A denial-of-service vulnerability exists in OpenSSL. The vulnerability is due to an error in SSL_peek() API that causes an infinite loop to occur when processing empty records. A remote, unauthenticated attacker can exploit this vulnerability by supplying an empty record during an SSL connection. Successful exploitation will cause the server application to use up 100% of its CPU resources, resulting in a denial-of-service condition.

An insecure deserialization vulnerability has been reported in Oracle WebLogic Server. This vulnerability is due to deseralization of untrusted data while having the vulnerable version of Apache-Commons-FileUpload library in the code path. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted serialized object.

An SQL injection vulnerability exists in Alienvault Unified Security Management and OSSIM. The vulnerability is due to a lack of input validation on a component of the dashboard widgets. A remote, authenticated user can exploit this vulnerability by sending a crafted HTTP request to the affected page. Successful exploitation could result in information disclosure from the database.

A code execution vulnerability exists in LibGD. The vulnerability is due to an integer overflow leading to a heap buffer overflow. A remote attacker can exploit this flaw by getting the target application to process a crafted malicious GD2 file. Successful exploitation could result in code execution in the security context of the user process.

SVG file may contain a malicious JavaScript downloader. A successful implementation might result in the browser running arbitrary code on the infected system.

A denial of service vulnerability exists in the Network Time Protocol daemon (NTPD). The vulnerability is due to a null pointer dereference in the _IO_str_init_static_internal() function. A remote attacker can exploit this vulnerability by sending a crafted packet to the target service. Successful exploitation may result in denial-of-service conditions.

ShadowGate is an initial redirection point for exploit kits. Exploit Kits operate by delivering a malicious payload to the victim’s computer. Successful exploitation could result in remote code execution on the target system once the malicious page is loaded.

SEDKIT exploit kit is a web exploit kit that operates by delivering malicious payload to the victim’s computer. Successful infection will allow the attacker to download additional malware to the target.

An XML external entity (XXE) processing vulnerability has been reported in the Office Open XML (OOXML) parsing component of Adobe ColdFusion. The vulnerability is due to a lack of validation on user-supplied input when parsing OOXML documents. A remote attacker could exploit this vulnerability by uploading a maliciously crafted OOXML document to the target server. Successful exploitation could allow the attacker to read arbitrary files from the target server.

A vulnerability exists in a web kit used by major web servers. A malicious code may be embedded in an image file. Specially crafted HTTP request is later used to manipulate a web client into executing the embedded code.