Lucene search
K

37 matches found

Gitee
Gitee
added 2020/11/03 7:53 p.m.4 views

Exploit for Use of Hard-coded Cryptographic Key in Apache Aurora

Awesome-shiro CVE-2016-4437 Shiro=1.2.4反序列化,爆破模块和key、代码执行、反弹shell的工具 ---- 漏洞原因 因为shiro对cookie里的rememberme字段进行了反序列化,所以如果知道了shiro的编码方式,然后将恶意命令用它的编码方式进行编码并放在http头的cookie里,在shiro对提交的cookie的rememberme字段进行反序列化时,也就执行了插入的命令,最终造成了命令执行 shiro默认使用了CookieRememberMeManager,其处理cookie的流程是:...

9.8CVSS7AI score0.93143EPSS
Exploits9
OSV
OSV
added 2020/10/12 7:15 p.m.3 views

CVE-2020-26546

An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

7.5CVSS7.1AI score0.013EPSS
Exploits0References2
NVD
NVD
added 2020/10/12 7:15 p.m.18 views

CVE-2020-26546

An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

7.5CVSS0.013EPSS
Exploits0References2
Prion
Prion
added 2020/10/12 7:15 p.m.18 views

Sql injection

An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

5CVSS7.9AI score0.013EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/10/12 6:59 p.m.22 views

CVE-2020-26546

An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

7.5CVSS7.9AI score0.013EPSS
Exploits0References2
CVE
CVE
added 2020/10/12 6:59 p.m.57 views

CVE-2020-26546

CVE-2020-26546 : The connected PT-2020-16450 entry documents a SQL injection issue in the RememberMe functionality of HelpDeskZ version 1.0.2. The root cause is that the RememberMe feature is prone to SQL injection, and this vulnerability affects a legacy, no-longer-supported release. The advisor...

7.5CVSS7.8AI score0.013EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2020/10/12 6:59 p.m.8 views

CVE-2020-26546

An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

7.5CVSS7.8AI score0.013EPSS
Exploits0References2
Metasploit
Metasploit
added 2020/04/27 3:50 p.m.77 views

Apache Shiro v1.2.4 Cookie RememberME Deserial RCE

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Shiro v1.2.4. Note that other versions of Apache Shiro may also be exploitable if the encryption key used by Shiro to encrypt rememberMe cookies is known. This module requires Metasploit:...

9.8CVSS8.2AI score0.93143EPSS
Exploits9
Veracode
Veracode
added 2019/12/23 3:6 a.m.11 views

Authentication Bypass

scheb/two-factor-bundle is vulnerable to authentication bypass. The 2-factor authentication can be bypassed by logging in with the REMEMBERME cookie and subsequently removing the SESSIONID key...

3.6AI score
Exploits0
Veracode
Veracode
added 2019/11/19 6:49 a.m.27 views

Padding Oracle Attack

Apache Shiro is vulnerable to padding oracle attack. The attack is possible as it adopts RememberMe configuration for cookies as a default and uses CBC mode of encryption, which would allow an attacker to perform a Java deserialization attack that results in remote code execution...

7.5CVSS4.5AI score0.09101EPSS
Exploits0References7Affected Software1
GithubExploit
GithubExploit
added 2019/10/25 5:15 a.m.9 views

SHIRO-550

Shiro RememberMe 1.2.4 反序列化漏洞(SHIRO-550)...

7.1AI score
Exploits0
myhack58
myhack58
added 2017/01/18 12:0 a.m.45 views

Apache shiro 1.2.4 version of remote command execution vulnerability details-vulnerability warning-the black bar safety net

Search, I found online about apache shiro 1.2.4 version of the vulnerability consolidation report to write too simple, is perhaps the bigwigs speaking of professional, I this noob can't read the reason, specially in the local do a full show. First from the shiro official get shiro 1.2.4 of the...

7.2AI score
Exploits0
CNVD
CNVD
added 2016/08/04 12:0 a.m.1 views

Shiro RememberMe Deserialization Command Execution Vulnerability

Apache Shiro is the top project of the Apache Software Foundation, the preferred authorization verification, authorization, cryptography, and session management framework in Java applications. The JIRA for Apache Shiro mentions a security vulnerability in cookie management in Shrio. Under the rig...

6.8AI score
Exploits0References1
Atlassian
Atlassian
added 2012/09/18 3:36 p.m.21 views

rememberme cookie is not cleared when user changes password in Confluence

When a user changes their password, the seraph cookie is still valid. To avoid this, all entries for the changed user in the table remembermetoken should be removed...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/09/18 3:36 p.m.17 views

rememberme cookie is not cleared when user changes password in Confluence

When a user changes their password, the seraph cookie is still valid. To avoid this, all entries for the changed user in the table remembermetoken should be removed...

1.7AI score
Exploits0
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.16 views

CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

More info at https://symfony.com/cve-2024-51996...

7.5CVSS6.6AI score0.00633EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.20 views

CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

More info at https://symfony.com/cve-2024-51996...

7.5CVSS6.6AI score0.00633EPSS
Exploits1Affected Software1
Rows per page
Query Builder