Apache ShardingSphere(incubator) deserialization vulnerability
Overview : In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere’s web console uses the SnakeYAML library for parsing YAML inputs
Puppet Server and PuppetDB may leak sensitive information via metrics API
Overview : Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this
vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020
Overview : An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated
Security issues for SAP products
Overview : Multiple issues was discovered in SAP products Affected Product(s) : SAP Solution Manager 720 SAP Enable Now before
Incorrect default permissions vulnerability in Dell Digital Delivery versions prior to 3.5.2015
[vc_row][vc_column][vc_column_text] Overview : Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged
Bot Detection
[vc_row][vc_column width=”1/2″][vc_empty_space height=”15px”][vc_column_text][/vc_column_text][/vc_column][vc_column width=”1/2″][vc_empty_space height=”15px”][vc_column_text] Bot Detection The Problems 20% of all web traffic is bad bots targeting APIs to
WAF API Gateway
[vc_row][vc_column width=”1/2″][vc_empty_space height=”15px”][vc_column_text][/vc_column_text][/vc_column][vc_column width=”1/2″][vc_empty_space height=”15px”][vc_column_text] WAF for your API Gateway Prophaze EagleEye can secure your API end points against OWASP
LiveZilla blind Javascript Injection – Cross Site Scripting (XSS)
Overview : An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in
Google Chrome Marks ICICI Bank’s Banking site as Unsafe – Attack or False Positive?
Google chrome’s anti-phishing algorithms show false positives? While trying to login to the internet banking website of India’s No:1 Private
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83
Overview : A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have
Wolf CMS versions 0.75 and below suffer from a persistent cross site scripting vulnerability
Overview : A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web
Security Notice for CA Unified Infrastructure Management
Overview : Multiple issues was discovered in CA Unified Infrastructure Management Affected Product(s) : UIM product versions 9.20 and below
Multiple SQL injection vulnerabilities in D-Link DSR-Routers
Overview : Multiple SQL injection vulnerabilities in D-Link DSR Routers Affected Product(s) : D-Link DSR-150 (Firmware < v1.08B44) D-Link DSR-150N
Vtiger CRM <= 6.3 Authenticated Remote Code Execution
Overview : Vtiger CRM version 6.3 (“Open Source” branch; released on 2015-06-04) and lower are vulnerable to Authenticated Remote Code
Improper access control checks for Nextcloud Server
Overview : A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of
Cisco Linksys E4200 firmware suffers from cross site scripting and local file inclusion vulnerabilities
Overview : Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers
Multiple Vulnerabilities on HashiCorp Consul
Overview : HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 Information Disclosure and DDoS Vulnerabilities Affected Product(s) : This vulnerability
Denial of Service vuln in web UI of Cisco Small Business Switches
Overview : A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to
XSS in WordPress Elementor Plugin 2.8.4
Overview : The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These
Disclosure of Private Merge Requests and Issues via Elasticsearch integration
Overview : An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE)
Potential CRLF injection attacks in Zend_Mail
Overview : CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1
D-Link DSR-250N Persistent Root Access
Overview : D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin
Persistent XSS vulnerability in filename of attached file in PrivateBin
Overview : PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2 has an Arbitrary File Upload Vulnerability Affected Product(s) :