Test Blog - Cloud WAF

CVE-2024-34581 : W3C XML SIGNATURE SYNTAX AND PROCESSING SPECIFICATION 1.0 SERVER-SIDE REQUEST FORGERY

Description The W3C XML Signature Syntax and Processing (XMLDsig) specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may…

Common Vulnerabilities and Exposures

CVE-2024-34580 : APACHE XML SECURITY FOR C++ UP TO 2.0.4 XML SIGNATURE SERVER-SIDE REQUEST FORGERY ⚔ [Disputed]

Description Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a…

Common Vulnerabilities and Exposures

CVE-2024-5181 : MUDLER LOCALAI UP TO 2.14.0 CONFIGURATION FILE BACKEND OS COMMAND INJECTION

Description A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration…

Common Vulnerabilities and Exposures

CVE-2024-33898 : AXIROS AXXESS AUTO CONFIGURATION SERVER 4.X/5.0.0 AUTHORIZATION

Description Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An authorization bypass allows remote attackers to achieve unauthenticated remote code…

Common Vulnerabilities and Exposures

CVE-2024-38902 : H3C MAGIC R230 V100R002 /ETC/SHADOW HARD-CODED PASSWORD

Description H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. References https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/hardcode/README.md…

Common Vulnerabilities and Exposures

CVE-2024-4196 : AVAYA IP OFFICE UP TO 11.1.3.0 WEB CONTROL INPUT VALIDATION

Description An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web…