Apache HTTP Server 2.4 vulnerabilities
Overview : In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might
Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys.
[vc_row][vc_column][vc_column_text] Overview : Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an
A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution
[vc_row][vc_column][vc_column_text] Overview : A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution
NGINX Controller versions prior to 3.2.0,
[vc_row][vc_column][vc_column_text] Overview : In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.
[vc_row][vc_column][vc_column_text] Overview : GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. References Note: References are provided for the
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1
Overview : Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update
Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability
[vc_row][vc_column][vc_column_text] Overview : Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could
cPanel before 84.0.20 allows a demo account to achieve remote code execution
Overview : cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation
Overview : Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation.An information disclosure vulnerability has
cPanel before 82.0.18 Account bypass vulnerability
Overview : cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508). Affected
Security issues for SAP products
Overview : Multiple issues was discovered in SAP products Affected Product(s) : SAP Solution Manager 720 SAP Enable Now before
Cisco Linksys E4200 firmware suffers from cross site scripting and local file inclusion vulnerabilities
Overview : Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers
XSS in WordPress Elementor Plugin 2.8.4
Overview : The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These
D-Link DSR-250N Persistent Root Access
Overview : D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin
Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504 is on authentication bypass vuln
Overview : An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript
A Cross-Site Scripting (XSS) vulnerability exists in Freebox OS Web interface 3.0.2
Overview : A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in
API Security Web Application Firewall
How can you secure your Exposed services without installing the patch by the vendor? Have a look at the use
An issue was discovered in Orckestra C1 CMS through 6.6
Overview : The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote
The vulnerability is addressed in the 2018.1, 2018.2 versions of CloudVision Portal
Overview : In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to
IBM Security vulnerabilities released
Overview : Multiple security vulnerabilities have been updated in IBM products Affected Product(s) : IBM Maximo Asset Management 7.6 IBM
WordPress 5.2.4 Security Release Breakdown
Overview : WordPress released version 5.2.4 as a security release. According to WordPress, WordPress version 5.2.4 fixes 6 security issues.
SAP Latest Security Patch released
Overview : Latest vulnerabilities discovered in SAP products Affected Product(s) : SAP Vulnerability Details : CVE ID : CVE-2019-0367 [CVE-2019-0367] Missing
VMware ESXi and vCenter updates address multiple vulnerabilities
Overview : VMware vSphere ESXi (6.7 prior to ESXi670-201904101-SG, 6.5 prior to ESXi650-201907101-SG, 6.0 prior to ESXi600-201909001) and VMware vCenter
Prophaze vs Radware
Prophaze vs Radware A Comprehensive Comparison At Prophaze, we understand the critical importance of safeguarding your digital assets from evolving