Lucene search
K

89 matches found

NVD
NVD
added 2023/06/30 5:15 a.m.23 views

CVE-2023-32612

Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege...

7.2CVSS7.2AI score0.00679EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/30 4:1 a.m.16 views

CVE-2023-32612

Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege...

7.8AI score0.00679EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/06/27 12:0 a.m.56 views

JVN#78634340: Multiple vulnerabilities in WAVLINK WL-WN531AX2

WL-WN531AX2 provided by WAVLINK contains multiple vulnerabilities listed below. Client-side enforcement of server-side security CWE-602 - CVE-2023-32612 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:C/I:C/A:C|...

8.1CVSS7.6AI score0.00734EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/05/24 12:0 a.m.5 views

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a malicious actor to read arbitrary files.

The vulnerability in the web interface for managing Cisco Identity Services Engine ISE platforms relates to the implementation of security functions at the client side. Exploiting this vulnerability allows a malicious actor to read arbitrary files using a specially created HTTP request...

6.1CVSS5.7AI score0.00399EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/24 12:0 a.m.4 views

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to upload or delete certain files.

The vulnerability of the Cisco Identity Services Engine’s web management interface relates to the implementation of security functions at the client side. Exploiting this vulnerability allows a malicious actor to upload or delete certain files using a specially created HTTP request...

5.5CVSS5.5AI score0.00368EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/24 12:0 a.m.5 views

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to delete arbitrary files.

The vulnerability in the web interface for managing Cisco Identity Services Engine ISE platforms relates to the implementation of security functions at the client side. Exploiting this vulnerability allows a malicious actor to delete arbitrary files using a specially created HTTP request...

6.8CVSS6.7AI score0.00382EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/05/23 12:0 a.m.28 views

CVE-2023-22654

Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products TR-71W/7...

6.9AI score0.00508EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2022/12/14 12:30 p.m.18 views

Why PCI DSS 4.0 Should Be on Your Radar in 2023

Protecting customer data is critical for any business accepting online payment information. The Payment Card Industry Data Security Standard PCI DSS, created by leading credit card companies, establishes best practices for protecting consumers' information. By adhering to these standards,...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/23 12:13 p.m.20 views

Top Cyber Threats Facing E-Commerce Sites This Holiday Season

Delivering a superior customer experience is essential for any e-commerce business. For those companies, there's a lot at stake this holiday season. According to Digital Commerce 360, nearly $1.00 of every $4.00 spent on retail purchases during the 2022 holiday season will be spent online,...

0.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/10/10 12:0 a.m.6 views

The vulnerability of the Ruby on Rails software platform, related to the implementation of security features at the client side, allows attackers to execute arbitrary code.

The vulnerability of the Ruby on Rails software platform is related to the implementation of security features at the client side. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS7.3AI score0.03065EPSS
Exploits1References7Affected Software2
AlpineLinux
AlpineLinux
added 2022/09/28 12:0 a.m.53 views

CVE-2022-39249

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

7.5CVSS8.1AI score0.0099EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/09/07 12:0 a.m.10 views

The vulnerability of the microprogramming software of the Cognex 3D-A1000 Dimensioning System, related to the implementation of security functions at the client-side, allows attackers to exploit their privileges.

The vulnerability of the microprogramming software of the Cognex 3D-A1000 Dimensioning System is related to the implementation of security functions at the client side. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

10CVSS7.7AI score0.00694EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.3 views

PT-2022-4702 · Cognex · Cognex 3D-A1000 Dimensioning System

Name of the Vulnerable Software and Affected Versions: Cognex 3D-A1000 Dimensioning System versions 1.0.3 3354 and prior Description: The issue is related to the implementation of security functions on the client-side of the Cognex 3D-A1000 Dimensioning System. This could allow a remote attacker ...

10CVSS9AI score0.00694EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2022/07/12 11:28 a.m.38 views

Avoiding Death by a Thousand Scripts: Using Automated Content Security Policies

Businesses know they need to secure their client-side scripts. Content security policies CSPs are a great way to do that. But CSPs are cumbersome. One mistake and you have a potentially significant client-side security gap. Finding those gaps means long and tedious hours or days in manual code...

6.8AI score
Exploits0
CNVD
CNVD
added 2022/01/26 12:0 a.m.14 views

WordPress UpdraftPlus plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress plugin UpdraftPlus prior to 1.6.59, which stems from the fact that the WordPress plugin does not clean up its...

3.5CVSS0.3AI score0.00614EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2020/12/24 12:0 a.m.4 views

Tangro Business Workflow Code Issue Vulnerability

Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A code issue vulnerability exists in tangro Business Workflow versions prior to 1.18.1, which stems from requesting a list of...

8.8CVSS7AI score0.01234EPSS
Exploits1References1
Kitploit
Kitploit
added 2020/05/04 9:30 p.m.32 views

Parsec - Secure Cloud Framework

Homepage: https://parsec.cloud Documentation: https://parsec-cloud.readthedocs.org. Parsec is a free software AGPL v3 aiming at easily share your work and data in the cloud in total privacy thanks to cryptographic security. Key features: Works as a virtual drive on you computer. You can access an...

7AI score
Exploits0References2
Veracode
Veracode
added 2019/01/15 9:24 a.m.27 views

Authorization Bypass

postgresql is vulnerable to authorization bypass. An attacker is able to bypass client-side connection security features to escalate privileges, execute arbitrary SQL statements. This is due to the failure of the client library to properly reset its internal state between connections, which leads...

8.5CVSS8.4AI score0.05154EPSS
Exploits0References18Affected Software10
RedHat Linux
RedHat Linux
added 2018/09/04 2:10 p.m.3 views

postgresql: Certain host connection parameters defeat client-side security defenses

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...

8.5CVSS7.3AI score0.05154EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/08/27 8:22 a.m.5 views

postgresql: Certain host connection parameters defeat client-side security defenses

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...

8.5CVSS7.3AI score0.05154EPSS
Exploits0References5
Rows per page
Query Builder