Microsoft power point allows users to insert objects of arbitrary file types. At presentation time these objects can be activated by mouse movement or clicking.
PageKit version 1.0.10 suffers from a password reset vulnerability.
Oracle E-Business Suite versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, and 12.2.6 suffer from an unconstrained file download vulnerability.
Python version 2.x suffers from a buffer overflow in the DecodeAdpcmImaQT function in the ctypes module.
Microsoft Remote Desktop Client for Mac version 8.0.36 suffers from a remote code execution vulnerability.
Oracle PeopleSoft HCM version 9.2 suffers from a cross site scripting vulnerability.
Oracle OpenJDK Runtime Environment build 1.8.0_112-b15 suffers from a java serialization denial of service vulnerability.
CUPS suffers from an incorrect whitelist that permits DNS rebinding attacks.
Cisco’s WebEx extension has a URL that allows for arbitrary remote command execution.
This Metasploit module exploits an out-of-bounds indexing/use-after-free condition present in nsSMILTimeContainer::NotifyTimeChange() across numerous versions of Mozilla Firefox on Microsoft Windows.