17 matches found
EUVD-2019-11504
Malware in sbrugna...
Malicious code in @zalastax/nolb-corda (npm)
The package @zalastax/nolb-corda was found to contain malicious code...
MAL-2025-11005 Malicious code in @zalastax/nolb-corda (npm)
The package @zalastax/nolb-corda was found to contain malicious code...
CVE-2019-25057
In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer...
CVE-2019-25057
In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer...
CVE-2019-25057
In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer...
Code injection
In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer...
CVE-2019-25057
This CVE affects R3 Corda prior to version 4.1. The issue arises because the meaning of serialized data can be modified by an attacker-controlled CustomSerializer , enabling data manipulation at the serialization layer. The vulnerability pertains to the integrity of serialized data (per CVSS), wi...
CVE-2019-25057
In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer...
R3 Corda 安全漏洞
R3 Corda is an open source blockchain platform from R3 Corporation in the United States. A security vulnerability exists in versions of R3 Corda prior to 4.1, which can be exploited by an attacker to modify the meaning of serialized data via a controlled CustomSerializer...
U.S. Dept Of Defense: Corda Server XSS ████████
Summary: Cord server will display the error message if something isn't allowed to be used thus allowing xss Description: /scripts/ctredirector.dll allows users to call images or files. We can use the parameter @FILE to dictate a file or url, if it fails it'll display the url into the page. We the...
[Foreground Security 2013-002]: Corda Path Disclosure and XSS
Corda Path Disclosure and XSS ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2013-002 - Original release date: July 12, 2013 - Discovered by: Adam Willard Software Security Analyst at Foreground Security - Contact: awillard at foregroundsecurit...
Corda Cross Site Scripting / Path Disclosure
Corda Path Disclosure and XSS ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2013-002 - Original release date: July 12, 2013 - Discovered by: Adam Willard Software Security Analyst at Foreground Security - Contact: awillard at foregroundsecurit...
Corda Highwire - Highwire.ashx Full Path Disclosure
Corda Highwire - Highwire.ashx Full Path Disclosure source: https://www.securityfocus.com/bid/61152/info Corda Highwire is prone to a path disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to obtain sensitive information that ma...
Corda .NET Redirector - redirector.corda Cross-Site Scripting
Corda .NET Redirector - redirector.corda Cross-Site Scripting source: https://www.securityfocus.com/bid/61156/info Corda .NET Redirector is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...
Corda .NET Redirector - 'redirector.corda' Cross-Site Scripting
source: https://www.securityfocus.com/bid/61156/info Corda .NET Redirector is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
Corda Highwire - 'Highwire.ashx' Full Path Disclosure
source: https://www.securityfocus.com/bid/61152/info Corda Highwire is prone to a path disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to obtain sensitive information that may lead to further attacks...