Microsoft Graph Enterprise Intelligence Collector

This Metasploit auxiliary module interacts with the Microsoft Graph API to perform enterprise intelligence collection. It supports authentication using Azure AD application credentials or an existing access token and enables enumeration of Azure users, SharePoint sites, OneDrive files, and Exchan...

CVE-2022-27627

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser...

CVE-2022-27627

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1584CyVDB-2670 Operation restriction bypass vulnerability in Bulletin CWE-285 - CVE-2022-28718 CyVDB-1865CyVDB-2692 Operation restriction bypass vulnerability in Workflow CWE-285 - CVE-2022-27661...

U.S. General Services Administration: User information disclosed via API

Summary: It appears that the requests for "system accounts" are fully available via an API endpoint that does not require authentication. The main issue is that among the information disclosed are user emails many with gmail addresses but the individual applications also include information that...