A cross-site request forgery (CSRF) vulnerability has been reported in WordPress Redirection Page Plugin. An attacker could exploit this vulnerability by convincing the user to follow a malicious link or visit an attacker controlled website.

An unauthorized file upload vulnerability has been reported in WordPress Holding Pattern Theme. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.

An SQL injection vulnerability has been reported in WordPress Slimstat Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file.

Sweet Orange exploit kit is a web exploit kit that operates by delivering malicious payload to the victim’s computer. Remote attackers can infect users with Sweet Orange exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution on the victim’s computer.

WPScan is a vulnerability scanning product. Remote attackers can use WPScan to detect vulnerabilities on a target WordPress server.

A new variant of the Dyre (Dyreza) banking Trojan has been found. A remote attacker can inject this Trojan using forged SSL certificates.

An integer overflow vulnerability has been reported in Trihedral VTScada. The vulnerability is due to improper bounds checking while handling crafted requests to the HTTP server. By providing a crafted Content-Length header value, an attacker is able to terminate the HTTP server, creating a denial of service condition.

A code execution vulnerability exists in RPM package manager. The vulnerability is due to an integer overflow when parsing the CPIO header in the payload section of an RPM file, leading to a stack buffer overflow. A remote attacker can exploit this vulnerability by enticing a user to install a maliciously modified signed RPM package.

A code execution vulnerability has been reported in Schneider Electric ProClima. The vulnerability is due to a heap buffer overflow when processing user supplied parameter input to SetHtmlFileName in the Atx45.ocx ActiveX control. A remote unauthenticated attacker could exploit this vulnerability by enticing a user into opening a specially crafted web page.