CVE-2024-52302

common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper...

Spring Boot common-user-management 0.1 - Remote Code Execution (RCE)

Exploit Title: Unrestricted File Upload Google Dork: Date: 14/Nov/2024 Exploit Author: d3sca Vendor Homepage: https://github.com/OsamaTaher/Java-springboot-codebase Software Link: https://github.com/OsamaTaher/Java-springboot-codebase Version: app version 0.1 Tested on: Debian Linux CVE :...

Exploit for CVE-2024-52302

CVE-2024-52302: Unrestricted File Upload Vulnerability in Comm...

CVE-2024-52302 common-user-management Unrestricted File Upload Leading to Remote Code Execution (RCE)

common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper...

CVE-2024-52302

CVE-2024-52302 affects the Spring Boot app common-user-management, specifically the /api/v1/customer/profile-picture endpoint. The vulnerability arises from unrestricted file uploads without proper validation or restrictions, allowing attackers to upload arbitrary files that can lead to Remote Co...

CVE-2023-52302

creationtimestamp| type| source ---|---|--- 2024-01-03 10:26:51+00:00| seen| https://t.me/ctinow/162283 2024-01-04 01:33:54+00:00| seen| https://t.me/cibsecurity/74296 2024-01-05 20:04:02+00:00| seen| https://t.me/arpsyndicate/2517 2024-01-23 13:56:16+00:00| seen| https://t.me/ctinow/171970...

paddle-ner (=0.1.0), paddle-quantum (>=1.1.1 <=2.2.1) +3 more potentially affected by CVE-2023-52302 via paddlepaddle (=1.8.5)

paddlepaddle PYPI version =1.8.5 is affected by a known vulnerability. The following packages have a transitive dependency on paddlepaddle and may be impacted: - paddle-ner =0.1.0 - paddle-quantum =1.1.1, =1.8.5.0, =1.8.5.1 - paddle-tokenizer =0.1.0 - pyunit-ner =2021.8.2 Source cves:...

paddle-ner (=0.1.0), paddle-quantum (>=1.1.1 <=2.2.1) +3 more potentially affected by CVE-2023-52302 via paddlepaddle (=1.8.5)

paddlepaddle PYPI version =1.8.5 is affected by a known vulnerability. The following packages have a transitive dependency on paddlepaddle and may be impacted: - paddle-ner =0.1.0 - paddle-quantum =1.1.1, =1.8.5.0, =1.8.5.1 - paddle-tokenizer =0.1.0 - pyunit-ner =2021.8.2 Source cves:...

CVE-2023-52302 Segfault in paddle.nextafter

Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service...

CVE-2023-52302 Segfault in paddle.nextafter

Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service...

CVE-2023-52302

CVE-2023-52302 concerns a NULL pointer dereference in the paddle.nextafter implementation inside PaddlePaddle. Multiple connected sources describe that this flaw can cause a runtime crash, leading to a Denial of Service. The affected component is PaddlePaddle’s paddle.nextafter function; the impa...

The vulnerability of the “BKCLogSvr.exe” service in Yokogawa’s software products arises from the issue of buffer overflows occurring outside the scope of the service. This allows attackers to escalate their privileges and execute arbitrary code.

The vulnerability of the “BKCLogSvr.exe” service in Yokogawa’s software products arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to increase their privileges and execute arbitrary code by sending a specially crafted...