Asterisk Project Security Advisory – Asterisk can be crashed remotely by sending an ACK to it from an endpoint username that Asterisk does not recognize. Most SIP request types result in an “artificial” endpoint being looked up, but ACKs bypass this lookup. The resulting NULL pointer results in a crash when attempting to determine if ACLs should be applied. This issue was introduced in the Asterisk 13.10 release and only affects that release.

WordPress version 4.5.3 suffers from a cross site scripting vulnerability when an uploaded image filename has a malicious payload inserted.

PHPHolidays CMS version 3.00.50 suffers from a cross site scripting vulnerability.

Tinycrypt.asm is a training ransomware virus that is fully configurable to your needs but it is designed to be very controllable. It was designed to be used with the PoShFoTo incident response toolkit.

Samsung SystemUI fimg2d driver suffers from a null pointer dereference vulnerability.

WordPress Cubed theme version 1.2 suffers from cross site request forgery and remote file upload vulnerabilities.

Ubuntu Security Notice 3074-1 – It was discovered that File Roller incorrectly handled symlinks. If a user were tricked into extracting a specially-crafted archive, an attacker could delete files outside of the extraction directory.

Airmail versions 3.0.2 and below suffer from a cross site scripting vulnerability.

Picosmos Shows version 1.6.0 suffers from a stack overflow vulnerability.

WhatsApp suffers from a DLL hijacking vulnerability.