CVE-2023-23451 : SICK FX0-GMOD00010 TELNET OBSOLETE FUNCTION
Description The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04
What Is XML External Entity Injection? How To Prevent XXE Attacks?
Have you ever wondered how important XML is? And how insecure it can be if XML is parsed in an
CVE-2023-28004 : SCHNEIDER ELECTRIC POWERLOGIC HDPM6000 ETHERNET REQUEST ARRAY INDEX
Description A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in
What Is Account Aggregation And How It Can Be Prevented?
Automated threats identified by the OWASP organization are malicious activities performed by automated tools. Account aggregation is one such automated
CVE-2023-30547 : VM2 UP TO 3.9.16 HANDLEEXCEPTION INJECTION
Description vm2 is a sandbox that can run untrusted code with whitelisted Node’s built-in modules. There exists a vulnerability in
CVE-2023-1803 : REDLINE ROUTER PRIOR 7.17 AUTHENTICATION BYPASS BY ALTERNATE NAME
Description Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router:
CVE-2022-33211 : QUALCOMM WCD9330 MODEM MEMORY CORRUPTION
Description memory corruption in modem due to improper check while calculating size of serialized CoAP message. References https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin For More
CVE-2023-27216 : D-LINK DSL-3782 1.03 NETWORK SETTING PRIVILEGE ESCALATION
Description An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the
What Is Components With Known Vulnerabilities? How To Mitigate The Risks Associated With The Usage Of Such Components?
Using vulnerable and outdated components is the sixth category in OWASP Top 10 web application security risks and one of
CVE-2023-27497 : SAP DIAGNOSTICS AGENT 720 ON WINDOWS EVENTLOGSERVICECOLLECTOR MISSING AUTHENTICATION
Description Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent – version 720, allows
What Is Cross-site Scripting?
All about Cross-site Scripting Cross-site scripting (XSS) is a type of web vulnerability that allows attackers to inject malicious scripts
CVE-2023-27876 : IBM TRIRIGA 4.0 XML EXTERNAL ENTITY REFERENCE
Description IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote
CVE-2023-28051 : DELL POWER MANAGER UP TO 3.10 ACCESS CONTROL
Description Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit
CVE-2023-0750 : YELLOBRIK PEC-1864 CLIENT-SIDE ENFORCEMENT OF SERVER-SIDE SECURITY
Description Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the
CVE-2023-20102 : CISCO SECURE NETWORK ANALYTICS HTTP REQUEST DESERIALIZATION
Description A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to
What Is Meant By Broken Access Control?
What is meant by Broken Access Control? Broken access control is the first category in OWASP Top 10 web application
CVE-2023-1752 : NEXX NXG-100B/NXG-200/NXPG-100W/NXAL-100 MAC ADDRESS IMPROPER AUTHENTICATION
Description The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or
CVE-2023-1765 : AKBIM COMPUTER PANON UP TO 1.0.1 SQL INJECTION
Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Akbim Computer Panon allows SQL
CVE-2022-47190 : GENEREX UPS CS141 PRIOR 2.06 FIRMWARE INPUT VALIDATION
Description Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell
Deploying Prophaze WAF On-Premises On GCP
Prophaze WAF is a security tool that can secure your web applications from various attacks. It can be deployed on
CVE-2023-28843 : PAYPAL UP TO 3.16.3 ON PRESTASHOP SQL INJECTION
Description PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL
Deploying Prophaze WAF On-Premises On Azure
Secure Your on-premises Azure Environment with Prophaze WAF On-premises Azure Environment deploys Azure services and resources on servers within an
CVE-2023-28727 : PANASONIC AISEG2 UP TO 2.93A HEADER X-FORWARDED-FOR IMPROPER AUTHENTICATION
Description Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers. References https://www2.panasonic.biz/jp/densetsu/aiseg/firmup_info.html
CVE-2022-36980 : IVANTI AVALANCHE 6.3.2.3490 ENTERPRISESERVER SERVICE TOCTOU
Description This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required