A cross-site scripting vulnerability have been reported in Internet Explorer 9. The vulnerability is due to insufficient input validation while processing malformed request. A remote attacker may exploit this issue by enticing a target user to open a specially crafted web-page and run an arbitrary code on the security context of the target.

A remote code execution vulnerability exists in the Windows kernel-mode driver (Win32k.sys). The vulnerability is caused when Windows kernel-mode driver improperly handles TrueType fonts. A remote attacker can exploit this issue by enticing a user to open a specially crafted TTF file.

An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly handles uninitialized memory when parsing specially crafted TIFF files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted TIFF file.

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Internet Explorer.

A security feature bypass vulnerability exists in Microsoft Office Shared Component. The vulnerability is due to an improper implementation of Address Space Layout Randomization (ASLR) by MSCOMCTL common controls library used by Microsoft Office software. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file.

An arbitrary file upload vulnerability exists in the WordPress plug-in MailPoet Newsletters. The vulnerability is due to lack of access control validation. A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted request to the server.

A memory leakage vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file.

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error while loading specially crafted SWF files. A remote attacker can exploit this issue by enticing the victim to open a specially crafted SWF file.

A Code Execution vulnerability has been reported in the Jenkins Groovy Script Console. The vulnerability is due to an insecure script execution on the Jenkins console. A remote attacker could trigger this flaw by sending a crafted HTTP request to the vulnerable system.

An information disclosure vulnerability exists in the BIMS add-in module of HP Intelligent Management Center. The vulnerability is due to lack of authentication and insufficient input validation in the UploadServlet servlet when processing HTTP request parameters. By sending crafted HTTP requests to the target system, a remote unauthenticated attacker can leverage this vulnerability to view the contents of arbitrary files on a target system.