Author: Cyberthreat Blog

SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via “MultiReport” function.

I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors.

Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.

The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.