Lateral Movement – Visual Studio DTE

A lot of organizations have some sort of application development program and it is highly likely that developers will utilize Visual Studio for their development… Continue reading - Lateral Movement - Visual Studio DTE...

Microsoft .NET Denial of Service Vulnerability (CNVD-2024-02713)

Microsoft .NET is a software framework dedicated to agile software development, rapid application development, platform-agnosticism, and web transparency. A denial of service vulnerability exists in Microsoft .NET, which can be exploited by attackers to cause a denial of service...

CVE-2023-51662 Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL)

The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List CRL were not...

Adobe ColdFusion Cross-Site Scripting Vulnerability (CNVD-2023-100311)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion cross-site scripting vulnerability, the vulnerability stems from the lack of effective...

Adobe ColdFusion Input Validation Error Vulnerability (CNVD-2023-91796)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has an input validation error vulnerability that can be exploited by an attacker to...

Adobe ColdFusion Code Execution Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. A code execution vulnerability exists in Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and...

CVE-2023-20235

The CVE-2023-20235 issue affects Cisco IOS XE IOS IOx application hosting workflow. It arises because Docker containers using the privileged runtime option are not blocked when in development mode, enabling an authenticated, remote attacker to access the underlying operating system as root via th...

How to add custom app icon in Android Play Store applications

...

Tackling the OAuth2 Client component model in Spring Security

In Spring Security 5, we saw many developments in the OAuth2 story with the introduction of OAuth2 Resource Server and OAuth2 Client into the framework. Today, it is quite convenient to develop applications that are secured by OAuth2 using the features available in OAuth2 Resource Server...

Adobe ColdFusion Improper Access Control Vulnerability (CNVD-2023-100305)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a security vulnerability that can be exploited by attackers to bypass security...

Adobe ColdFusion 安全漏洞

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a security vulnerability that can be exploited by attackers to bypass security...

Adobe Coldfusion Access Control Bypass Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. An access control bypass vulnerability exists in Adobe Coldfusion, which can be exploited by an attacke...

CVE-2023-34110 Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

Guide to Serverless Architecture Design Patterns

Discover the power of serverless architecture design patterns for scalable and efficient application development. Explore EDA, pub-sub, fan-out/fan-in, strangler, and saga patterns. Learn how to select, implement, and optimize them for your needs...

CVE-2023-32072

CVE-2023-32072 affects Tuleap: Community Edition < 14.8.99.60; Enterprise Edition < 14.8-3 and

[SECURITY] Fedora 38 Update: qt5-qtbase-5.15.9-3.fc38

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...

CVE-2023-30619

Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute...

CVE-2023-30619 XSS in the tooltip via an artifact title

Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute...

Siemens Mendix Forgot Password Module Information Disclosure Vulnerability

Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment and iteration. An information disclosure vulnerability exists in the Siemens Mendix Forgot Password module. The vulnerability stems from the fact that the...

Adobe ColdFusion XML External Entity Injection Vulnerability

Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion has an XML external entity injection...