This Metasploit module exploits a command execution vulnerability in ActualAnalyzer version 2.81 and prior. The ‘aa.php’ file allows unauthenticated users to execute arbitrary commands in the ‘ant’ cookie.

Red Hat Security Advisory 2014-1995-01 – Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.

Intrexx Professional suffers from a remote code execution vulnerability via unrestricted file upload.

WordPress O2Tweet plugin version 0.0.4 suffers from cross site request forgery and cross site scripting vulnerabilities.

Gentoo Linux Security Advisory 201412-17 – Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which may allow execution of arbitrary code. Versions prior to 9.10-r2 are affected.

Gentoo Linux Security Advisory 201412-13 – Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to execute arbitrary code. Versions less than 39.0.2171.65 are affected.

Mandriva Linux Security Advisory 2014-253 – It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode.

Gentoo Linux Security Advisory 201412-14 – Two vulnerabilities have been found in Xfig, possibly resulting in execution of arbitrary code or Denial of Service. Versions less than 3.2.5c are affected.

Gentoo Linux Security Advisory 201412-15 – Two vulnerabilities have been found in MCollective, the worst of which could lead to privilege escalation. Versions less than 2.5.3 are affected.

Gentoo Linux Security Advisory 201412-16 – A vulnerability in CouchDB could result in Denial of Service. Versions less than 1.5.1 are affected.