35 matches found
WAPPLES Web Application Firewall <=6.0 - Hardcoded Credentials
WAPPLES Web Application Firewall through 6.0 contains a hardcoded credentials vulnerability. It contains a hardcoded system account accessible via db/wp.no1, as configured in the /opt/penta/wapples/script/wccautoscaling.py file. An attacker can use this account to access system configuration and...
CVE-2022-31324
An arbitrary file download vulnerability in the downloadAction function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request...
CVE-2022-31322
Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables...
CVE-2022-35582
Penta Security Systems Inc WAPPLES 4.0., 5.0.0., 5.0.12. are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the...
CVE-2022-35413
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...
EUVD-2022-38468
Malicious code in bioql PyPI...
EUVD-2022-52865
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2022-35413
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...
CVE-2022-35582
Penta Security Systems Inc WAPPLES 4.0., 5.0.0., 5.0.12. are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the...
CVE-2022-35582
Penta Security Systems Inc WAPPLES 4.0., 5.0.0., 5.0.12. are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the...
CVE-2022-35413
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...
CVE-2022-35582
Penta Security Systems Inc WAPPLES 4.0., 5.0.0., 5.0.12. are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the...
CVE-2022-31322
Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables...
CVE-2022-31324
An arbitrary file download vulnerability in the downloadAction function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request...
CVE-2022-31322
Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables...
CVE-2022-31324
An arbitrary file download vulnerability in the downloadAction function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request...
CVE-2022-31324
An arbitrary file download vulnerability in the downloadAction function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request...
Hardcoded credentials
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...
Code injection
Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables...
Design/Logic Flaw
Penta Security Systems Inc WAPPLES 4.0., 5.0.0., 5.0.12. are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the...