Openlitespeed Web Server version 1.7.8 suffers from an authenticated command injection vulnerability.

Backdoor.Win32.DarkKomet.apbb malware suffers from an insecure permissions vulnerability.

Backdoor.Win32.Wollf.14 malware has a backdoor on TCP/7614 that does not require any authentication.

Constructor.Win32.SpyNet.a malware suffers from a remote password leak vulnerability.

Revive Adserver versions 5.1.0 and below suffer from multiple reflective cross site scripting vulnerabilities.

STVS ProVision version 5.9.10 suffers from an authenticated file disclosure vulnerability in archive.rb.

STVS ProVision version 5.9.10 suffers from an authenticated reflective cross site scripting vulnerability.

STVS ProVision version 5.9.10 suffers from a cross site request forgery vulnerability.

Qualys has released extensive research details regarding a heap-based buffer overflow vulnerability in sudo. The issue was introduced in July 2011 (commit 8255ed69), and affects all legacy versions from 1.8.2…