CVE-2022-47190 : GENEREX UPS CS141 PRIOR 2.06 FIRMWARE INPUT VALIDATION
Description Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell
Deploying Prophaze WAF On-Premises On GCP
Prophaze WAF is a security tool that can secure your web applications from various attacks. It can be deployed on
CVE-2023-28843 : PAYPAL UP TO 3.16.3 ON PRESTASHOP SQL INJECTION
Description PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL
Deploying Prophaze WAF On-Premises On Azure
Secure Your on-premises Azure Environment with Prophaze WAF On-premises Azure Environment deploys Azure services and resources on servers within an
CVE-2023-28727 : PANASONIC AISEG2 UP TO 2.93A HEADER X-FORWARDED-FOR IMPROPER AUTHENTICATION
Description Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers. References https://www2.panasonic.biz/jp/densetsu/aiseg/firmup_info.html
CVE-2022-36980 : IVANTI AVALANCHE 6.3.2.3490 ENTERPRISESERVER SERVICE TOCTOU
Description This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required
Deploying Prophaze WAF On-Premises On AWS
Protect Your on-premises AWS Workloads with Prophaze WAF Deploying Prophaze WAF on your on-premises AWS workloads allows you to have
CVE-2022-23122 : NETATALK PRIOR 3.1.13 SETFILPARAMS STACK-BASED OVERFLOW
Description This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to
What Is On-Premises? How Prophaze Supports On-Premises?
Overview On-premises means that a business installs and controls its own software, hardware, or infrastructure within its physical space. Prophaze
CVE-2023-28102 : DISCORDRB ENCODER.RB FILE OS COMMAND INJECTION
Description discordrb is an implementation of the Discord API using Ruby. In discordrb before commit `91e13043ffa` the `encoder.rb` file unsafely
CVE-2022-4126 : ABB RCCMD PRIOR 4.40 230207 HARD-CODED PASSWORD
Description Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and
What Is Broken Authentication? How It Works, And What Steps You Can Take To Prevent It?
Broken authentication is a common security vulnerability that occurs when an attacker is able to compromise the authentication process used
CVE-2023-25655 : BASERCMS UP TO 4.7.4 UNRESTRICTED UPLOAD
Description baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system
CVE-2023-1050 : AS KOC ENERGY WEB REPORT SYSTEM PRIOR 23.03.10 SQL INJECTION
Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in As Koc Energy Web Report
CVE-2023-27855 : ROCKWELL AUTOMATION THINMANAGER THINSERVER THINSERVER.EXE PATH TRAVERSAL
Description In affected versions, a path traversal exists when processing a message in Rockwell Automation’s ThinManager ThinServer. An unauthenticated remote
CVE-2023-27982 : SCHNEIDER ELECTRIC IGSS DATA SERVER/IGSS DASHBOARD/CUSTOM REPORTS UP TO 16.0.0.23040 DASHBOARD FILE DATA AUTHENTICITY
Description A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard
CVE-2023-1501 : ROCKOA 2.3.2 ACLOUDCOSACTION.PHP.SQL RUNACTION FILEID UNRESTRICTED UPLOAD
Description A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the
CVE-2023-28116 : CONTIKI-NG UP TO 4.8/4.9 BLE L2CAP MODULE PACKETBUF_SIZE BUFFER OVERFLOW
Description Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an
CVE-2023-1256 : AVEVA PLANT SCADA/TELEMETRY SERVER IMPROPER AUTHORIZATION
Description The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which
CVE-2023-1389 : TP-LINK ARCHER AX21 PRIOR 1.1.4 BUILD 20230219 WEB MANAGEMENT INTERFACE LOCALE POPEN COUNTRY OS COMMAND INJECTION
Description TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form
CVE-2023-23415 : MICROSOFT WINDOWS UP TO SERVER 2022 ICMP REMOTE CODE EXECUTION
Description Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability. References https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415 For More Information MITRE
CVE-2023-23857 : SAP NETWEAVER AS FOR JAVA 7.50 OPEN INTERFACE IMPROPER AUTHENTICATION
Description Due to missing authentication check, SAP NetWeaver AS for Java – version 7.50, allows an unauthenticated attacker to attach
CVE-2022-33256 : QUALCOMM WSA8835 MULTI-MODE CALL PROCESSOR MEMORY CORRUPTION
Description Memory corruption due to improper validation of array index in Multi-mode call processor. References https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin For More Information MITRE
What Is SQL Injection Attack?
What is SQL Injection? SQL injection is a type of cyber attack that targets web applications that use Structured Query