SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 SQL Injection Vulnerability
Overview : SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server
Overview : A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server
Overview : A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request
Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0
Overview : An improper neutralization of input vulnerability in the Anomaly Detection interface of FortiWeb may allow a remote unauthenticated
Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5
Overview : A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote,
TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server
Overview : The Spotfire library component of TIBCO Software Inc.’s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire
Apache ShardingSphere(incubator) deserialization vulnerability
Overview : In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere’s web console uses the SnakeYAML library for parsing YAML inputs
Puppet Server and PuppetDB may leak sensitive information via metrics API
Overview : Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this
vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020
Overview : An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated
Security issues for SAP products
Overview : Multiple issues was discovered in SAP products Affected Product(s) : SAP Solution Manager 720 SAP Enable Now before
Incorrect default permissions vulnerability in Dell Digital Delivery versions prior to 3.5.2015
[vc_row][vc_column][vc_column_text] Overview : Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged
Bot Detection
[vc_row][vc_column width=”1/2″][vc_empty_space height=”15px”][vc_column_text][/vc_column_text][/vc_column][vc_column width=”1/2″][vc_empty_space height=”15px”][vc_column_text] Bot Detection The Problems 20% of all web traffic is bad bots targeting APIs to
WAF API Gateway
[vc_row][vc_column width=”1/2″][vc_empty_space height=”15px”][vc_column_text][/vc_column_text][/vc_column][vc_column width=”1/2″][vc_empty_space height=”15px”][vc_column_text] WAF for your API Gateway Prophaze EagleEye can secure your API end points against OWASP
LiveZilla blind Javascript Injection – Cross Site Scripting (XSS)
Overview : An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in
Google Chrome Marks ICICI Bank’s Banking site as Unsafe – Attack or False Positive?
Google chrome’s anti-phishing algorithms show false positives? While trying to login to the internet banking website of India’s No:1 Private
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83
Overview : A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have
Wolf CMS versions 0.75 and below suffer from a persistent cross site scripting vulnerability
Overview : A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web
Security Notice for CA Unified Infrastructure Management
Overview : Multiple issues was discovered in CA Unified Infrastructure Management Affected Product(s) : UIM product versions 9.20 and below
Multiple SQL injection vulnerabilities in D-Link DSR-Routers
Overview : Multiple SQL injection vulnerabilities in D-Link DSR Routers Affected Product(s) : D-Link DSR-150 (Firmware < v1.08B44) D-Link DSR-150N
Vtiger CRM <= 6.3 Authenticated Remote Code Execution
Overview : Vtiger CRM version 6.3 (“Open Source” branch; released on 2015-06-04) and lower are vulnerable to Authenticated Remote Code
Improper access control checks for Nextcloud Server
Overview : A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of
Cisco Linksys E4200 firmware suffers from cross site scripting and local file inclusion vulnerabilities
Overview : Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers
Multiple Vulnerabilities on HashiCorp Consul
Overview : HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 Information Disclosure and DDoS Vulnerabilities Affected Product(s) : This vulnerability