An out-of-bounds read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to improper handling of JPEG2000 images, and could be used to gain sensitive information that may help in further attacks. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted webpage or PDF document.

FreePBX is an open source software implementation of a telephone Private Branch eXchange (PBX). A code execution vulnerability exists in FreePBX software. Remote attacker can exploit this vulnerability to inject arbitrary PHP functions and commands.

This module exploits a PHP object injection vulnerability. Tuelap could be abused to allow authenticated users to execute arbitrary code with the permissions of the web server. This could lead to execute PHP code on the server.

An integer overflow vulnerability exists in memcached. This vulnerability is due to a lack of bounds checking in the process_bin_append_prepend function while processing commands that append or prepend data to existing key-value pairs. A remote unauthenticated attacker can exploit these vulnerabilities by sending a specially crafted packet to memcached.

A privilege escalation vulnerability exists in Microsoft SQL Server. The vulnerability is due to the improper handling of a SQL query containing a UNC path. A remote, authenticated attacker can exploit the vulnerability by sending a crafted SQL request to the server. Successful exploitation could allow an attacker to gain the password hashes of the account used to run the server service.

An integer underflow vulnerability exists in the Memcached binary protocol. This vulnerability is due to a lack of bounds checking in the process_bin_sasl_auth function. A remote unauthenticated attacker can exploit these vulnerabilities by sending a specially crafted packet to memcached that can lead to a buffer overflow and possible code execution in the context of the user.

A remote command execution vulnerability exists in Trend Micro Smart Protection Server. The vulnerability is due to insufficient validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability by sending a crafted input to the vulnerable system that could lead to arbitrary command execution under the security context of system.

An XML external entity (XXE) processing vulnerability has been reported in Trend Micro Control Manager. The vulnerability is due to lack of validation of user-supplied input prior to executing an XML query. A remote, authenticated attacker could exploit this vulnerability by sending a malicious HTTP request to the target system.

A cross-site scripting vulnerability exists in the WooCommerce WordPress plugin. This vulnerability is triggered when the WooCommerce tax rates setting incorrectly processes user-supplied data. A remote attacker may exploit this vulnerability by uploading a malicious .csv file into the application. The file then injects malicious code triggering the attack, thereby allowing the attacker to gain full control of the web server.

MikroTik RouterOS is prone to a security-bypass vulnerability because the software fails to sufficiently sanitize SNMP requests. Successfully exploiting this issue allows attackers to write to and change certain aspects of the Network Management System (NMS). This may aid in further attacks. Versions up to and including RouterOS 3.13 and 2.9.51 are vulnerable.