Author: Cyberthreat Blog

Cross-site scripting (XSS) vulnerability in the “Check available times” function in Cybozu Garoon before 4.2.2.

Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information.

coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.

An exploitable OS Command Injection vulnerability exists in the web application ‘ping’ functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS...

NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document.