This module exploits a buffer overflow vulnerability in FeedDemon. When the application is used to import a specially crafted opml file, a buffer overflow occurs allowing arbitrary code execution.

A remote code execution vulnerability has been reported in the bspatch utility in FreeBSD. The vulnerability is due to improper validation on the numbers of bytes to read from diff and extra stream values. A remote attacker can exploit this vulnerability by enticing the target user to download and apply a crafted patch file.

A buffer overflow vulnerability has been found in the Omnilnet.exe component of HPE Data Protector. This vulnerability is due to lack of boundary checks on the domain field in EXEC_BAR requests. A remote, unauthenticated attacker could exploit this vulnerability by sending malformed requests to a HPE Data Protector service potentially leading to arbitrary code execution under the context of System.

A command Injection over HTTP vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the target machine.

A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation could allow the attacker to execute arbitrary code in the context of the web server process.

A denial of service vulnerability exists in the Network Time Protocol daemon (NTPD). The vulnerability is due to a null pointer dereference when handling crypto-NAK packets. A remote attacker can exploit this vulnerability by sending an unsolicited crypto-NAK packet to the target service.

A vulnerability has been found in the web interface of Cisco Prime Infrastructure and Evolved programmable Network Manager (EPNM). The vulnerability is due to insufficient sanitization of user supplied input to the web interface. A remote, unauthenticated attacker could exploit this vulnerability by sending an HTTP POST request with maliciously crafted serialized user data.

Phishing URL attack attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity. The attacker uses embedded redirection links in order to gain the victim’s account information.

A SQL injection vulnerability has been reported in Moxa SoftCMS. The vulnerability is due to insufficient input validation on user supplied input. A remote attacker can exploit this vulnerability by providing a crafted input to the product. Successful exploitation would allow the attacker to perform SQL injection and possibly code execution.

A directory traversal vulnerability has been reported in WordPress. This vulnerability is due to incorrect validation of a user supplied path for directory traversal characters. An authenticated user with subscriber privileges could exploit this vulnerability by sending specially crafted requests to the Admin API. Successful exploitation results in a Denial of Service condition.