1332 matches found
BIT-CODEIGNITER-2022-39284
CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does...
BIT-CODEIGNITER-2022-46170
CodeIgniter is a PHP full-stack web framework. When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user...
BIT-CODEIGNITER-2023-46240
CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround,...
CVE-2023-5457
A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application due to the “debug” configuration parameter set to “True” allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to t...
CVE-2023-5457
CVE-2023-5457 is a CWE-1269 issue in the Django-based application where debug=True in Django causes exposure of sensitive information. It affects AiLux imx6 bundle prior to version imx6_1.0.7-2. Root cause: non-release configuration leaking data. Impact: confidentiality, integrity, and availabili...
CVE-2024-25124
Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard whil...
Design/Logic Flaw
Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard whil...
CVE-2024-25124 Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials
Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard whil...
CVE-2024-25124
CVE-2024-25124 affects the Go web framework Fiber. Before v2.52.1, the CORS middleware allowed configuring Access-Control-Allow-Origin to a wildcard "*" while Access-Control-Allow-Credentials was true, violating security best practices and enabling potential exposure of sensitive data to cross-si...
The vulnerability of the twisted.web network framework’s component, which allows a hacker to compromise the integrity of the protected information.
The vulnerability of the twisted.web network framework’s component is related to inconsistent interpretation of HTTP requests. Exploiting this vulnerability allows a remote attacker to compromise the integrity of protected information through multiple HTTP requests...
Exploit for SQL Injection in Djangoproject Django
CVE-2022-28346 A flaw was found in the Django package, which l...
Jester Security Vulnerabilities
Jester is a web framework by Dominik Picheta, an individual developer in the UK. A security vulnerability exists in Jester v.0.6.0 and earlier versions that could allow a remote attacker to execute arbitrary code via a crafted request...
CVE-2024-0552
Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server...
CVE-2024-0552 Intumit inc. SmartRobot - Remote Code Execution
Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server...
CVE-2024-0552
CVE-2024-0552 relates to a remote code execution vulnerability in Intumit inc. SmartRobot’s web framework. The most concrete details across the provided documents indicate that the issue lies in the framework’s handling in a way that allows an unauthenticated attacker to execute arbitrary command...
Intumit SmartRobot Security Vulnerability
Intumit SmartRobot is a web development framework from Intumit. A security vulnerability exists in Intumit SmartRobot v6.0.0-202012tw and earlier versions that stems from a remote code execution vulnerability in SmartRobo's web framework. An attacker can exploit the vulnerability to execute...
PT-2024-15652 · Intuit · Smartrobot
Name of the Vulnerable Software and Affected Versions: Intumit inc. SmartRobot affected versions not specified Description: The issue is related to a remote code execution vulnerability in the web framework of Intumit inc. SmartRobot. This allows an unauthorized remote attacker to execute arbitra...
Exploit for Server-Side Request Forgery in Apache Ofbiz
BadBizness Automatic exploitation scrip...
Exploit for Server-Side Request Forgery in Apache Ofbiz
BadBizness Automatic exploitation scrip...
Cross site scripting
This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...