Lucene search
+L

1807 matches found

GithubExploit
GithubExploit
added 2021/11/17 8:33 a.m.284 views

Exploit for Improper Authentication in Apache Shenyu

Apache ShenYu Admin has a vulnerability that allows for authenti...

9.8CVSS7.2AI score0.40058EPSS
Exploits2
CNNVD
CNNVD
added 2021/11/17 12:0 a.m.7 views

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An Access Control Error vulnerability exists in the WordPress Simple JWT Login plugin in versions prior to...

8.8CVSS5.7AI score0.00612EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/11/16 12:0 a.m.5 views

Apache ShenYu 授权问题漏洞

Apache ShenYu is an asynchronous, high-performance, cross-language, responsive API gateway from the Apache Foundation.An authorization issue vulnerability exists in Apache ShenYu Admin, which stems from a misuse of JWT in ShenuAdminBootstrap allowing an attacker to bypass authentication. No...

9.8CVSS5.6AI score0.40058EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2021/11/16 12:0 a.m.4 views

PT-2021-21721 · Apache · Apache Shenyu

Name of the Vulnerable Software and Affected Versions: Apache ShenYu versions 2.3.0 through 2.4.0 Description: A flaw was found in Apache ShenYu Admin, where the incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. Recommendations: For versions 2.3.0 and 2.4.0...

9.8CVSS9.3AI score0.40058EPSS
Exploits2References19
NVD
NVD
added 2021/09/28 9:15 p.m.30 views

CVE-2021-41106

JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as...

4.4CVSS0.00199EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/09/28 9:15 p.m.3 views

CVE-2021-41106

JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as...

4.4CVSS5.8AI score0.00199EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2021/09/28 9:15 p.m.18 views

Design/Logic Flaw

JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as...

2.1CVSS4.1AI score0.00199EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/09/28 8:50 p.m.90 views

CVE-2021-41106

The CVE-2021-41106 issue affects the LCobucci JWT library. Before versions 3.4.6, 4.0.4, and 4.1.5, when using HMAC-based algorithms (HS256/384/512) with LocalFileReference as the key, tokens were issued/validated using the file path instead of the file contents. This effectively means the key ma...

4.4CVSS4AI score0.00199EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/09/28 8:50 p.m.36 views

CVE-2021-41106 File reference keys leads to incorrect hashes on HMAC algorithms

JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as...

4.4CVSS5.1AI score0.00199EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/09/15 12:0 a.m.8 views

Jitsi Meet 授权问题漏洞

Jitsi Meet is is a set of open source projects. Enabling users to use and deploy a video conferencing platform with state-of-the-art video quality and features. A vulnerability in authorization issues exists in versions prior to Jitsi Meet 2.0.5963, which stems from the Prosody module allowing th...

7.5CVSS7.5AI score0.01235EPSS
Exploits0References3
PyPA
PyPA
added 2021/09/03 2:15 a.m.9 views

PYSEC-2021-342

A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system...

10CVSS7.1AI score0.01702EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2021/09/02 5:59 p.m.27 views

TikTok: Incorrect authorization to the intelbot service leading to ticket information

An authentication bypass and site wide stored XSS cross-site scripting vulnerability was found on TikTok Ads as JWT JSON Web Token was not verified properly. We thank @johnstone for reporting this to our team and confirming its resolution...

1.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/30 12:0 a.m.345 views

Strapi CMS 3.0.0-beta.17.4 Remote Code Execution

Exploit Title: Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution RCE Unauthenticated Date: 2021-08-30 Exploit Author: Musyoka Ian Vendor Homepage: https://strapi.io/ Software Link: https://strapi.io/ Version: Strapi CMS version 3.0.0-beta.17.4 or lower Tested on: Ubuntu 20.04 CVE : CVE-2019-1881...

9.8CVSS8.4AI score0.97639EPSS
Exploits21
CNNVD
CNNVD
added 2021/08/30 12:0 a.m.13 views

Github Geyser授权问题漏洞

Github Geyser is Geyser is the bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition, bridging the gap between those who want to play truly cross-platform. Geyser 1.4.2-SNAPSHOT Previous versions of Geyser 1.4.2-SNAPSHOT had an authorization issue vulnerability that stemmed from...

9.8CVSS8.3AI score0.01431EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2021/08/30 12:0 a.m.1426 views

Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution RCE Unauthenticated Date: 2021-08-30 Exploit Author: Musyoka Ian Vendor Homepage: https://strapi.io/ Software Link: https://strapi.io/ Version: Strapi CMS version 3.0.0-beta.17.4 or lower Tested on: Ubuntu 20.04 CVE : CVE-2019-1881...

9.8CVSS8.4AI score0.97639EPSS
Exploits21
GithubExploit
GithubExploit
added 2021/08/29 5:57 p.m.165 views

Exploit for OS Command Injection in Strapi

CVE-2019-19609-EXPLOIT Exploit for CVE-2019-19609 in Strapi R...

9CVSS7.3AI score0.54081EPSS
Exploits11
CNNVD
CNNVD
added 2021/08/27 12:0 a.m.7 views

useradm 代码问题漏洞

useradm is a microservice used to manage user data and authentication in the Mender ecosystem. A security vulnerability exists in useradm that stems from service credentials not being invalidated, allowing users to access the system with their JWT token after logging out. The following products a...

7.5CVSS7.3AI score0.01107EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/08/12 6:57 a.m.4 views

dotnet: ASP.NET Core JWT token logging

ASP.NET Core and Visual Studio Information Disclosure Vulnerability...

5.5CVSS5.8AI score0.01121EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/08/12 6:49 a.m.6 views

dotnet: ASP.NET Core JWT token logging

ASP.NET Core and Visual Studio Information Disclosure Vulnerability...

5.5CVSS5.8AI score0.01121EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/08/11 6:47 p.m.3 views

dotnet: ASP.NET Core JWT token logging

ASP.NET Core and Visual Studio Information Disclosure Vulnerability...

5.5CVSS5.8AI score0.01121EPSS
Exploits0References6
Rows per page
Query Builder