Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a “Component error: login challenge!” message. The second JSON object encountered has a result indicating a successful admin login.

In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.

A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service.

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine’s interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine’s configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine’s interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.

A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration).

ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image.

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file.

ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file.