Deploying Prophaze WAF On-Premises On AWS
Protect Your on-premises AWS Workloads with Prophaze WAF Deploying Prophaze WAF on your on-premises AWS workloads allows you to have
CVE-2022-23122 : NETATALK PRIOR 3.1.13 SETFILPARAMS STACK-BASED OVERFLOW
Description This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to
What Is On-Premises? How Prophaze Supports On-Premises?
Overview On-premises means that a business installs and controls its own software, hardware, or infrastructure within its physical space. Prophaze
CVE-2023-28102 : DISCORDRB ENCODER.RB FILE OS COMMAND INJECTION
Description discordrb is an implementation of the Discord API using Ruby. In discordrb before commit `91e13043ffa` the `encoder.rb` file unsafely
CVE-2022-4126 : ABB RCCMD PRIOR 4.40 230207 HARD-CODED PASSWORD
Description Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and
What Is Broken Authentication? How It Works, And What Steps You Can Take To Prevent It?
Broken authentication is a common security vulnerability that occurs when an attacker is able to compromise the authentication process used
CVE-2023-25655 : BASERCMS UP TO 4.7.4 UNRESTRICTED UPLOAD
Description baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system
CVE-2023-1050 : AS KOC ENERGY WEB REPORT SYSTEM PRIOR 23.03.10 SQL INJECTION
Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in As Koc Energy Web Report
CVE-2023-27855 : ROCKWELL AUTOMATION THINMANAGER THINSERVER THINSERVER.EXE PATH TRAVERSAL
Description In affected versions, a path traversal exists when processing a message in Rockwell Automation’s ThinManager ThinServer. An unauthenticated remote
CVE-2023-27982 : SCHNEIDER ELECTRIC IGSS DATA SERVER/IGSS DASHBOARD/CUSTOM REPORTS UP TO 16.0.0.23040 DASHBOARD FILE DATA AUTHENTICITY
Description A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard
CVE-2023-1501 : ROCKOA 2.3.2 ACLOUDCOSACTION.PHP.SQL RUNACTION FILEID UNRESTRICTED UPLOAD
Description A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the
CVE-2023-28116 : CONTIKI-NG UP TO 4.8/4.9 BLE L2CAP MODULE PACKETBUF_SIZE BUFFER OVERFLOW
Description Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an
CVE-2023-1256 : AVEVA PLANT SCADA/TELEMETRY SERVER IMPROPER AUTHORIZATION
Description The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which
CVE-2023-1389 : TP-LINK ARCHER AX21 PRIOR 1.1.4 BUILD 20230219 WEB MANAGEMENT INTERFACE LOCALE POPEN COUNTRY OS COMMAND INJECTION
Description TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form
CVE-2023-23415 : MICROSOFT WINDOWS UP TO SERVER 2022 ICMP REMOTE CODE EXECUTION
Description Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability. References https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415 For More Information MITRE
CVE-2023-23857 : SAP NETWEAVER AS FOR JAVA 7.50 OPEN INTERFACE IMPROPER AUTHENTICATION
Description Due to missing authentication check, SAP NetWeaver AS for Java – version 7.50, allows an unauthenticated attacker to attach
CVE-2022-33256 : QUALCOMM WSA8835 MULTI-MODE CALL PROCESSOR MEMORY CORRUPTION
Description Memory corruption due to improper validation of array index in Multi-mode call processor. References https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin For More Information MITRE
What Is SQL Injection Attack?
What is SQL Injection? SQL injection is a type of cyber attack that targets web applications that use Structured Query
CVE-2023-1307 : FROXLOR UP TO 2.0.12 AUTHENTICATION BYPASS
Description Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13. References https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23 https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1 For More Information MITRE
What Is Sensitive Data Exposure Vulnerability & How To Prevent It?
All About Sensitive Data Exposure Sensitive data exposure is a critical issue that affects individuals and organizations around the world.
CVE-2023-26489 : WASMTIME 4.0.0/5.0.0/6.0.0 ON 64-BIT OUT-OF-BOUNDS WRITE
Description wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime’s code generator, Cranelift, has a bug
CVE-2023-27479 : XWIKI PLATFORM PRIOR 13.10.11/14.4.7/14.10-RC-1 UIX PARAMETER INJECTION
Description XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected
CVE-2023-0979 : MEDDATA MEDDATAPACS PRIOR 2023-03-03 SQL INJECTION
Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in MedData Informatics MedDataPACS.This issue affects
CVE-2023-27290 : IBM OBSERVABILITY WITH INSTANA MISSING AUTHENTICATION
Description Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do