Cache poisoning in @sveltejs/adapter-vercel

Versions of @sveltejs/adapter-vercel prior to 6.3.2 are vulnerable to cache poisoning. An internal query parameter intended for Incremental Static Regeneration ISR is accessible on all routes, allowing an attacker to cause sensitive user-specific responses to be cached and served to other users...

CVE-2024-56320

GoCD before 24.5.0 is vulnerable to admin privilege escalation via improper authorization of the admin “Configuration XML” UI and related API. An authenticated GoCD user with an existing account can access information intended only for admins or elevate privileges to admin, with exploitation requ...

CVE-2023-4309

Election Services Co. ESC Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused...

CVE-2023-4309

Election Services Co. ESC Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused...

CVE-2023-4309

Election Services Co. ESC Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused...

CVE-2020-22669

Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications...

CVE-2020-22669

Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications...

CVE-2020-22669

Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications...

Expedia Group Bug Bounty: Reflected XSS Via origCity Parameter (UPPER Case + WAF Protection Bypass)

Vulnerability description not provided...

WAF JSON decoding capability required to protect against API threats like CVE-2020-13942 Apache Unomi RCE

New critical Apache Unomi exploit was released yesterday. As an official press release says: "Apache Unomi is the industrys first reference implementation of the upcoming OASIS CDP specification established by the OASIS CXS Technical Committee, which sets standards as a core technology for enabli...

How to Maximize Your WAF

Whenever new WAF clients are brought aboard, there’s a procedure they must follow in order to properly configure their servers to work behind the WAF protection. You can find an example of the Imperva Cloud WAF onboarding procedure here. Sometimes, however, customers can miss important procedures...

Janusec Application Gateway - Tool Which Provides WAF, CC Attack Defense, Unified Web Administration Portal, Private Key Protection, Web Routing And Scalable Load Balancing

Janusec Application Gateway, an application security solutions which provides WAF Web Application Firewall, unified web administration portal, private key protection, web routing and scalable load balancing. With Janusec, you can build secure and scalable applications. Key Features WAF Web...

How to Protect AWS API Gateway with SecureSphere WAF

Serverless architectures are becoming more and more popular, and Amazon’s API Gateway service is a key factor in many serverless deployments on AWS. Currently API Gateway only supports a public CloudFront endpoint, and securing the API Gateway with high-end WAF protection may seem like a difficul...

CMS AutoWeb 3.0 SQL Injection Vulnerability

CMS AutoWeb version 3.0 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data. + Sql Injection on CMS AutoWeb v3.0 + Date: 24/09/2014 + CWE Number : CWE-89 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.multdivision.com.br...

CMS AutoWeb 3.0 SQL Injection

Sql Injection on CMS AutoWeb v3.0 + Date: 24/09/2014 + CWE Number : CWE-89 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.multdivision.com.br + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable File: mostrar.php + Dork :...

Airlock WAF 4.2.4 - Overlong UTF-8 Sequence Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Airlock WAF overlong UTF-8 sequence bypass product: Airlock vulnerable version: = 4.2.4 without hotfix HF4213 fixed version: 4.2.5 impact: critical homepage:...