A denial of service vulnerability has been reported in the Edge Side Includes (ESI) component of the Squid proxy. The vulnerability is due to incorrect pointer handling when processing ESI responses. A remote attacker could exploit this vulnerability by sending crafted ESI response data to the target system.

Several Exploit Kits landing pages embed malicious Flash files. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files.

A vulnerability exists in the firmware of Eir D1000 routers. A remote unauthenticated attacker could exploit this vulnerability in order to run arbitrary code on the affected device.

A Use-After-Free vulnerability exists in SVG Animation. An exploit based on this vulnerability is targeting Firefox and Tor Browser users on Windows. A remote attacker can exploit this vulnerability by enticing the user to access a malicious website.

A remote command execution vulnerability exists in XpoLog Center. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system.

A script injection vulnerability exists in SugarCRM. The vulnerability is due to lack of input validation when handling a parameter of a HTTP request. Remote, unauthenticated attackers could exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation would inject and execute PHP code on the vulnerable system.

A denial of service vulnerability exists in the AHCACHE.SYS driver. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit this issue by sending a specially crafted Portable Executable file to an affected server. Successful exploitation could allow an attacker to cause a denial of service condition in the target system.

A remote code execution vulnerability exists in the ccca_ajaxhandler.php script of Trend Micro Smart Protection Server. The vulnerability is due to insufficient validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability by providing crafted input to the vulnerable system.

A remote code execution vulnerability has been reported in the proxy.cgi script of IPFire. The vulnerability is due to insufficient validation of user-supplied input when creating a new web proxy user. A remote, authenticated attacker could exploit this vulnerability by sending maliciously crafted HTTP requests to the target server. Successful exploitation allows the attacker to execute arbitrary code under the security context of a non-privileged user.

Attackers may use SQL injection techniques in order to execute SQL commands on SQL servers. To avoid detection by security devices, such attackers might use various obfuscation techniques to conceal their actions. Successful exploitation could allow an attacker to disclose confidential information, modify or shut down the database, or execute arbitrary code on affected servers.