An attacker may attempt to gain access to email accounts by repeatedly trying to log in using various passwords, eventually finding the correct one, a technique known as “Brute Force”. Successful exploitation may result in an unauthorized access to an email account.

A stack overflow vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to an error in Adobe Acrobat and Reader while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file.

A remote attacker can hide a malicious code within an image file, in an attempt to avoid detection. Successful exploitation could result in the execution of arbitrary code in the security context of the web server.

A cross-site request forgery (CSRF) vulnerability has been reported in WordPress Redirection Page Plugin. An attacker could exploit this vulnerability by convincing the user to follow a malicious link or visit an attacker controlled website.

A buffer overflow vulnerability exists in SAP SQL Anywhere .NET Data Provider. The vulnerability is caused by insufficient boundary checks in the handling of column aliases. If an application allows untrusted input to be used as the column alias in an SQL query, by sending crafted requests to the application, an attacker can overflow a stack-based buffer. A successful attack will result in arbitrary code execution in the context of the application.

An unauthorized file upload vulnerability has been reported in WordPress Photo Gallery Plugin. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.

Sweet Orange exploit kit is a web exploit kit that operates by delivering malicious payload to the victim’s computer. Remote attackers can infect users with Sweet Orange exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution on the victim’s computer.

WPScan is a vulnerability scanning product. Remote attackers can use WPScan to detect vulnerabilities on a target WordPress server.

A new variant of the Dyre (Dyreza) banking Trojan has been found. A remote attacker can inject this Trojan using forged SSL certificates.

An integer overflow vulnerability has been reported in Trihedral VTScada. The vulnerability is due to improper bounds checking while handling crafted requests to the HTTP server. By providing a crafted Content-Length header value, an attacker is able to terminate the HTTP server, creating a denial of service condition.