A remote code execution vulnerability has been reported in the proxy.cgi script of IPFire. The vulnerability is due to insufficient validation of user-supplied input when creating a new web proxy user. A remote, authenticated attacker could exploit this vulnerability by sending maliciously crafted HTTP requests to the target server. Successful exploitation allows the attacker to execute arbitrary code under the security context of a non-privileged user.

A remote code execution vulnerability exists in the ccca_ajaxhandler.php script of Trend Micro Smart Protection Server. The vulnerability is due to insufficient validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability by providing crafted input to the vulnerable system.

A denial of service vulnerability exists in the AHCACHE.SYS driver. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit this issue by sending a specially crafted Portable Executable file to an affected server. Successful exploitation could allow an attacker to cause a denial of service condition in the target system.

A script injection vulnerability exists in SugarCRM. The vulnerability is due to lack of input validation when handling a parameter of a HTTP request. Remote, unauthenticated attackers could exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation would inject and execute PHP code on the vulnerable system.

A remote command execution vulnerability exists in XpoLog Center. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system.

A code execution vulnerability exists in LibGD. The vulnerability is due to an integer overflow leading to a heap buffer overflow. A remote attacker can exploit this flaw by getting the target application to process a crafted malicious GD2 file. Successful exploitation could result in code execution in the security context of the user process.

An SQL injection vulnerability exists in Alienvault Unified Security Management and OSSIM. The vulnerability is due to a lack of input validation on a component of the dashboard widgets. A remote, authenticated user can exploit this vulnerability by sending a crafted HTTP request to the affected page. Successful exploitation could result in information disclosure from the database.