All Posts by: Prophy Insights

Description Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit

Description Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the

Description A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to

Description The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or

Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Akbim Computer Panon allows SQL

Description Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell

Description PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL

Description Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers. References https://www2.panasonic.biz/jp/densetsu/aiseg/firmup_info.html

Description This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required

Description This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to

Description discordrb is an implementation of the Discord API using Ruby. In discordrb before commit `91e13043ffa` the `encoder.rb` file unsafely

Description Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and

Description baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system

Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in As Koc Energy Web Report

Description In affected versions, a path traversal exists when processing a message in Rockwell Automation’s ThinManager ThinServer. An unauthenticated remote

Description A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard

Description A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the

Description Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an

Description The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which

Description TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form

Description Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability. References https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415 For More Information MITRE

Description Due to missing authentication check, SAP NetWeaver AS for Java – version 7.50, allows an unauthenticated attacker to attach

Description Memory corruption due to improper validation of array index in Multi-mode call processor. References https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin For More Information MITRE

Description Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13. References https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23 https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1 For More Information MITRE