CVE-2022-31324

An arbitrary file download vulnerability in the downloadAction function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request...

CVE-2022-35582

Penta Security Systems Inc WAPPLES 4.0., 5.0.0., 5.0.12. are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the...

EUVD-2022-52865

Malicious code in bioql PyPI...

EUVD-2022-52866

Malicious code in bioql PyPI...

EUVD-2022-38468

Malicious code in bioql PyPI...

Arbitrary file deletion

An arbitrary file download vulnerability in the downloadAction function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request...

Code injection

Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables...

CVE-2022-31322

Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables...

CVE-2022-31322

The CVE-2022-31322 entry affects Penta Security Systems’ WAPPLES, specifically version 6.0 r3 with 4.10-hotfix1. The vulnerability allows privilege escalation by overwriting files using SUID-enabled executables. Root cause and affected component: SUID flagged executables enabling local privilege ...

CVE-2022-31324

An arbitrary file download vulnerability in the downloadAction function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request...

CVE-2022-31324

CVE-2022-31324 (WAPPLES) : A vulnerability in Penta Security Systems Inc WAPPLES (version 6.0 r3 4.10-hotfix1) within the downloadAction() function allows an attacker to download arbitrary files via a crafted POST request. This is stated across multiple sources (NVD, Red Hat advisory, CVE lists) ...

CVE-2022-35582

CVE-2022-35582 pertains to Penta Security WAPPLES (versions 4.0., 5.0.0. , 5.0.12.*) with an Incorrect Access Control flaw: the OS includes a built-in non-privileged user named ‘penta’ with a predefined password, whose existence and credentials are not documented. This enables potential unauthori...

Penta Security Systems WAPPLES 信任管理问题漏洞

Penta Security Systems WAPPLES is a logical Web application firewall from Penta Security Systems, India. A security vulnerability exists in Penta Security Systems WAPPLES v6.0 r3 version 4.10-hotfix1, which originated from a vulnerability that allows an attacker to elevate privileges by overwriti...

PT-2022-20686 · Penta Security Systems Inc · Wapples

Name of the Vulnerable Software and Affected Versions: Penta Security Systems Inc WAPPLES version 6.0 r3 4.10-hotfix1 Description: The issue allows attackers to escalate privileges via overwriting files using SUID flagged executables. Recommendations: For Penta Security Systems Inc WAPPLES versio...

Penta Security Systems WAPPLES 安全漏洞

Penta Security Systems WAPPLES is a logical Web application firewall from Penta Security Systems, India. A security vulnerability in Penta Security Systems WAPPLES v6.0 r3 version 4.10-hotfix1, which originates from an arbitrary file download vulnerability in the downloadAction function, allows a...