A directory traversal vulnerability exists in CA Unified Infrastructure Management. The vulnerability is due to insufficient input validation while processing HTTP requests sent to the download_lar.jsp. A remote unauthenticated attacker can exploit this vulnerability by sending a malicious request to the vulnerable server. Successful exploitation results in arbitrary file download from the target server.

Several Exploit Kits landing pages embed malicious Flash files. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files.

A vulnerability exists in the firmware of Eir D1000 routers. A remote unauthenticated attacker could exploit this vulnerability in order to run arbitrary code on the affected device.

A Use-After-Free vulnerability exists in SVG Animation. An exploit based on this vulnerability is targeting Firefox and Tor Browser users on Windows. A remote attacker can exploit this vulnerability by enticing the user to access a malicious website.

Attackers may use SQL injection techniques in order to execute SQL commands on SQL servers. To avoid detection by security devices, such attackers might use various obfuscation techniques to conceal their actions. Successful exploitation could allow an attacker to disclose confidential information, modify or shut down the database, or execute arbitrary code on affected servers.

A denial-of-service vulnerability exists in OpenSSL. The vulnerability is due to an error in SSL_peek() API that causes an infinite loop to occur when processing empty records. A remote, unauthenticated attacker can exploit this vulnerability by supplying an empty record during an SSL connection. Successful exploitation will cause the server application to use up 100% of its CPU resources, resulting in a denial-of-service condition.

An insecure deserialization vulnerability has been reported in Oracle WebLogic Server. This vulnerability is due to deseralization of untrusted data while having the vulnerable version of Apache-Commons-FileUpload library in the code path. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted serialized object.

An SQL injection vulnerability exists in Alienvault Unified Security Management and OSSIM. The vulnerability is due to a lack of input validation on a component of the dashboard widgets. A remote, authenticated user can exploit this vulnerability by sending a crafted HTTP request to the affected page. Successful exploitation could result in information disclosure from the database.

A code execution vulnerability exists in LibGD. The vulnerability is due to an integer overflow leading to a heap buffer overflow. A remote attacker can exploit this flaw by getting the target application to process a crafted malicious GD2 file. Successful exploitation could result in code execution in the security context of the user process.

A remote command execution vulnerability exists in XpoLog Center. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system.