Author: Cyberthreat Blog

OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized “UPDATE dm_dbo.dm_user_s SET user_privileges=16” command, aka an “RPC...

Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674.

WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context.

Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL.

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of...