>> TAG: #0day

Microsoft Windows Text Services Framework MSCTF – Multiple Vulnerabilities

NSKeyedUnarchiver – Info Leak in Decoding SGBigUTF8String

Adobe Acrobat CoolType (AFDKO) – Memory Corruption in the Handling of Type 1 Font load/store Operators

Adobe Acrobat CoolType (AFDKO) – Call from Uninitialized Memory due to Empty FDArray in Type 1 Fonts

Microsoft Font Subsetting – DLL Returning a Dangling Pointer via MergeFontPackage

Microsoft Font Subsetting – DLL Heap-Based Out-of-Bounds read in GetGlyphIdx

SugarCRM Enterprise 9.0.0 – Cross-Site Scripting

Joomla! Component JS Jobs (com_jsjobs) 1.2.5 – ‘customfields.php’ SQL Injection

Windows PowerShell – Unsanitized Filename Command Execution

WordPress Plugin Download Manager 2.5 – Cross-Site Request Forgery