Proxifier versions 2.18 and below ships with a KLoader binary which it installs suid root the first time Proxifier is run. This binary serves a single purpose which is to load and unload Proxifier’s kernel extension. Unfortunately it does this by taking the first parameter passed to it on the commandline without any sanitisation and feeding it straight into system().

MATESO GmbH Password Safe and Repository Enterprise 7.4.4 build 2247 suffers from poor credential management using unsalted MD5 hashes.

MATESO GmbH Password Safe and Repository Enterprise version 7.4.4 build 2247 suffers from a remote SQL injection vulnerability.

MyBB versions prior to 1.8.11 suffer from a directory traversal vulnerability.

MyBB versions prior to 1.8.11 suffers from a cross site scripting vulnerability.

s9y Serendipity versions prior to 2.0.5 suffer from a cross site request forgery vulnerability.

Red Hat Security Advisory 2017-0893-01 – 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.