ZyXEL Prestig P-660HNU-T1v2 suffers from a remote credential disclosure vulnerability.

Due to a processing issue with environment variables it is possible to leverage bash for command execution through various methodologies.

Bash specially-crafted environment variable code injection proof of concept exploit that inserts the malicious payload into a User-Agent header and looks for a 500 response on a web server.

CMS AutoWeb version 3.0 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

Gentoo Linux Security Advisory 201409-9 – A parsing flaw related to functions and environments in Bash could allow attackers to inject code. Versions less than 4.2_p48 are affected.

Ubuntu Security Notice 2360-1 – Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates.

Ubuntu Security Notice 2360-2 – USN-2360-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates. Various other issues were also addressed.

Ubuntu Security Notice 2361-1 – Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates.