Category - API Security Blog

QRadar Community Edition 7.3.1.6 Server Side Request Forgery

Post ContentRead More ...

May 30, 2022

SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass Vulnerabilities

SALTO ProAccess SPACE versions 5.5 and below suffer from path traversal, arbitrary file write, persistent cross site scripting, privilege escalation, and clear text transmission of sensitive data vuln ...

May 30, 2022

SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass

Post ContentRead More ...

May 30, 2022

MyEtherWallet: Local Storage Custom Node Credentials Leak

## Summary Credentials for a custom node are stored in plain text inside Local Storage on the user's machine. If this node is configured in a certain way this could lead to the theft of any funds in a ...

May 30, 2022

CVE-2019-11895

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC ...

May 30, 2022

CVE-2019-11892

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in reading or modification of the SHC's confi ...

May 30, 2022

P4wnP1 A.L.O.A. – Framework Which Turns A Rapsberry Pi Zero W Into A Flexible, Low-Cost Platform For Pentesting, Red Teaming And Physical Engagements

[![](https://1.bp.blogspot.com/-kAfpXyhBA0g/XOS89ORP25I/AAAAAAAAO9U/ohWV8x2YZRoU8uw-JNH2-J2fUP6QWvIXQCLcBGAs/s640/raspberry%2Bpi%2Bzero.jpg)]() P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a R ...

May 30, 2022

Threat Roundup for May 3 to May 10

[![](https://4.bp.blogspot.com/-OZk_HZUnWw8/XNGon29pJLI/AAAAAAAAGNI/IY-WnPRAA6UTgQH2jV6_IyW_zGeZtU03wCK4BGAYYCw/s1600/recurring%2Bblog%2Bimages_threat%2Broundup.jpg)]() Today, Talos is publishing a gl ...

May 30, 2022