Test Blog - Cloud WAF

CVE-2023-6452 : FORCEPOINT WEB SECURITY UP TO 8.5.5 TRANSACTION VIEWER CROSS SITE SCRIPTING

Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored XSS. The Forcepoint Web Security…

Common Vulnerabilities and Exposures

CVE-2024-36445 : SWISSPHONE DICAL-RED 4009 TELNET SERVICE IMPROPER AUTHENTICATION

Description Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication. References https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-035.txt For More Information CVERecord

Common Vulnerabilities and Exposures

CVE-2024-42497 : MATTERMOST UP TO 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0 SYSTEMS MANAGER ROLE ACCESS CONTROL

Description Mattermost versions 9.9.x

Common Vulnerabilities and Exposures

CVE-2024-8080 : SOURCECODESTER ONLINE HEALTH CARE SYSTEM 1.0 SEARCH.PHP F_NAME SQL INJECTION

Description A vulnerability classified as critical has been found in SourceCodester Online Health Care System 1.0. Affected is an unknown function of the file search.php.…

Common Vulnerabilities and Exposures

CVE-2024-28987 : SOLARWINDS WEB HELP DESK UP TO 12.8.3 HOTFIX 1 HARD-CODED CREDENTIALS

Description The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify…

Common Vulnerabilities and Exposures

CVE-2024-39576 : DELL POWER MANAGER UP TO 3.15.0 PRIVILEGES ASSIGNMENT

Description Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit…