The specific flaw exists within the activate_doit function of the service. The issue lies in the handling of the server parameter which can result in overflowing a stack-based buffer.

This update introduces more accurate information about vulnerable targets.

Atlassian Bamboo is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the commons-collections Java library.



By exploiting known methods, it is possible to remotely load a InvokerTransformer Java class, which allows the execution of system commands.

The Password Manager component installed by various Trend Micro products runs a Node.js HTTP server by default. This web server opens multiple HTTP RPC ports for handling API requests. For example, the openUrlInDefaultBrowser API function, which internally maps to a ShellExecute function call, allows and attacker to execute arbitrary commands on localhost without the need of any type of credentials.

Improvement on Web Application Authentication Testing parameters to use a higher number of values between the authentication probes.

Jenkins is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution.



There are several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution.



This update adds support for HTTPS and IPv6. It also allows to change the application root path.

Jenkins is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution.



There are several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution.

The Admin framework in Apple OS X contains a hidden backdoor API to gain root privileges. A local user can exploit this flaw in the checking of XPC entitlements.

This module exploits a vulnerability in "Windows Secondary Logon Service" when it fails to properly manage request handles in memory.

The Filter function of the VBScript engine in Microsoft Internet Explorer is prone to a type confusion vulnerability when processing specially crafted parameters.

This vulnerability allows attackers to execute arbitrary code on vulnerable machines by enticing unsuspecting users to visit a specially crafted website.

Exim installations compiled with Perl support do not perform sanitation of the environment before loading a perl script defined with perl_startup setting in exim config file. This can be exploited by malicious local attackers to gain root privileges.