Nibbleblog contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. This Metasploit module was tested on version 4.0.3.

Red Hat Security Advisory 2015-1908-01 – Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use this flaw to cause a denial of service. It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console.

Red Hat Security Advisory 2015-1913-01 – The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes three vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-27 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

Gentoo Linux Security Advisory 201510-1 – A vulnerability in BIND could lead to a Denial of Service condition. Versions less than 9.10.2_p4 are affected.

CarolinaCon is now accepting speaker/paper/demo submissions for its 12th annual conference. This event will be held March 4th through the 6th, 2016 in Raleigh, NC, USA.

Kaboozu CMS suffers from a remote shell upload vulnerability.