A directory traversal vulnerabilities exists in Brocade Network Advisor. The vulnerability is due to lack of authentication and insufficient input validation in the DashboardFileReceiveServlet servlet of dashboard-fileupload. war when processing HTTP multipart form requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a malicious HTTP request to the target system. Successful exploitation could result in arbitrary code execution with privileges of the SYSTEM.

A FTP protocol stream injection vulnerability has been reported in Java’s Applets. The vulnerability is due to improper URL handling code. A remote attacker may exploit this issue using a specially crafted Java applet which can enable an attacker to run FTP commands on the effected system.

A remote attacker can attempt to obtain login credentials to the built-in RSS feed functionality of the Magento platform using brute force. Successful exploitation would allow an attacker to obtain unauthorized access to the Magento Admin login.

A file upload vulnerability exists in Piwik. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.

A command injection vulnerability exists in the axfr_get.php script of VegaDNS. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation could allow the attacker to execute arbitrary commands.

A Microsoft Office Mail attachment containing a malicious downloader was observed as part of a ransomware campaign. A remote attacker could send spam e-mails including a downloader and manipulate users to manually enable them. This would allow the malicious code to run and infect the target system.

A type confusion vulnerability exists in Microsoft Internet Explorer and Microsoft Edge. The vulnerability is due to an error in Microsoft Internet Explorer and Microsoft Edge while handling a specially crafted HTML file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted HTML file with an affected version of Microsoft Internet Explorer or Microsoft Edge.

A buffer overflow exists in Altap Salamander. A remote attacker could trigger this vulnerability by creating a malicious file and convincing a user to view the file with the Portable Executable Viewer plugin within a vulnerable version of Salamander. Successful exploitation would allows remote attackers to execute arbitrary code via the PDB file.

A stack-based buffer overflow vulnerability exists in Beetel Connection Manager. The vulnerability is due to improper parsing of parameters in the NetConfig.ini file. A remote attacker could exploit this vulnerability by enticing a user to use a crafted NetConfig.ini file.

An information disclosure vulnerability has been reported in F5 Big-IP TLS products. An attacker can leverage this vulnerability to disclose memory contents of a connected server.