CVE-2023-22741 : SOFIA-SIP UP TO 1.12.4 LENGTH STUN_PARSE_ATTRIBUTE BUFFER OVERFLOW
Description Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP **lacks both
CVE-2021-32824 : APACHE DUBBO UP TO 2.6.9/2.7.9 TELNET DESERIALIZATION
Description Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to
CVE-2022-42475 : FORTIOS FORTIOS SSL-VPN/FORTIPROXY SSL-VPN REQUESTS HEAP-BASED OVERFLOW
Description A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0
CVE-2022-46764 : TRUECONF SERVER 5.2.0.10225 SQL INJECTION
Description A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary
CVE-2022-20968 : CISCO IP PHONE 7800/IP PHONE 8800 CISCO DISCOVERY PROTOCOL OUT-OF-BOUNDS WRITE
Description A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could
CVE-2022-2641 : HORNER AUTOMATION RCC 972 15.40 HARD-CODED KEY
Description Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow
CVE-2022-3270 : FESTO VTEM-S1 INSUFFICIENT TECHNICAL DOCUMENTATION
Description In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead
CVE-2022-45045 : XIONGMAI MBD6304T/NBD6808T-PL JSON FILE DESERIALIZATION
Description Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root,
CVE-2022-40265 : MITSUBISHI ELECTRIC MELSEC IQ-R PACKETS DENIAL OF SERVICE
Description Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version “65” and prior and Mitsubishi
CVE-2022-41875 : OPTICA UP TO 0.10.1 JSON OJ.SAFE_LOAD DESERIALIZATION
Description A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON
Why Is Container Security Important? What Are The Top 10 Docker Projects According To OWASP?
Why is Container Security Important? A thorough security evaluation must include container security as a crucial component. Using a combination
CVE-2022-36063 : AZURE RTOS USBX PRIOR 6.1.12 _UX_HOST_CLASS_CDC_ECM_MAC_ADDRESS_GET INTEGER UNDERFLOW
Description Azure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded stack, fully integrated with Azure RTOS ThreadX
What Is Directory Traversal?
What is Directory Traversal? Directory traversal is also known as file path traversal. It is a web security flaw that
CVE-2022-36961 : SOLARWINDS ORION PLATFORM VERB SQL INJECTION
Description A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege
What Is Session Hijacking? How To Prevent Session Hijacking?
What is Session Hijacking? Session Hijacking is the type of attack in which the attacker takes over or hijacks a
DNS Security Extensions (DNSSEC) – Why Did The Need Arise For Its Implementation?
What is DNS and how does it work? DNS is the abbreviation for Domain Name System. The task of the
What Is A Supply Chain Attack? How To Prevent Them?
What is a Supply Chain Attack? The supply chain includes everything from the delivery of materials from suppliers to manufacturers
CVE-2022-34668 : NVIDIA NVFLARE UP TO 2.1.3 PICKLE DESERIALIZATION
Description NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow
Injection Prevention
Home Injection Prevention PROPHAZE APPSEC PLATFORM What is Prophaze WAF? How Prophaze WAF Works? System Requirements Performance SSL Termination Modes
LFI And RFI
Home LFI and RFI PROPHAZE APPSEC PLATFORM What is Prophaze WAF? How Prophaze WAF Works? System Requirements Performance SSL Termination
Latest Spring Vulnerabilities Exploitation – CVE-2022-22965
Are you having a Spring MVC or Spring WebFlux application running on JDK version 9 or higher? Then ensure that
Latest Spring Vulnerabilities Exploitation – CVE-2022-22965
Are you having a Spring MVC or Spring WebFlux application running on JDK version 9 or higher? Then ensure that
Here’s What You Must Know About IoT API Security
API Security is a vital part of securing your IoT devices. It protects data during the transmission process from one
CVE-2021-44228 – Apache log4j up to 2.14.1 JNDI LDAP Server Lookup format string
Zero-Day RCE Vulnerability CVE-2021-44228 aka Critical Apache Log4j Remote Code Execution Vulnerability(Log4Shell)Affects Java Background on Apache log4j Apache log4j 2