Project Open]po[version 3.4 and possibly earlier versions suffer from a reflective cross-site scripting(XSS)vulnerability in the account-closed.tcl script

Apple Mac OS X CoreText contains a use-after-free vulnerability that may allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

Apple Mac OS X ATS contains a memory corruption vulnerability that may allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

A user's 802.1X WiFi credentials and SSID information may be exposed to any application with basic WiFi permissions on certain HTC builds of Android.

Linux kernel>=2.6.39 incorrectly handles the permissions for/proc//mem. A local,authenticated attacker could exploit this vulnerability to escalate to root privileges. Exploit code is available in the wild and there have been reports of active exploitation.

Oracle Outside In contains an exploitable vulnerability in the Lotus 123 version 4 file parser,which can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

Wibu-Systems CodeMeter contains a remote denial of service vulnerability when receiving specially crafted packets.

Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks,which can be leveraged by an unauthenticated attacker to cause a denial-of-service(DoS)condition.

The WiFi Protected Setup(WPS)PIN is susceptible to a brute force attack. A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8 digit PIN is correct. The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on many wireless routers makes this brute force attack that much more feasible.

A specially crafted DNS query containing signed duplicate resource records or a malformed NSEC3 signed resource record may cause Unbound to crash.

Microsoft Office Publisher fails to properly validate Publisher documents,which may allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

Power2Go 8 contains a buffer overflow in the handling of project(.p2g)files,which can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

Adobe Reader and Acrobat fail to properly handle U3D data,which could allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

A vulnerability in certain Hewlett-Packard devices could allow a remote attacker to install unauthorized firmware on an affected system.

Some versions of JasPer contain multiple vulnerabilities that may allow a remote,unauthenticated attacker to execute arbitrary code.

HomeSeer HS2 home automation software web interface contains multiple vulnerabilities.

CA Siteminder R6 SP6 CR7,R12 SP3 CR8 and possibly previous versions,are vulnerable to a reflective cross site scripting(XSS)vulnerability.

Support Incident Tracker(or SiT!)version 3.65,and possibly earlier versions,contain multiple vulnerabilities including; malicious file uploads,SQL injection,cross-site scripting,and cross-site request forgery.

ISC BIND 9 resolver contains a remote packet denial of service vulnerability after logging an error in query.c.

The Zenprise Device Manager software is susceptible to a cross-site request forgery(CSRF)vulnerability that may result in the compromise of the fleet of mobile devices managed by the product.