An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when the Windows kernel-mode fails to properly handle objects in memory. Successful exploitation would lead to write access violation.

Several Exploit Kits landing pages embed malicious Flash files. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files.

A vulnerability exists in the firmware of Eir D1000 routers. A remote unauthenticated attacker could exploit this vulnerability in order to run arbitrary code on the affected device.

A Use-After-Free vulnerability exists in SVG Animation. An exploit based on this vulnerability is targeting Firefox and Tor Browser users on Windows. A remote attacker can exploit this vulnerability by enticing the user to access a malicious website.

A code execution vulnerability exists in LibGD. The vulnerability is due to an integer overflow leading to a heap buffer overflow. A remote attacker can exploit this flaw by getting the target application to process a crafted malicious GD2 file. Successful exploitation could result in code execution in the security context of the user process.

A remote command execution vulnerability exists in XpoLog Center. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system.

A script injection vulnerability exists in SugarCRM. The vulnerability is due to lack of input validation when handling a parameter of a HTTP request. Remote, unauthenticated attackers could exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation would inject and execute PHP code on the vulnerable system.

A denial of service vulnerability exists in the AHCACHE.SYS driver. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit this issue by sending a specially crafted Portable Executable file to an affected server. Successful exploitation could allow an attacker to cause a denial of service condition in the target system.

A remote code execution vulnerability exists in the ccca_ajaxhandler.php script of Trend Micro Smart Protection Server. The vulnerability is due to insufficient validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability by providing crafted input to the vulnerable system.

A remote code execution vulnerability has been reported in the proxy.cgi script of IPFire. The vulnerability is due to insufficient validation of user-supplied input when creating a new web proxy user. A remote, authenticated attacker could exploit this vulnerability by sending maliciously crafted HTTP requests to the target server. Successful exploitation allows the attacker to execute arbitrary code under the security context of a non-privileged user.