WPScan is a vulnerability scanning product. Remote attackers can use WPScan to detect vulnerabilities on a target WordPress server.

A new variant of the Dyre (Dyreza) banking Trojan has been found. A remote attacker can inject this Trojan using forged SSL certificates.

An integer overflow vulnerability has been reported in Trihedral VTScada. The vulnerability is due to improper bounds checking while handling crafted requests to the HTTP server. By providing a crafted Content-Length header value, an attacker is able to terminate the HTTP server, creating a denial of service condition.

A code execution vulnerability exists in RPM package manager. The vulnerability is due to an integer overflow when parsing the CPIO header in the payload section of an RPM file, leading to a stack buffer overflow. A remote attacker can exploit this vulnerability by enticing a user to install a maliciously modified signed RPM package.

SuperFish Adware is a software that uses SSL man-in-the-middle (MitM) technique in order to intercept SSL sessions and inject its own content into the session. The certificate used by SuperFish has been decrypted, and therefore, attackers might exploit it to disclose confidential or private information passed over SuperFish SSL channel, or tamper with such information and change it.

A remote code execution vulnerability exists in the Windows kernel-mode driver (Win32k.sys). The vulnerability is caused when Windows kernel-mode driver improperly handles TrueType fonts. A remote attacker can exploit this issue by enticing a user to open a specially crafted TTF file.

An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly handles uninitialized memory when parsing specially crafted TIFF files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted TIFF file.

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Internet Explorer.

A security feature bypass vulnerability exists in Microsoft Office Shared Component. The vulnerability is due to an improper implementation of Address Space Layout Randomization (ASLR) by MSCOMCTL common controls library used by Microsoft Office software. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file.

A code injection vulnerability has been reported in WordPress FancyBox Plugin. A remote attacker could inject arbitrary code into the FancyBox Plugin code via crafted parameters.