Author: Cyberthreat Blog

Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API “WorkflowHandleApplications”.

Cross-site scripting vulnerability in BackupGuard prior to version 1.1.47 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for “Program Files (x86)polycompolycom btoe connectorplcmbtoesrv.exe,” which allows local users to gain privileges via a Trojan horse...

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as...