Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836.

Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00.

Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /.

RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash).

modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.

SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.

Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges.

The “Smart related articles” extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check).

The “Smart related articles” extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method).

The “Smart related articles” extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability).