Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-46552PUBLISHED: 2023-02-02D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.
CVE-2022-46604PUBLISHED: 2023-02-02An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution.
CVE-2022-46965PUBLISHED: 2023-02-02PrestaShop module, totadministrativemandate before v1.7.1 was discovered to contain a SQL injection vulnerability.
CVE-2023-0642PUBLISHED: 2023-02-02Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0.
CVE-2023-0643PUBLISHED: 2023-02-02Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.
User Rank: Ninja
2/28/2019 | 9:35:01 PM
Yes there are deficiencies. But I believe it to be a better allocation of funding to try and create more proficient and consistent coding then trying to throw bodies at it retroactively for review. I understand that if there is a shortage in one security facet then it may persist into others. But coders and app dev individuals that could be helpful in this endeavor are not part of that shortage.
Respectfully, I understand your inquiry. But I'm an Security Engineer. Crafting solutions is part of my day to day and this is again just one person's opinion at a plausible solution. Without attempting any solutions, we will all pontificate until this article is re-written in the years to come.