An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys)

A Memory corruption vulnerability exists in the Windows Client DHCP service when an attacker sends specially crafted DHCP responses to a client.

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.

Heap buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

XMPlay 3.8.3 allows remote attackers to execute arbitrary code via a crafted http:// URL in a .m3u file.

D-Link Central WiFiManager FTP Server is vulnerable to an unauthenticated php remote file inclusion, allowing attackers to execute arbitrary php code in the system.

CMS Made Simple is vulnerable to an authenticated php command injection, allowing attackers to execute arbitrary php code in the system.

Advantech WebAccess Node is vulnerable to an unauthenticated remote file inclusion, allowing attackers to execute arbitrary code in the system.

WordPress is prone to an abuse in the Lost Password recovery action. This vulnerability allows remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via an injection crafted in HTTP_HOST request property. The attack will not leave any trace. This exploit installs an OS Agent.

phpMyAdmin is vulnerable to an authenticated php local file inclusion, allowing attackers to execute arbitrary php code in the system.