CVE-2023-37498 : HCL UNICA PLATFORM GROUP REMOTE CODE EXECUTION
Description A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator.
What Is Broken User Authentication?
Broken user authentication is a security vulnerability that occurs when an application’s authentication mechanisms are not implemented correctly. This vulnerability
CVE-2023-26317 : XIAOMI ROUTER EXTERNAL INTERFACE COMMAND INJECTION
Description A vulnerability has been discovered in Xiaomi routers that could allow command injection through an external interface. This vulnerability
CVE-2023-3364 : GITLAB COMMUNITY EDITION/ENTERPRISE EDITION UP TO 16.2.1 PAYLOADS CE/EE PREVIEW_MARKDOWN RESOURCE CONSUMPTION
Description An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting
CVE-2023-36089 : D-LINK DIR-645 1.03 PHPCGI_MAIN IMPROPER AUTHENTICATION
Description ** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain
CVE-2023-36542 : APACHE NIFI UP TO 1.22.0 REMOTE RESOURCE CODE INJECTION
Description Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which
CVE-2023-3987 : SOURCECODESTER SIMPLE ONLINE MENS SALON MANAGEMENT SYSTEM 1.0 ID SQL INJECTION
Description A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0. It has been classified as critical.
CVE-2023-3974 : JGRAPH DRAWIO UP TO 21.3.X OS COMMAND INJECTION
Description OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0. References https://github.com/jgraph/drawio/commit/9d6532de36496e77d872d91b1947bb696607d623 https://huntr.dev/bounties/ce75aa04-e4d6-4e0a-9db0-ae84c46ae9e2 For More Information CVERecord
CVE-2023-32393 : APPLE IOS/IPADOS WEB CONTENT MEMORY CORRUPTION
Description The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura
CVE-2023-2640 : UBUNTU LINUX OVERLAYFS AUTHORIZATION
Description On Ubuntu kernels carrying both c914c0e27eb0 and “UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs”, an unprivileged user
What Is Credential Cracking And How Does It Work?
What is called Credential in cyber security and its uses? In cybersecurity, credentials refer to the information used to authenticate
CVE-2023-35078 : IVANTI ENDPOINT MANAGER MOBILE UP TO 11.10 IMPROPER AUTHENTICATION
Description Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative
CVE-2023-37903 : VM2 UP TO 3.9.19 CUSTOM INSPECTION OS COMMAND INJECTION
Description vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom
CVE-2023-35087 : ASUS RT-AX56U V2/RT-AC86U CM_PROCESSCHANGEDCONFIGMSG FORMAT STRING
Description It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking
CVE-2023-37292 : HGIGA ISHERLOCK PRIOR 4.5-174/5.5-174 OS COMMAND INJECTION
Description Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in HGiga iSherlock 4.5 (iSherlock-user
What Is Broken Object Level Authorization? How To Prevent Such Vulnerabilities?
Broken Object Level Authorization is a security vulnerability that allows an attacker to access and manipulate data or functionality that
What Is OWASP Automated Threat (OAT – 019) – Account Creation?
Account creation is an essential process in web application security, but it is also a target for automated attacks. One
What Is A Brute Force Attack? What Are The Measures To Prevent Brute-force Attacks?
A brute-force attack is a method of guessing a password or other authentication credential by trying multiple combinations until the
What Is Protocol Validation? Why It’s Important?
Protocol validation is a critical aspect of cybersecurity that involves verifying whether network protocols adhere to industry standards and specifications.
What Is Input Validation And Why Is It Important?
Input validation is the process of verifying the integrity of data that is received by an application or system. This
What is Audit logging?
Audit logging is a critical component of cybersecurity that helps organizations monitor and record events that occur within their systems
What Is Vulnerability Scanning?
Vulnerability scanning is the process of systematically scanning and identifying potential security vulnerabilities in a system or network. This involves
What Is Token Cracking? What Are The Common Token Cracking Attacks?
Token cracking is a type of OWASP-identified automated threat that involves an attacker attempting to guess or crack access tokens
What Is Spamming?
Spamming is a prevalent OWASP-identified automated threat that is used by attackers to flood web applications with unwanted and unsolicited