15 matches found
CVE-2022-31324
An arbitrary file download vulnerability in the downloadAction function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request...
CVE-2022-35582
Penta Security Systems Inc WAPPLES 4.0., 5.0.0., 5.0.12. are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the...
EUVD-2022-52866
Malicious code in bioql PyPI...
EUVD-2022-38468
Malicious code in bioql PyPI...
EUVD-2022-52865
Malicious code in bioql PyPI...
Code injection
Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables...
Arbitrary file deletion
An arbitrary file download vulnerability in the downloadAction function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request...
CVE-2022-31322
The CVE-2022-31322 entry affects Penta Security Systems’ WAPPLES, specifically version 6.0 r3 with 4.10-hotfix1. The vulnerability allows privilege escalation by overwriting files using SUID-enabled executables. Root cause and affected component: SUID flagged executables enabling local privilege ...
CVE-2022-31322
Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables...
CVE-2022-31324
An arbitrary file download vulnerability in the downloadAction function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request...
CVE-2022-31324
CVE-2022-31324 (WAPPLES) : A vulnerability in Penta Security Systems Inc WAPPLES (version 6.0 r3 4.10-hotfix1) within the downloadAction() function allows an attacker to download arbitrary files via a crafted POST request. This is stated across multiple sources (NVD, Red Hat advisory, CVE lists) ...
CVE-2022-35582
CVE-2022-35582 pertains to Penta Security WAPPLES (versions 4.0., 5.0.0. , 5.0.12.*) with an Incorrect Access Control flaw: the OS includes a built-in non-privileged user named ‘penta’ with a predefined password, whose existence and credentials are not documented. This enables potential unauthori...
Penta Security Systems WAPPLES 信任管理问题漏洞
Penta Security Systems WAPPLES is a logical Web application firewall from Penta Security Systems, India. A security vulnerability exists in Penta Security Systems WAPPLES v6.0 r3 version 4.10-hotfix1, which originated from a vulnerability that allows an attacker to elevate privileges by overwriti...
PT-2022-20686 · Penta Security Systems Inc · Wapples
Name of the Vulnerable Software and Affected Versions: Penta Security Systems Inc WAPPLES version 6.0 r3 4.10-hotfix1 Description: The issue allows attackers to escalate privileges via overwriting files using SUID flagged executables. Recommendations: For Penta Security Systems Inc WAPPLES versio...
Penta Security Systems WAPPLES 安全漏洞
Penta Security Systems WAPPLES is a logical Web application firewall from Penta Security Systems, India. A security vulnerability in Penta Security Systems WAPPLES v6.0 r3 version 4.10-hotfix1, which originates from an arbitrary file download vulnerability in the downloadAction function, allows a...