1332 matches found
Matthias Van Woensel qcubed 跨站脚本漏洞
Matthias Van Woensel qcubed is an application by Matthias Van Woensel. It provides a PHP model-view-controller framework for rapid application development. A cross-site scripting vulnerability exists in qcubed all versions including 3.1.1 that could allow an unauthenticated attacker to steal...
Design/Logic Flaw
Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create unlimited...
vapor 资源管理错误漏洞
vapor is a Swift web development framework for individual developers. Can be used to develop high-performance Web applications , support for iOS, OS X and Ubuntu systems. Vapor versions prior to 4.40.1 have a security vulnerability that can be exploited by attackers to launch DoS attacks...
CVE-2020-35217
Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need t...
Jetbrains JetBrains Ktor framework 加密问题漏洞
JetBrains Ktor framework is a Web application framework from the Czech company JetBrains Jetbrains. A security vulnerability exists in JetBrains Ktor before 1.5.0, which stems from the fact that a birthday attack on SessionStorage keys is possible. No details of the vulnerability are provided at...
Cross site request forgery (csrf)
Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need t...
CVE-2020-35217
CVE-2020-35217 affects Vert.x-Web framework version 4.0 milestone 1–4. The vulnerability arises from CSRF verification that compares the CSRF token in the cookie against a token stored in the session instead of comparing the token in the request with the cookie. As a result, cookies are automatic...
Gin-Gonic Gin Environmental Vulnerabilities
Gin-Gonic Gin is a Go-based framework for rapidly building web applications from the Gin-Gonic team. github.com/gin-gonic/gin A security vulnerability exists in all versions, which stems from the ability to spoof a client's IP by setting the X-Forwarded-For header...
Tornado Environment Issue Vulnerability
Tornado is a Python web framework and asynchronous networking library from the Tornado community. The library scales to thousands of open connections through the use of non-blocking network I/O, making it ideal for long-time polling, WebSockets, and other applications that require long-term...
Microsoft ASP.NET Core and Visual Studio Security Vulnerabilities
Microsoft ASP.NET Core is a framework of cross-platform open source framework from Microsoft. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. A security vulnerability exists in Microsoft ASP.NET Core and Visua...
[SECURITY] Fedora 32 Update: golang-gopkg-macaron-1-1.4.0-1.fc32
Package Macaron is a high productive and modular web framework in Go...
vulscan
This is a Python-based web application for vulnerability scanning and management. The application is built using Django and has several features, including: 1. Vulnerability Scanning: The application can scan for vulnerabilities in websites and applications using a list of predefined POC Proof of...
The vulnerability of the Twisted Web network framework’s component, allowing a hacker to cause a service failure
The vulnerability of the Twisted Web network framework’s component involves insufficient validation of input data during the processing of HTTP headers. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the Twisted Web network framework’s component, allowing a hacker to cause a service failure
The vulnerability of the Twisted Web network framework’s component involves insufficient validation of input data during the processing of HTTP headers. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
Apache Struts 代码注入漏洞
Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. ...
PT-2022-19326
Name of the Vulnerable Software and Affected Versions Spip Web Framework versions v3.1.13 and earlier Description The issue concerns multiple cross-site scripting XSS vulnerabilities in the /spip.php component of Spip Web Framework. This allows attackers to execute arbitrary web scripts or HTML...
PYSEC-2020-157
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL...
JetBrains Ktor framework 环境问题漏洞
JetBrains Ktor framework is a Web application framework from the Czech company JetBrains. A security vulnerability exists in JetBrains Ktor versions prior to 1.4.1, which stems from HTTP request entrapment attacks are possible. No detailed vulnerability details are provided at this time...
Code Execution Vulnerability in Zibo's New X1.0 System
Zibo's new X1.0 system is a website management system based on the latest thinkphp5 framework. A code execution vulnerability exists in Qibo New X1.0 System. An attacker can exploit this vulnerability to gain server privileges...
Moderate: Red Hat Security Advisory: python-django security update
An update for python-django is now available for Red Hat OpenStack Platform 13 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...