A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to a use-after-free error in Adobe Reader and Acrobat while handling a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file.

A directory traversal vulnerability exists in web servers. The vulnerability allows unauthorized users to upload malicious files to the server. A remote attacker can exploit this vulnerability by uploading an arbitrary, executable file and executing it under the context of SYSTEM.

A out-of-bounds array indexing vulnerability exists in ImageMagick. The vulnerability is due to improper handling of certain objects in memory. Successful exploitation could result in arbitrary code execution.

A denial-of-service vulnerability exists in PowerDNS Authoritative Server. The vulnerability is due to an error in processing queries with the dot character inside. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted DNS packet to the target application that could lead to excessive resources being consumed, resulting in a denial of service condition.

Many campaigns are known to use mail attachments containing double zipped files. A remote attacker could send e-mails including such files and convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system.

A remote code execution vulnerability exists in the modeline component of Vim due to insufficient input validation when parsing the filetype, syntax, and keymap options in modelines. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to open a file containing a malicious modeline in Vim. Successful exploitation can result in arbitrary command execution in the context of the current user.

This protection detects ssl client requests including TLS_FALLBACK_SCSV cipher suite.

A denial of service vulnerability has been reported in the Windows port of Network Time Foundation’s NTP Daemon. The vulnerability is due to insufficient error handling when receiving large UDP packets. A remote, unauthenticated attacker can exploit this vulnerability by sending a large UDP packet to the target server.

A directory traversal vulnerability exists in FreePBX. The vulnerability is due to an input validation issue in the “hotelwakeup” module. A remote unauthenticated attacker can exploit this vulnerability by sending maliciously crafted requests to the page that could lead to arbitrary command execution on the server under the security context of the asterisk user.