17 matches found
EUVD-2019-11504
Malware in sbrugna...
Malicious code in @zalastax/nolb-corda (npm)
The package @zalastax/nolb-corda was found to contain malicious code...
MAL-2025-11005 Malicious code in @zalastax/nolb-corda (npm)
The package @zalastax/nolb-corda was found to contain malicious code...
CVE-2019-25057
In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer...
CVE-2019-25057
In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer...
CVE-2019-25057
In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer...
Code injection
In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer...
CVE-2019-25057
In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer...
CVE-2019-25057
This CVE affects R3 Corda prior to version 4.1. The issue arises because the meaning of serialized data can be modified by an attacker-controlled CustomSerializer , enabling data manipulation at the serialization layer. The vulnerability pertains to the integrity of serialized data (per CVSS), wi...
R3 Corda 安全漏洞
R3 Corda is an open source blockchain platform from R3 Corporation in the United States. A security vulnerability exists in versions of R3 Corda prior to 4.1, which can be exploited by an attacker to modify the meaning of serialized data via a controlled CustomSerializer...
U.S. Dept Of Defense: Corda Server XSS ████████
Summary: Cord server will display the error message if something isn't allowed to be used thus allowing xss Description: /scripts/ctredirector.dll allows users to call images or files. We can use the parameter @FILE to dictate a file or url, if it fails it'll display the url into the page. We the...
[Foreground Security 2013-002]: Corda Path Disclosure and XSS
Corda Path Disclosure and XSS ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2013-002 - Original release date: July 12, 2013 - Discovered by: Adam Willard Software Security Analyst at Foreground Security - Contact: awillard at foregroundsecurit...
Corda Cross Site Scripting / Path Disclosure
Corda Path Disclosure and XSS ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2013-002 - Original release date: July 12, 2013 - Discovered by: Adam Willard Software Security Analyst at Foreground Security - Contact: awillard at foregroundsecurit...
Corda Highwire - Highwire.ashx Full Path Disclosure
Corda Highwire - Highwire.ashx Full Path Disclosure source: https://www.securityfocus.com/bid/61152/info Corda Highwire is prone to a path disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to obtain sensitive information that ma...
Corda .NET Redirector - redirector.corda Cross-Site Scripting
Corda .NET Redirector - redirector.corda Cross-Site Scripting source: https://www.securityfocus.com/bid/61156/info Corda .NET Redirector is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...
Corda .NET Redirector - 'redirector.corda' Cross-Site Scripting
source: https://www.securityfocus.com/bid/61156/info Corda .NET Redirector is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
Corda Highwire - 'Highwire.ashx' Full Path Disclosure
source: https://www.securityfocus.com/bid/61152/info Corda Highwire is prone to a path disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to obtain sensitive information that may lead to further attacks...