Test Blog - Cloud WAF

CVE-2024-2231 : HIMER PLUGIN UP TO 2.1.0 ON WORDPRESS PRIVATE GROUP AUTHORIZATION

Description The allows any authenticated user to join a private group due to a missing authorization check on a function. References https://wpscan.com/vulnerability/119d2d93-3b71-4ce9-b385-4e6f57b162cb/ For More Information…

Common Vulnerabilities and Exposures

CVE-2024-37082 : CLOUD FOUNDRY UP TO 0.206.0 HAPROXY AUTHENTICATION SPOOFING

Description Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry prior to v40.17.0 potentially allows bypass of mTLS authentication to…

Common Vulnerabilities and Exposures

CVE-2024-6471 : SOURCECODESTER ONLINE TOURS & TRAVELS MANAGEMENT 1.0 SMS_SETTING.PHP UNAME SQL INJECTION

Description A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management 1.0. This affects an unknown part of the file…

Common Vulnerabilities and Exposures

CVE-2024-36404 : GEOTOOLS UP TO 29.5/30.3/31.1 NEUTRALIZATION OF DIRECTIVES

Description GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution (RCE)…

Common Vulnerabilities and Exposures

CVE-2024-4708 : MYSCADA MYPRO 7/8.20.0/8.26/8.27.0/8.29.0 HARD-CODED PASSWORD

Description mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. References https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02 https://www.myscada.org/mypro/ For More…

Common Vulnerabilities and Exposures

CVE-2022-25480 : REALTEK RTSPER DRIVER FOR PCIE CARD READER KERNEL MEMORY RTSPER.SYS BUFFER OVERFLOW

Description Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows…