Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 22.214.171.124-ISS-ISDS-IF0074, 6.2.x before 126.96.36.199-ISS-ISDS-IF0050, and 6.3.x before 188.8.131.52-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 184.108.40.206-ISS-ISDS-IF0018 and 6.4.x before 220.127.116.11-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
An elevation of privilege vulnerability exist when the Windows Kernel API improperly allows a user to access sensitive registry information. An attacker who successfully exploited the vulnerability could gain access to user account information not intended for the user.
The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation.
The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.
Adobe Flash Player is prone to a use after free vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial of service condition.