89 matches found
CVE-2023-32612
Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege...
CVE-2023-32612
Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege...
JVN#78634340: Multiple vulnerabilities in WAVLINK WL-WN531AX2
WL-WN531AX2 provided by WAVLINK contains multiple vulnerabilities listed below. Client-side enforcement of server-side security CWE-602 - CVE-2023-32612 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:C/I:C/A:C|...
The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a malicious actor to read arbitrary files.
The vulnerability in the web interface for managing Cisco Identity Services Engine ISE platforms relates to the implementation of security functions at the client side. Exploiting this vulnerability allows a malicious actor to read arbitrary files using a specially created HTTP request...
The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to upload or delete certain files.
The vulnerability of the Cisco Identity Services Engine’s web management interface relates to the implementation of security functions at the client side. Exploiting this vulnerability allows a malicious actor to upload or delete certain files using a specially created HTTP request...
The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to delete arbitrary files.
The vulnerability in the web interface for managing Cisco Identity Services Engine ISE platforms relates to the implementation of security functions at the client side. Exploiting this vulnerability allows a malicious actor to delete arbitrary files using a specially created HTTP request...
CVE-2023-22654
Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products TR-71W/7...
Why PCI DSS 4.0 Should Be on Your Radar in 2023
Protecting customer data is critical for any business accepting online payment information. The Payment Card Industry Data Security Standard PCI DSS, created by leading credit card companies, establishes best practices for protecting consumers' information. By adhering to these standards,...
Top Cyber Threats Facing E-Commerce Sites This Holiday Season
Delivering a superior customer experience is essential for any e-commerce business. For those companies, there's a lot at stake this holiday season. According to Digital Commerce 360, nearly $1.00 of every $4.00 spent on retail purchases during the 2022 holiday season will be spent online,...
The vulnerability of the Ruby on Rails software platform, related to the implementation of security features at the client side, allows attackers to execute arbitrary code.
The vulnerability of the Ruby on Rails software platform is related to the implementation of security features at the client side. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2022-39249
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...
The vulnerability of the microprogramming software of the Cognex 3D-A1000 Dimensioning System, related to the implementation of security functions at the client-side, allows attackers to exploit their privileges.
The vulnerability of the microprogramming software of the Cognex 3D-A1000 Dimensioning System is related to the implementation of security functions at the client side. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
PT-2022-4702 · Cognex · Cognex 3D-A1000 Dimensioning System
Name of the Vulnerable Software and Affected Versions: Cognex 3D-A1000 Dimensioning System versions 1.0.3 3354 and prior Description: The issue is related to the implementation of security functions on the client-side of the Cognex 3D-A1000 Dimensioning System. This could allow a remote attacker ...
Avoiding Death by a Thousand Scripts: Using Automated Content Security Policies
Businesses know they need to secure their client-side scripts. Content security policies CSPs are a great way to do that. But CSPs are cumbersome. One mistake and you have a potentially significant client-side security gap. Finding those gaps means long and tedious hours or days in manual code...
WordPress UpdraftPlus plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress plugin UpdraftPlus prior to 1.6.59, which stems from the fact that the WordPress plugin does not clean up its...
Tangro Business Workflow Code Issue Vulnerability
Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A code issue vulnerability exists in tangro Business Workflow versions prior to 1.18.1, which stems from requesting a list of...
Parsec - Secure Cloud Framework
Homepage: https://parsec.cloud Documentation: https://parsec-cloud.readthedocs.org. Parsec is a free software AGPL v3 aiming at easily share your work and data in the cloud in total privacy thanks to cryptographic security. Key features: Works as a virtual drive on you computer. You can access an...
Authorization Bypass
postgresql is vulnerable to authorization bypass. An attacker is able to bypass client-side connection security features to escalate privileges, execute arbitrary SQL statements. This is due to the failure of the client library to properly reset its internal state between connections, which leads...
postgresql: Certain host connection parameters defeat client-side security defenses
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...
postgresql: Certain host connection parameters defeat client-side security defenses
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...