A remote code execution vulnerability has been reported in the proxy.cgi script of IPFire. The vulnerability is due to insufficient validation of user-supplied input when creating a new web proxy user. A remote, authenticated attacker could exploit this vulnerability by sending maliciously crafted HTTP requests to the target server. Successful exploitation allows the attacker to execute arbitrary code under the security context of a non-privileged user.

Attackers may use SQL injection techniques in order to execute SQL commands on SQL servers. To avoid detection by security devices, such attackers might use various obfuscation techniques to conceal their actions. Successful exploitation could allow an attacker to disclose confidential information, modify or shut down the database, or execute arbitrary code on affected servers.

A denial-of-service vulnerability exists in OpenSSL. The vulnerability is due to an error in SSL_peek() API that causes an infinite loop to occur when processing empty records. A remote, unauthenticated attacker can exploit this vulnerability by supplying an empty record during an SSL connection. Successful exploitation will cause the server application to use up 100% of its CPU resources, resulting in a denial-of-service condition.

An insecure deserialization vulnerability has been reported in Oracle WebLogic Server. This vulnerability is due to deseralization of untrusted data while having the vulnerable version of Apache-Commons-FileUpload library in the code path. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted serialized object.

SVG file may contain a malicious JavaScript downloader. A successful implementation might result in the browser running arbitrary code on the infected system.

A denial of service vulnerability exists in the Network Time Protocol daemon (NTPD). The vulnerability is due to a null pointer dereference in the _IO_str_init_static_internal() function. A remote attacker can exploit this vulnerability by sending a crafted packet to the target service. Successful exploitation may result in denial-of-service conditions.

ShadowGate is an initial redirection point for exploit kits. Exploit Kits operate by delivering a malicious payload to the victim’s computer. Successful exploitation could result in remote code execution on the target system once the malicious page is loaded.

SEDKIT exploit kit is a web exploit kit that operates by delivering malicious payload to the victim’s computer. Successful infection will allow the attacker to download additional malware to the target.

An XML external entity (XXE) processing vulnerability has been reported in the Office Open XML (OOXML) parsing component of Adobe ColdFusion. The vulnerability is due to a lack of validation on user-supplied input when parsing OOXML documents. A remote attacker could exploit this vulnerability by uploading a maliciously crafted OOXML document to the target server. Successful exploitation could allow the attacker to read arbitrary files from the target server.

A vulnerability exists in a web kit used by major web servers. A malicious code may be embedded in an image file. Specially crafted HTTP request is later used to manipulate a web client into executing the embedded code.