Test Blog - Cloud WAF

CVE-2024-41745 : IBM CICS TX STANDARD 11.1 WEB UI CROSS SITE SCRIPTING

Description IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI…

Common Vulnerabilities and Exposures

CVE-2024-49770 : OAK UP TO 17.1.2 API CONTEXT.SEND PATH TRAVERSAL

Description `oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default `oak` does…

Common Vulnerabilities and Exposures

CVE-2024-41738 : IBM TXSERIES FOR MULTIPLATFORMS 10.1 QUERY STRING GET REQUEST METHOD WITH SENSITIVE QUERY STRINGS

Description IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process…

Common Vulnerabilities and Exposures

CVE-2024-51377 : LADYBIRD WEB SOLUTION FAVEO HELPDESK & SERVICEDESK ON-PREMISE 9.2.0 SUBJECT/IDENTIFIER PRIVILEGE ESCALATION

Description An issue in Ladybird Web Solution Faveo Helpdesk & Servicedesk (On-Premise and Cloud) 9.2.0 allows a remote attacker to execute arbitrary code via the…

Common Vulnerabilities and Exposures

CVE-2024-9632 : X.ORG X SERVER UP TO 21.1.13 BITMAP_XKBSETCOMPATMAP SYM_INTERPRET HEAP-BASED OVERFLOW

Description A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger…

Common Vulnerabilities and Exposures

CVE-2024-51568 : PSAUX CYBERPANEL UP TO 2.3.4 FILE MANAGER /FILEMANAGER/UPLOAD PROCESSUTILITIES.OUTPUTEXECUTIONER OS COMMAND INJECTION

Description CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote…