1807 matches found
Exploit for Improper Authentication in Apache Shenyu
Apache ShenYu Admin has a vulnerability that allows for authenti...
WordPress 跨站请求伪造漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An Access Control Error vulnerability exists in the WordPress Simple JWT Login plugin in versions prior to...
Apache ShenYu 授权问题漏洞
Apache ShenYu is an asynchronous, high-performance, cross-language, responsive API gateway from the Apache Foundation.An authorization issue vulnerability exists in Apache ShenYu Admin, which stems from a misuse of JWT in ShenuAdminBootstrap allowing an attacker to bypass authentication. No...
PT-2021-21721 · Apache · Apache Shenyu
Name of the Vulnerable Software and Affected Versions: Apache ShenYu versions 2.3.0 through 2.4.0 Description: A flaw was found in Apache ShenYu Admin, where the incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. Recommendations: For versions 2.3.0 and 2.4.0...
CVE-2021-41106
JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as...
CVE-2021-41106
JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as...
Design/Logic Flaw
JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as...
CVE-2021-41106
The CVE-2021-41106 issue affects the LCobucci JWT library. Before versions 3.4.6, 4.0.4, and 4.1.5, when using HMAC-based algorithms (HS256/384/512) with LocalFileReference as the key, tokens were issued/validated using the file path instead of the file contents. This effectively means the key ma...
CVE-2021-41106 File reference keys leads to incorrect hashes on HMAC algorithms
JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as...
Jitsi Meet 授权问题漏洞
Jitsi Meet is is a set of open source projects. Enabling users to use and deploy a video conferencing platform with state-of-the-art video quality and features. A vulnerability in authorization issues exists in versions prior to Jitsi Meet 2.0.5963, which stems from the Prosody module allowing th...
PYSEC-2021-342
A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system...
TikTok: Incorrect authorization to the intelbot service leading to ticket information
An authentication bypass and site wide stored XSS cross-site scripting vulnerability was found on TikTok Ads as JWT JSON Web Token was not verified properly. We thank @johnstone for reporting this to our team and confirming its resolution...
Strapi CMS 3.0.0-beta.17.4 Remote Code Execution
Exploit Title: Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution RCE Unauthenticated Date: 2021-08-30 Exploit Author: Musyoka Ian Vendor Homepage: https://strapi.io/ Software Link: https://strapi.io/ Version: Strapi CMS version 3.0.0-beta.17.4 or lower Tested on: Ubuntu 20.04 CVE : CVE-2019-1881...
Github Geyser授权问题漏洞
Github Geyser is Geyser is the bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition, bridging the gap between those who want to play truly cross-platform. Geyser 1.4.2-SNAPSHOT Previous versions of Geyser 1.4.2-SNAPSHOT had an authorization issue vulnerability that stemmed from...
Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution RCE Unauthenticated Date: 2021-08-30 Exploit Author: Musyoka Ian Vendor Homepage: https://strapi.io/ Software Link: https://strapi.io/ Version: Strapi CMS version 3.0.0-beta.17.4 or lower Tested on: Ubuntu 20.04 CVE : CVE-2019-1881...
Exploit for OS Command Injection in Strapi
CVE-2019-19609-EXPLOIT Exploit for CVE-2019-19609 in Strapi R...
useradm 代码问题漏洞
useradm is a microservice used to manage user data and authentication in the Mender ecosystem. A security vulnerability exists in useradm that stems from service credentials not being invalidated, allowing users to access the system with their JWT token after logging out. The following products a...
dotnet: ASP.NET Core JWT token logging
ASP.NET Core and Visual Studio Information Disclosure Vulnerability...
dotnet: ASP.NET Core JWT token logging
ASP.NET Core and Visual Studio Information Disclosure Vulnerability...
dotnet: ASP.NET Core JWT token logging
ASP.NET Core and Visual Studio Information Disclosure Vulnerability...