CVE-2023-0750 : YELLOBRIK PEC-1864 CLIENT-SIDE ENFORCEMENT OF SERVER-SIDE SECURITY
Description Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the
CVE-2023-20102 : CISCO SECURE NETWORK ANALYTICS HTTP REQUEST DESERIALIZATION
Description A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to
What Is Meant By Broken Access Control?
What is meant by Broken Access Control? Broken access control is the first category in OWASP Top 10 web application
CVE-2023-1752 : NEXX NXG-100B/NXG-200/NXPG-100W/NXAL-100 MAC ADDRESS IMPROPER AUTHENTICATION
Description The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or
CVE-2023-1765 : AKBIM COMPUTER PANON UP TO 1.0.1 SQL INJECTION
Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Akbim Computer Panon allows SQL
CVE-2022-47190 : GENEREX UPS CS141 PRIOR 2.06 FIRMWARE INPUT VALIDATION
Description Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell
Deploying Prophaze WAF On-Premises On GCP
Prophaze WAF is a security tool that can secure your web applications from various attacks. It can be deployed on
CVE-2023-28843 : PAYPAL UP TO 3.16.3 ON PRESTASHOP SQL INJECTION
Description PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL
Deploying Prophaze WAF On-Premises On Azure
Secure Your on-premises Azure Environment with Prophaze WAF On-premises Azure Environment deploys Azure services and resources on servers within an
CVE-2023-28727 : PANASONIC AISEG2 UP TO 2.93A HEADER X-FORWARDED-FOR IMPROPER AUTHENTICATION
Description Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers. References https://www2.panasonic.biz/jp/densetsu/aiseg/firmup_info.html
CVE-2022-36980 : IVANTI AVALANCHE 6.3.2.3490 ENTERPRISESERVER SERVICE TOCTOU
Description This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required
Deploying Prophaze WAF On-Premises On AWS
Protect Your on-premises AWS Workloads with Prophaze WAF Deploying Prophaze WAF on your on-premises AWS workloads allows you to have
CVE-2022-23122 : NETATALK PRIOR 3.1.13 SETFILPARAMS STACK-BASED OVERFLOW
Description This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to
What Is On-Premises? How Prophaze Supports On-Premises?
Overview On-premises means that a business installs and controls its own software, hardware, or infrastructure within its physical space. Prophaze
CVE-2023-28102 : DISCORDRB ENCODER.RB FILE OS COMMAND INJECTION
Description discordrb is an implementation of the Discord API using Ruby. In discordrb before commit `91e13043ffa` the `encoder.rb` file unsafely
CVE-2022-4126 : ABB RCCMD PRIOR 4.40 230207 HARD-CODED PASSWORD
Description Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and
What Is Broken Authentication? How It Works, And What Steps You Can Take To Prevent It?
Broken authentication is a common security vulnerability that occurs when an attacker is able to compromise the authentication process used
CVE-2023-25655 : BASERCMS UP TO 4.7.4 UNRESTRICTED UPLOAD
Description baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system
CVE-2023-1050 : AS KOC ENERGY WEB REPORT SYSTEM PRIOR 23.03.10 SQL INJECTION
Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in As Koc Energy Web Report
CVE-2023-27855 : ROCKWELL AUTOMATION THINMANAGER THINSERVER THINSERVER.EXE PATH TRAVERSAL
Description In affected versions, a path traversal exists when processing a message in Rockwell Automation’s ThinManager ThinServer. An unauthenticated remote
CVE-2023-27982 : SCHNEIDER ELECTRIC IGSS DATA SERVER/IGSS DASHBOARD/CUSTOM REPORTS UP TO 16.0.0.23040 DASHBOARD FILE DATA AUTHENTICITY
Description A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard
CVE-2023-1501 : ROCKOA 2.3.2 ACLOUDCOSACTION.PHP.SQL RUNACTION FILEID UNRESTRICTED UPLOAD
Description A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the
CVE-2023-28116 : CONTIKI-NG UP TO 4.8/4.9 BLE L2CAP MODULE PACKETBUF_SIZE BUFFER OVERFLOW
Description Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an
CVE-2023-1256 : AVEVA PLANT SCADA/TELEMETRY SERVER IMPROPER AUTHORIZATION
Description The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which