Improper access control checks for Nextcloud Server
Overview : A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of
CVE-2024-24830 : OPENOBSERVE UP TO 0.7.X ROLE-BASED ACCESS CONTROL /API/{ORG_ID}/USERS IMPROPER AUTHORIZATION
Description OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A
CVE-2024-22459 : DELL ECS UP TO 3.6.2.5/3.7.0.6/3.8.0.4 ACCESS CONTROL
Description Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access
CVE-2023-42442 : JumpServer Up To 3.5.4/3.6.3 HTTP Response Code Improper Authentication
Description JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version
CVE-2023-37483 : SAP POWERDESIGNER 16.7 PROXY ACCESS CONTROL
Description SAP PowerDesigner – version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries
CVE-2023-2845 : CLOUDEXPLORER-LITE UP TO 1.0.X ACCESS CONTROL
Description Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. References https://huntr.dev/bounties/ac10e81c-998e-4425-9d74-b985d9b0254c https://github.com/cloudexplorer-dev/cloudexplorer-lite/commit/d9f55a44e579d312977b02317b2020de758b763a For More Information MITRE
CVE-2023-28051 : DELL POWER MANAGER UP TO 3.10 ACCESS CONTROL
Description Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit
CVE-2023-22600 : INHAND INROUTER 302/INROUTER 615 ACCESS CONTROL
Description InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284:
CVE-2022-23555 : AUTHENTIK PRIOR 2022.10.4/2022.11.4/2022.12.0 IMPROPER AUTHENTICATION
Description authentik is an open-source Identity Provider focused on flexibility and versatility. Versions prior to 2022.11.4 and 2022.10.4 are vulnerable
CVE-2022-28758 : ZOOM ON-PREMISE MEETING CONNECTOR MMR PRIOR 4.8.20220815.130 ACCESS CONTROL
Description Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious
CVE-2022-1401 : DEVICE42 ASSET MANAGEMENT APPLIANCE PRIOR 18.01.00 WRIMAGERESOURCE.ADX ACCESS CONTROL
Description Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker
CVE-2022-22373 : IBM INFOSPHERE INFORMATION SERVER 11.7 ACCESS CONTROL
Description An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead
CVE-2017-20066 : ADMINER LOGIN 1.4.4 ON WORDPRESS ACCESS CONTROL
Description A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. This vulnerability affects unknown code. The
CVE-2022-24878 : Improper Path Handling In Kustomization Files Allows For Denial Of Service
Description The kustomize-controller enables the use of Kustomize’s functionality when applying Kubernetes declarative state onto a cluster. A malicious user
Buffer Overflow vulnerability in Advantech WebAccess
Overview : In WebAccess versions 8.4.1 and prior, multiple stack based buffer overflow vulnerabilities are detected by a lack of
Free Web Application Firewall
Introducing the world’s first Distributed WAF on Multi-Cloud # SaaS Free WAF Prophaze WAF is a Native Cloud Web Application
Nextcloud Latest vulnerabilities released
Overview : Multiple vulnerabilities reported in Nextcloud Affected Product(s) : Nextcloud Social app version 0.3.1 Nextcloud Social < 0.4.0 Vulnerability
Moxa EDR 810 Series vulnerabilities
Overview : Moxa EDR 810 Series Improper Input Validation and Improper Access Control vulnerabilities Affected Product(s) : EDR-810: All versions
Multiple vulnerabilities in Schneider Electric U.motion servers
Overview : Schneider Electric detected multiple vulnerabilities in its U.motion din rail and touch panels servers. Affected Product(s) : U.motion
What Is OWASP? Describe The OWASP Top 10?
Web applications have become an integral part of modern business operations. They enable companies to interact with their customers, employees,
What Is A Security Misconfiguration?
What Is Security Misconfiguration? What Is Security Misconfiguration? Security misconfiguration refers to the failure to properly configure and maintain the
What Is XML External Entity Injection? How To Prevent XXE Attacks?
Have you ever wondered how important XML is? And how insecure it can be if XML is parsed in an
API Security
API Security API Security for Your Data Privacy Prophaze API Security is a comprehensive solution to secure APIs from various
Inspecting ‘Previous to Present OWASP Reports’-1
Tracking Changes Made from 2007 to 2013 Reports OWASP analyses the most crucial web application security flaws. OWASP being a