Vulnerabilities Discovered in CIPAce Enterprise Platform
Overview : A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula.
Overview : The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be
unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
Overview : An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by
Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection
Overview : In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually
Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability.
Overview : Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can
Kubelet component in versions 1.15.0-1.15.9
Overview : The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.
Overview : GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. References Note: References are provided for the convenience
LogicalDoc before 8.3.3 allows SQL Injection
Overview : LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This
cPanel before 84.0.20 allows a demo account to achieve remote code execution
Overview : cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
cPanel before 82.0.18 Account bypass vulnerability
Overview : cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508). Affected
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server
Overview : A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server
Overview : A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request
Bot Detection
[vc_row][vc_column width=”1/2″][vc_empty_space height=”15px”][vc_column_text][/vc_column_text][/vc_column][vc_column width=”1/2″][vc_empty_space height=”15px”][vc_column_text] Bot Detection The Problems 20% of all web traffic is bad bots targeting APIs to
WAF API Gateway
[vc_row][vc_column width=”1/2″][vc_empty_space height=”15px”][vc_column_text][/vc_column_text][/vc_column][vc_column width=”1/2″][vc_empty_space height=”15px”][vc_column_text] WAF for your API Gateway Prophaze EagleEye can secure your API end points against OWASP
Cisco Linksys E4200 firmware suffers from cross site scripting and local file inclusion vulnerabilities
Overview : Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers
Denial of Service vuln in web UI of Cisco Small Business Switches
Overview : A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to
API Security Web Application Firewall
How can you secure your Exposed services without installing the patch by the vendor? Have a look at the use
International Insurance firms in the Middle East faced an issue with their Corporate Network
International Insurance firms in the Middle East faced an issue with their Corporate Network Our products and services help them
Prophaze Kill switch for Fake Registration Robot
Prophaze Kill switch for Fake Registration Robot The prospect was on-boarded for a pilot session for 14-days where Prophaze could
Multiple security vulnerabilities have been found in IBM products
Overview : Multiple security vulnerabilities have been fixed and delivered in IBM products. Affected Product(s) : IBM Financial Transaction Manager
TemaTres 3.0 has reflected XSS vuln
Overview : TemaTres 3.0 has reflected XSS via the replace_string or search_string parameter to the vocab/admin.php?doAdmin=bulkReplace URI. Affected Product(s) :
WSO2 IS as Key Manager 5.7.0 allows web vulnerabilities
Overview : An attacker can trick a privileged user while using WSO2 IS as Key Manager Affected Product(s) : WSO2