The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

The Java Startup Framework (jstart) in SAP Application server for Java allows remote attackers to cause a denial of service via a crafted request. SAP NetWeaver AS JAVA versions 7.2 through 7.4 are affected.

Internet Communication Manager (ICMAN/ICM) in SAP JAVA AS version 7.4 allows remote attackers to cause a denial of service (possible heap corruption IctParseCookies()) via a crafted HTTP request.

This Metasploit module exploits an arbitrary file download vulnerability in the DarkComet C&C server versions 3.2 and up. The exploit does not need to know the password chosen for the bot/server communication.

SSHC version 5.0 is susceptible to an encrypted database content theft vulnerability.

YetiForce CRM versions prior to 3.1 suffer from a persistent cross site scripting vulnerability.

Radiant CMS version 1.1.3 suffers from multiple persistent cross site scripting vulnerabilities.

Yona CMS version 1.3.x suffers from a cross site request forgery vulnerability.

Ionize CMS versions 1.0.8 and below suffer from a cross site request forgery vulnerability.

Joomla Publisher component version 3.0.11 suffers from a remote SQL injection vulnerability.