MyBB Visual Editor versions 1.8.18 and below suffer from a cross site scripting vulnerability.

Antidote versions 9.5.1 and below suffer from an update related code execution vulnerability.

Staubli Jacquard Industrial System JC6 suffers from a bash environment variable handling code injection vulnerability.

WordPress FV Flowplayer plugin version 7.2.0.727 suffers from a cross site scripting vulnerability.

RSA Authentication Manager versions prior to 8.3 Patch 3 suffer from multiple cross site scripting vulnerabilities.

Debian Linux Security Advisory 4298-1 - Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing input sanitising in the Hylafax fax software could potentially result in the execution of arbitrary code via a malformed fax message.

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

mgetty version 1.2.0 suffers from buffer overflow, code execution, and various other privilege escalation related vulnerabilities.

Multiple bugs were found in the code handling fax page reception in JPEG format that allow arbitrary writes to an uninitialized pointer by remote parties dialing in. When processing an specially crafted input, the issue could lead to remote code execution. HylaFAX versions 6.0.6 and 5.6.0 are affected.

JD-HITB2018 Beijing CTF plus Finals of the 4th XCTF International League (XCTF Finals 2018) will take place on the 1st and 2nd of November alongside the first-ever HITB Security Conference in Beijing! Participate and stand a chance to win cash prizes worth up to USD 2000.

Asterisk Project Security Advisory - There is a stack overflow vulnerability in the res_http_websocket.so module of Asterisk that allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. The attacker's request causes Asterisk to run out of stack space and crash.

Red Hat Security Advisory 2018-2733-01 - The rubygem provided by rubygem-smart_proxy_dynflow is a plugin into Foreman's Smart Proxy for running Dynflow actions on the Smart Proxy. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2018-2731-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include buffer overflow and denial of service vulnerabilities.

Red Hat Security Advisory 2018-2732-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include buffer overflow and denial of service vulnerabilities.

Ubuntu Security Notice 3770-2 - USN-3770-1 fixed a vulnerability in Little CMS. This update provides the corresponding update for Ubuntu 12.04 ESM. Pedro Ribeiro discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

Red Hat Security Advisory 2018-2729-01 - Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service cloud running on commonly available physical hardware. Issues addressed include an insecure download vulnerability.

Ubuntu Security Notice 3770-1 - Ibrahim El-Sayed discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Quang Nguyen discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

Ubuntu Security Notice 3769-1 - It was discovered that Bind incorrectly handled the deny-answer-aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bind to crash, resulting in a denial of service.

There is an out-of-bounds read in FEC processing in WebRTC. If a very short RTP packet is received, FEC will assume the packet is longer and process data outside of the allocated buffer.

There is a use-after-free vulnerability in VP9 processing in WebRTC.

NICO-FTP version 3.0.1.19 SEH buffer overflow exploit.

ManageEngine OPManager version 12.3 suffers from a remote SQL injection vulnerability.

27 bytes small Linux/x86 egghunter (0x50905090) + sigaction() shellcode.

Telegram Desktop (aka tdesktop) version 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition.