All Posts by: Prophaze WAF

Summary Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker

Overview : Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote

Overview : D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. Affected

Overview : In the 3.1.12 Pro version of the Craft CMS web application, the XSS vulnerability has been discovered in

Overview : In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project

Overview : All HTML forms present in the Belkin F5D8236-4 v2 are susceptible to Cross-Site Request Forgery. Affected Product(s) :

Overview : The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote

Overview : A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. Affected Product(s)

Overview : multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls.

Overview : Multiple security vulnerabilities have been fixed and delivered in IBM products. Affected Product(s) : IBM Financial Transaction Manager

Overview : NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an

Overview : In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to

Overview : Multiple issues was discovered in Backdrop CMS Affected Product(s) : Backdrop Core 1.14.x versions prior to 1.14.2 Backdrop

Overview : There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data

Overview : Unprivileged authenticated flaw in Ivanti Workspace Control before 10.3.180.0 a locally authenticated user with low privileges can bypass

Overview : CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration Affected Product(s) : CloudForms

Overview : An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running “select hostdetails

Overview : A cross site scripting security vulnerability has been identified with Case Builder component in IBM Case Manager Affected

Overview : TemaTres 3.0 has reflected XSS via the replace_string or search_string parameter to the vocab/admin.php?doAdmin=bulkReplace URI. Affected Product(s) :

Overview : OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs

Overview : Octeth Oempro 4.7 found a SQL injection. The parameter “CampaignID” in “Campaign.Get” is vulnerable to SQL Injection attacks.

Overview : A logical error in bounds checking performed on vsock virtio descriptors can be used by a malicious guest

Overview : Accentis Content Resource Management System versions released prior to the October 2015 patch suffer from a remote SQL

Overview : Accentis Content Resource Management System versions released prior to the October 2015 patch suffer from a cross site