Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-0376

Malicious code in bioql PyPI...

6.5CVSS6.8AI score0.01177EPSS
Exploits0References2
Gitee
Gitee
added 2024/05/08 3:51 p.m.147 views

Shiro-721

This is a vulnerability analysis of a repository containing a proof-of-concept PoC exploit for a remote code execution RCE vulnerability in Apache Shiro, a Java-based security framework. The vulnerability is caused by a padding oracle attack, which allows an attacker to construct serialized data...

8AI score
Exploits0
OSV
OSV
added 2024/01/15 10:15 a.m.4 views

UBUNTU-CVE-2023-46749

Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled this is the default...

6.5CVSS7AI score0.01177EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/12/14 8:15 a.m.8 views

CVE-2023-46750 Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro.

URL Redirection to Untrusted Site 'Open Redirect' vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+...

6.7AI score0.01496EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/10/12 12:0 p.m.6 views

org.apache.camel:camel-shiro (=2.5.0), org.apache.shiro.samples:samples-aspectj (=1.0.0-incubating) +29 more potentially affected by CVE-2022-40664 via org.apache.shiro:shiro-core (=1.0.0-incubating)

org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.shiro:shiro-core and may be impacted: - org.apache.camel:camel-shiro =2.5.0 - org.apache.shiro.samples:samples-aspectj...

9.8CVSS7.2AI score0.0221EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/10/12 12:0 a.m.1 views

PT-2022-25462 · Apache +1 · Apache Shiro +1

Name of the Vulnerable Software and Affected Versions: Apache Shiro versions prior to 1.10.0 Description: The issue is related to an authentication bypass vulnerability in Apache Shiro when forwarding or including via RequestDispatcher. Recommendations: For versions prior to 1.10.0, update to...

9.8CVSS9.4AI score0.0221EPSS
Exploits0References22
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 7:1 p.m.38 views

Security Bulletin: Apache Shiro (Publicly disclosed vulnerability) Affects IBM Partner Engagement Manager (CVE-2022-32532)

Summary IBM Sterling Partner Engagement Manager uses Apache Shiro library 1.9.1, where A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with . in the regular expression are possibly vulnerable to an authorization bypass...

9.8CVSS9.3AI score0.25431EPSS
Exploits0Affected Software1
Gitee
Gitee
added 2020/09/28 2:31 p.m.5 views

maobugs

maobugs 喵喵喵 1.samples-web-1.2.4.war 为 shiro =1.2.4 硬编码漏洞的war包。说实在这个war真的是难打... 2.jdwp-shellifier-master.zip 自己调试的话使用 java -Xdebug -Xrunjdwp:transport=dtsocket,server=y,suspend=n,address=5005 -jar spring-boot-h2-0.0.1-SNAPSHOT.jar 打开jdwp端口 jdwp 端口开启了的话就能被rce ,详情解压文件readme。 这里并不是无条件rce。...

7.1AI score
Exploits0
Rows per page
Query Builder