An SQL injection vulnerability has been reported in WordPress Slimstat Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file.

A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Group Policy receives and applies policy data when a domain-joined system connects to a domain controller. An attacker can exploit this vulnerability by convincing a victim with a domain-configured system to connect to an attacker-controlled network.

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a type confusion condition while handling a malformed SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file. Successful exploitation would allow an attacker to execute arbitrary code on the target.

WPScan is a vulnerability scanning product. Remote attackers can use WPScan to detect vulnerabilities on a target WordPress server.

A new variant of the Dyre (Dyreza) banking Trojan has been found. A remote attacker can inject this Trojan using forged SSL certificates.

An integer overflow vulnerability has been reported in Trihedral VTScada. The vulnerability is due to improper bounds checking while handling crafted requests to the HTTP server. By providing a crafted Content-Length header value, an attacker is able to terminate the HTTP server, creating a denial of service condition.

A code execution vulnerability exists in RPM package manager. The vulnerability is due to an integer overflow when parsing the CPIO header in the payload section of an RPM file, leading to a stack buffer overflow. A remote attacker can exploit this vulnerability by enticing a user to install a maliciously modified signed RPM package.

A code execution vulnerability has been reported in Schneider Electric ProClima. The vulnerability is due to a heap buffer overflow when processing user supplied parameter input to SetHtmlFileName in the Atx45.ocx ActiveX control. A remote unauthenticated attacker could exploit this vulnerability by enticing a user into opening a specially crafted web page.

An SQL injection vulnerability has been reported in WordPress Survey and Poll Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.