Test Blog - Cloud WAF

CVE-2024-37569 : MITEL 6869I UP TO 4.5.0.41/5.0.0.1018 PROVIS.HTML HOSTNAME OS COMMAND INJECTION

Description An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken…

Common Vulnerabilities and Exposures

CVE-2024-4295 : ICEGRAM EXPRESS EMAIL SUBSCRIBERS PLUGIN UP TO 5.7.20 ON WORDPRESS HASH SQL INJECTION

Description The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and…

Common Vulnerabilities and Exposures

CVE-2024-32976 : ENVOY UP TO 1.27.5/1.28.3/1.29.4/11.30.1 DECOMPRESSION INFINITE LOOP

Description Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of…

Common Vulnerabilities and Exposures

CVE-2024-29972 : ZYXEL NAS326/NAS542 PRIOR 5.21 HTTP POST REQUEST REMOTE_HELP-CGI OS COMMAND INJECTION

Description ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware…

Common Vulnerabilities and Exposures

CVE-2024-5590 : NETENTSEC NS-ASG APPLICATION SECURITY GATEWAY 6.3 JSON CONTENT UPLOADISCUSER.PHP MESSAGECONTENT SQL INJECTION

Description A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. This vulnerability affects unknown code of the…

Common Vulnerabilities and Exposures

CVE-2024-5311 : DIGIWIN EASYFLOW .NET UP TO 5.X/6.1X/6.6.15 INPUT SQL INJECTION

Description DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database…