The Joomla Weblinks component suffers from a remote shell upload vulnerability.

Autobahn|Python incorrectly checks the Origin header when the ‘allowedOrigins’ value is set. This can allow third parties to execute legitimate requests for WAMP WebSocket requests against an Autobahn|Python/Crossbar.io server within another browser’s context. This is addressed in version 0.15.0.

NetBSD mail.local(8) local root exploit that leverages a race condition as noted in NetBSD-SA2016-006.

This Metasploit module exploits a remote command execution vulnerability in the Barracuda Web App Firewall Firmware version 8.0.1.007 and below and Load Balancer Firmware versions 5.4.0.004 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it’s possible to inject system commands while escalating to root do to relaxed sudo configurations on the appliances.

This Metasploit module exploits a remote command execution vulnerability in the Barracuda Spam and Virus firewall firmware versions 5.1.3.007 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it’s possible to inject system commands while escalating to root do to relaxed sudo configuration on the local machine.

Rapid7 AppSpider version 6.12 web application vulnerability scanner suffers from an unquoted search path issue impacting the services ‘AppSpider REST Server’, ‘AppSpider REST Service’ and ‘AppSpiderUpgradeService’ for Windows deployed as part of AppSpider solution. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user’s code would execute with the elevated privileges of the application.

TeamPass Passwords Management System versions 2.1.26 and below suffer from an unauthenticated arbitrary file download vulnerability.

Cisco Security Advisory – A vulnerability in the ASN1C compiler by Objective Systems affects Cisco ASR 5000 devices running StarOS and Cisco Virtualized Packet Core (VPC) systems. The vulnerability could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or potentially execute arbitrary code. The vulnerability is due to unsafe code generation by the ASN1C compiler when creating ASN.1 translation functions that are subsequently included within affected Cisco products. An attacker could exploit this vulnerability by submitting a malicious Abstract Syntax Notation One (ASN.1) encoded message designed to trigger the issue to an affected function. US-CERT has released Vulnerability Note VU#790839 to document the issue. Cisco will release software updates that address this vulnerability.