The best practice for web applications built on top of the Apache Struts 2 framework is to switch off Developer Mode (struts.devMode parameter in the struts.xml configuration file) before going into production.

When devMode is left enabled, attackers can gain remote code execution by setting the 'debug=command' URL parameter and sending OGNL expressions through the 'expression' URL parameter.

This module takes advantage of this misconfiguration scenario in order to deploy an agent in the target system.

VLC Media Player is prone to a buffer overflow when handling a specially crafted RTSP packets within the LIVE555 Plugin (liblive555_plugin.dll).

AccessNowServer32.exe is prone to a buffer overflow when handling a malformed HTTP request.

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014.



This update adds support for Internet Explorer 8 and some specific patch versions of Internet Explorer 10

IcoFX is prone to a security vulnerability when processing .ICO files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine, by enticing the user of IcoFX to open a specially crafted icon file.

This module exploits a heap based buffer overflow vulnerability in Adobe Reader X when handling a specially crafted PDF file.

This module exploits a vulnerability in OpenSSL by sending a "Change Ciper Spec" message to the server.



This vulnerability allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake.

This module exploits a remote code execution vulnerability in HP SiteScope. The vulnerability exists in the APISiteScopeImpl web service, specifically in the issueSiebelCmd method, which allows the user to execute arbitrary commands without authentication.

A logical error in sudo when the env_reset option is disabled allows local attackers to define environment variables that were supposed to be blacklisted by sudo.

This can be exploited by a local unprivileged attacker to gain root privileges by manipulating the environment of a command that the user is legitimately allowed to run with sudo.

The KingSCADA application has a stack-based buffer overflow vulnerability where the application overwrites the structured exception handler (SEH). An attacker could send a specially crafted packet to KingSCADA, and the application would handle the packet incorrectly, causing a stack-based buffer overflow.