run a command as root within 3 minutes.

X2Engine version 4.2 suffers from cross site request forgery vulnerabilities.

X2Engine version 4.2 suffers from a remote arbitrary file upload vulnerability.

X2Engine version 4.2 suffers from multiple cross site scripting vulnerabilities.

Ubuntu Security Notice 2746-2 – USN-2746-1 fixed a vulnerability in Simple Streams. The update caused a regression preventing MAAS from downloading PXE images. This update fixes the problem. It was discovered that Simple Streams did not properly perform gpg verification in some situations. A remote attacker could use this to perform a man-in-the-middle attack and inject malicious content into the stream. Various other issues were also addressed.

Gentoo Linux Security Advisory 201509-7 – Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.521 are affected.

Debian Linux Security Advisory 3368-1 – It was discovered that cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, does not properly handle certain invalid password salts. A remote attacker can take advantage of this flaw to cause a denial of service.