A directory traversal vulnerabilities exists in Brocade Network Advisor. The vulnerability is due to lack of authentication and insufficient input validation in the DashboardFileReceiveServlet servlet of dashboard-fileupload. war when processing HTTP multipart form requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a malicious HTTP request to the target system. Successful exploitation could result in arbitrary code execution with privileges of the SYSTEM.

A FTP protocol stream injection vulnerability has been reported in Java’s Applets. The vulnerability is due to improper URL handling code. A remote attacker may exploit this issue using a specially crafted Java applet which can enable an attacker to run FTP commands on the effected system.

A remote attacker can attempt to obtain login credentials to the built-in RSS feed functionality of the Magento platform using brute force. Successful exploitation would allow an attacker to obtain unauthorized access to the Magento Admin login.

A file upload vulnerability exists in Piwik. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.

A command injection vulnerability exists in the axfr_get.php script of VegaDNS. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation could allow the attacker to execute arbitrary commands.

A Microsoft Office Mail attachment containing a malicious downloader was observed as part of a ransomware campaign. A remote attacker could send spam e-mails including a downloader and manipulate users to manually enable them. This would allow the malicious code to run and infect the target system.

A type confusion vulnerability exists in Microsoft Internet Explorer and Microsoft Edge. The vulnerability is due to an error in Microsoft Internet Explorer and Microsoft Edge while handling a specially crafted HTML file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted HTML file with an affected version of Microsoft Internet Explorer or Microsoft Edge.

A policy bypass vulnerability has been reported in Microsoft Edge. This vulnerability is due improper enforcement of cross-domain policies with pages that have an empty document.domain property. A remote attacker could exploit this vulnerability by enticing a user to visit a maliciously crafted web-page. Successful exploitation of this vulnerability would allow an attacker to bypass the same origin policy and disclose sensitive information.

A buffer overflow vulnerability exists in Total Video Player. The vulnerability is due to improper parsing of parameters in the Settings.ini. A remote attacker could exploit this vulnerability by enticing a user to open a malformed Settings.ini file.

A stack-based buffer overflow exists in Audiotran 1.4.1. A remote attacker could trigger this vulnerability by enticing a victim to open a crafted file. Successful exploitation would allow remote attackers to execute arbitrary code via a long string in a playlist (.pls) file.