An Out-of-Bounds-Read vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this vulnerability by enticing a victim to open a specially crafted file that could grant an attacker remote code execution.

Several Exploit Kits landing pages embed malicious Flash files. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files.

A vulnerability exists in the firmware of Eir D1000 routers. A remote unauthenticated attacker could exploit this vulnerability in order to run arbitrary code on the affected device.

A Use-After-Free vulnerability exists in SVG Animation. An exploit based on this vulnerability is targeting Firefox and Tor Browser users on Windows. A remote attacker can exploit this vulnerability by enticing the user to access a malicious website.

An SQL injection vulnerability exists in Alienvault Unified Security Management and OSSIM. The vulnerability is due to a lack of input validation on a component of the dashboard widgets. A remote, authenticated user can exploit this vulnerability by sending a crafted HTTP request to the affected page. Successful exploitation could result in information disclosure from the database.

A code execution vulnerability exists in LibGD. The vulnerability is due to an integer overflow leading to a heap buffer overflow. A remote attacker can exploit this flaw by getting the target application to process a crafted malicious GD2 file. Successful exploitation could result in code execution in the security context of the user process.

A remote command execution vulnerability exists in XpoLog Center. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system.

A script injection vulnerability exists in SugarCRM. The vulnerability is due to lack of input validation when handling a parameter of a HTTP request. Remote, unauthenticated attackers could exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation would inject and execute PHP code on the vulnerable system.

A denial of service vulnerability exists in the AHCACHE.SYS driver. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit this issue by sending a specially crafted Portable Executable file to an affected server. Successful exploitation could allow an attacker to cause a denial of service condition in the target system.

A remote code execution vulnerability exists in the ccca_ajaxhandler.php script of Trend Micro Smart Protection Server. The vulnerability is due to insufficient validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability by providing crafted input to the vulnerable system.