8 matches found
EUVD-2024-0376
Malicious code in bioql PyPI...
Shiro-721
This is a vulnerability analysis of a repository containing a proof-of-concept PoC exploit for a remote code execution RCE vulnerability in Apache Shiro, a Java-based security framework. The vulnerability is caused by a padding oracle attack, which allows an attacker to construct serialized data...
UBUNTU-CVE-2023-46749
Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled this is the default...
CVE-2023-46750 Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro.
URL Redirection to Untrusted Site 'Open Redirect' vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+...
org.apache.camel:camel-shiro (=2.5.0), org.apache.shiro.samples:samples-aspectj (=1.0.0-incubating) +29 more potentially affected by CVE-2022-40664 via org.apache.shiro:shiro-core (=1.0.0-incubating)
org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.shiro:shiro-core and may be impacted: - org.apache.camel:camel-shiro =2.5.0 - org.apache.shiro.samples:samples-aspectj...
PT-2022-25462 · Apache +1 · Apache Shiro +1
Name of the Vulnerable Software and Affected Versions: Apache Shiro versions prior to 1.10.0 Description: The issue is related to an authentication bypass vulnerability in Apache Shiro when forwarding or including via RequestDispatcher. Recommendations: For versions prior to 1.10.0, update to...
Security Bulletin: Apache Shiro (Publicly disclosed vulnerability) Affects IBM Partner Engagement Manager (CVE-2022-32532)
Summary IBM Sterling Partner Engagement Manager uses Apache Shiro library 1.9.1, where A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with . in the regular expression are possibly vulnerable to an authorization bypass...
maobugs
maobugs 喵喵喵 1.samples-web-1.2.4.war 为 shiro =1.2.4 硬编码漏洞的war包。说实在这个war真的是难打... 2.jdwp-shellifier-master.zip 自己调试的话使用 java -Xdebug -Xrunjdwp:transport=dtsocket,server=y,suspend=n,address=5005 -jar spring-boot-h2-0.0.1-SNAPSHOT.jar 打开jdwp端口 jdwp 端口开启了的话就能被rce ,详情解压文件readme。 这里并不是无条件rce。...