Lucene search
K

39 matches found

CNNVD
CNNVD
added 2024/07/11 12:0 a.m.3 views

my-springsecurity-plus SQL Injection Vulnerability

my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy individual developer. A SQL injection vulnerability exists in my-springsecurity-plus prior to version 2024.07.03, which stems from an unknown function in file/api/role, where...

9.8CVSS7.9AI score0.00566EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.3 views

my-springsecurity-plus Security Vulnerabilities

my-springsecurity-plus is a SpringBoot and SpringSecurity based RBAC backend privilege management system by codermy individual developer. A security vulnerability exists in my-springsecurity-plus prior to 2024.07.03, which stems from some unknown functionality in file/api/dept, where manipulation...

9.8CVSS7.4AI score0.00473EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.4 views

my-springsecurity-plus Security Vulnerabilities

my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy personal developer. A security vulnerability exists in my-springsecurity-plus prior to version 2024.07.03, which stems from an SQL injection due to manipulation of...

8.8CVSS7.8AI score0.00446EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/11 12:0 a.m.7 views

PT-2024-37797 · Unknown · Witmy My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: witmy my-springsecurity-plus up to 2024-07-04 Description: A critical issue has been found, affecting some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to SQL injection. The attack may b...

6.5CVSS7.2AI score0.00473EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/03/22 12:0 a.m.6 views

DingFlow 安全漏洞

DingFlow is DingFlow open source is committed to helping small and medium-sized intelligent office system. DingFlow v.2.0.0 version of a security vulnerability , the vulnerability stems from the system/role/list interface of the dataScope parameter SQL injection vulnerability...

6.3CVSS7.9AI score0.0064EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/02/23 12:0 a.m.19 views

CVE-2022-48341

ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter...

8.6AI score0.00986EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/17 12:0 a.m.4 views

LuckyFrame SQL注入漏洞

LuckyFrame is a free and open source testing platform. A security vulnerability exists in LuckyFrame v3.5, which originates from a SQL injection vulnerability in the dataScope parameter in /system/RoleMapper.xml...

9.8CVSS8.7AI score0.00782EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2020/12/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-11511

The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'albumid' or 'scope' parameter via a photo-gallery/api/album/treelists/ URI...

9.8CVSS7.3AI score0.11176EPSS
Exploits7References1
Hacker One
Hacker One
added 2020/09/02 1:56 a.m.43 views

pixiv: Open Redirect at https://oauth.secure.pixiv.net

Summary: Hello @pixiv security team, i hope you are well, i noticed you can redirect users to another domain if you send an invalided scope. Vulnerable Url...

0.4AI score
Exploits0
OSV
OSV
added 2018/08/16 8:29 p.m.6 views

CVE-2018-11511

The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'albumid' or 'scope' parameter via a photo-gallery/api/album/treelists/ URI...

9.8CVSS5.8AI score0.11176EPSS
Exploits7References2
seebug.org
seebug.org
added 2018/05/11 12:0 a.m.563 views

RCE with spring-security-oauth2 分析(CVE-2018-1260)

漏洞公告 环境搭建 利用github上已有的demo: git clone https://github.com/wanghongfei/spring-security-oauth2-example.git 确保导入的spring-security-oauth2为受影响版本,以这里为例为2.0.10 进入spring-security-oauth2-example,修改 cn/com/sina/alan/oauth/config/OAuthSecurityConfig.java的第67行: @Override public void...

7.5CVSS1AI score0.08352EPSS
Exploits2
OSV
OSV
added 2017/08/01 6:29 p.m.8 views

CVE-2017-1500

A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get a...

6.1CVSS5.9AI score0.00779EPSS
Exploits1References2
Veracode
Veracode
added 2016/12/02 10:20 a.m.15 views

Unauthorised Modification Of Permission Scope

spring-security-oauth2 is vulnerable to unauthorised modification of scope. A malicious user can submit a scope parameter during token request, which will be accepted by the server. This allows the malicious user to gain a wider scope of permissions when they authenticate...

6.9AI score
Exploits0
NVD
NVD
added 2014/05/13 2:55 p.m.37 views

CVE-2013-1407

Multiple cross-site scripting XSS vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 scope parameter to index.php; 2 username, 3 dbemphone, 4 useremail, or 5...

4.3CVSS5.8AI score0.02058EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2012/08/23 8:55 p.m.1 views

CVE-2011-5114

Multiple cross-site scripting XSS vulnerabilities in the Authoritative DNS - DNS Zones page in Barracuda Link Balancer 330 Firmware 1.3.2.005 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 zoneid or 2 scope parameter...

4.3CVSS5.4AI score0.00931EPSS
Exploits0References3
Prion
Prion
added 2012/08/23 8:55 p.m.11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Authoritative DNS - DNS Zones page in Barracuda Link Balancer 330 Firmware 1.3.2.005 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 zoneid or 2 scope parameter...

4.3CVSS6.1AI score0.00931EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2006/04/25 12:50 p.m.1 views

DEBIAN-CVE-2006-2016

Multiple cross-site scripting XSS vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 dn parameter in a compareform.php, b copyform.php, c renameform.php, d templateengine.php, and e deleteform.php; 2 scope parameter in f...

2.6CVSS5.9AI score0.08221EPSS
Exploits1References1
Cvelist
Cvelist
added 2006/04/25 10:0 a.m.29 views

CVE-2006-2016

Multiple cross-site scripting XSS vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 dn parameter in a compareform.php, b copyform.php, c renameform.php, d templateengine.php, and e deleteform.php; 2 scope parameter in f...

5.5AI score0.08221EPSS
Exploits1References14
Debian CVE
Debian CVE
added 2006/04/25 10:0 a.m.48 views

CVE-2006-2016

Multiple cross-site scripting XSS vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 dn parameter in a compareform.php, b copyform.php, c renameform.php, d templateengine.php, and e deleteform.php; 2 scope parameter in f...

2.6CVSS5.7AI score0.08221EPSS
Exploits1
Rows per page
Query Builder