An integer overflow vulnerability has been reported in Trihedral VTScada. The vulnerability is due to improper bounds checking while handling crafted requests to the HTTP server. By providing a crafted Content-Length header value, an attacker is able to terminate the HTTP server, creating a denial of service condition.

A code execution vulnerability exists in RPM package manager. The vulnerability is due to an integer overflow when parsing the CPIO header in the payload section of an RPM file, leading to a stack buffer overflow. A remote attacker can exploit this vulnerability by enticing a user to install a maliciously modified signed RPM package.

A code execution vulnerability has been reported in Schneider Electric ProClima. The vulnerability is due to a heap buffer overflow when processing user supplied parameter input to SetHtmlFileName in the Atx45.ocx ActiveX control. A remote unauthenticated attacker could exploit this vulnerability by enticing a user into opening a specially crafted web page.

An SQL injection vulnerability has been reported in WordPress Survey and Poll Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.

SuperFish Adware is a software that uses SSL man-in-the-middle (MitM) technique in order to intercept SSL sessions and inject its own content into the session. The certificate used by SuperFish has been decrypted, and therefore, attackers might exploit it to disclose confidential or private information passed over SuperFish SSL channel, or tamper with such information and change it.

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Internet Explorer.

A security feature bypass vulnerability exists in Microsoft Office Shared Component. The vulnerability is due to an improper implementation of Address Space Layout Randomization (ASLR) by MSCOMCTL common controls library used by Microsoft Office software. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file.

A code injection vulnerability has been reported in WordPress FancyBox Plugin. A remote attacker could inject arbitrary code into the FancyBox Plugin code via crafted parameters.

A remote code execution vulnerability has been reported in Microsoft Word. The vulnerability is caused when Microsoft Word does not properly handle objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a specially crafted document with an affected version of Microsoft Word.

A stack buffer overflow vulnerability exists in Samsung SmartViewer. The vulnerability is due to improper validation of a parameter provided to the BackupToAvi method of the CNC_Ctrl ActiveX Control. A remote, unauthenticated attacker can exploit this vulnerability by enticing the target user to visit a malicious web page.