Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a “Component error: login challenge!” message. The second JSON object encountered has a result indicating a successful admin login.

A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration).

In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.

A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service.

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine’s interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine’s configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine’s interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.

The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file.

ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file.

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823.