168 matches found
Lucee Remote Code Execution Vulnerability
The Lucee Server Lucee is a dynamic, java-based markup and scripting language used for rapid web application development. Lucee suffers from a remote code execution vulnerability that can be exploited to execute system commands by accepting the name of a cookie as one of its parameters and passin...
CVE-2024-27083
CVE-2024-27083 affects Flask-AppBuilder. An XSS on the OAuth login page was introduced in 4.1.4 and fixed in 4.2.1. Impact is on the OAuth login flow where crafted URLs can execute JavaScript in the user’s browser. Affected versions: 4.1.4 through 4.2.0; remediation: upgrade to 4.2.1 or newer. Ex...
CVE-2024-27083 Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)
Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute...
[SECURITY] Fedora 39 Update: qt5-qtbase-5.15.12-5.fc39
Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...
This Week in Spring - February 14th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! Friends, tomorrow is Valentine's day, and I love Spring. So, it's a very exciting thing indeed to be able to share this week's jam-packed roundup. Let's dive right into it! Spring Tools 4.21.1 is now available In the latest...
Lateral Movement – Visual Studio DTE
A lot of organizations have some sort of application development program and it is highly likely that developers will utilize Visual Studio for their development… Continue reading - Lateral Movement - Visual Studio DTE...
Lateral Movement – Visual Studio DTE
A lot of organizations have some sort of application development program and it is highly likely that developers will utilize Visual Studio for their development… Continue reading - Lateral Movement - Visual Studio DTE...
Microsoft .NET Denial of Service Vulnerability (CNVD-2024-02713)
Microsoft .NET is a software framework dedicated to agile software development, rapid application development, platform-agnosticism, and web transparency. A denial of service vulnerability exists in Microsoft .NET, which can be exploited by attackers to cause a denial of service...
CVE-2023-51662 Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL)
The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List CRL were not...
Adobe ColdFusion Code Execution Vulnerability
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. A code execution vulnerability exists in Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and...
Adobe ColdFusion Cross-Site Scripting Vulnerability (CNVD-2023-100311)
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion cross-site scripting vulnerability, the vulnerability stems from the lack of effective...
Adobe ColdFusion Input Validation Error Vulnerability (CNVD-2023-91796)
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has an input validation error vulnerability that can be exploited by an attacker to...
CVE-2023-20235
The CVE-2023-20235 issue affects Cisco IOS XE IOS IOx application hosting workflow. It arises because Docker containers using the privileged runtime option are not blocked when in development mode, enabling an authenticated, remote attacker to access the underlying operating system as root via th...
How to add custom app icon in Android Play Store applications
...
Tackling the OAuth2 Client component model in Spring Security
In Spring Security 5, we saw many developments in the OAuth2 story with the introduction of OAuth2 Resource Server and OAuth2 Client into the framework. Today, it is quite convenient to develop applications that are secured by OAuth2 using the features available in OAuth2 Resource Server...
Adobe ColdFusion Improper Access Control Vulnerability (CNVD-2023-100305)
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a security vulnerability that can be exploited by attackers to bypass security...
Adobe ColdFusion 安全漏洞
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a security vulnerability that can be exploited by attackers to bypass security...
Adobe Coldfusion Access Control Bypass Vulnerability
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. An access control bypass vulnerability exists in Adobe Coldfusion, which can be exploited by an attacke...
CVE-2023-34110 Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error
Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...
Guide to Serverless Architecture Design Patterns
Discover the power of serverless architecture design patterns for scalable and efficient application development. Explore EDA, pub-sub, fan-out/fan-in, strangler, and saga patterns. Learn how to select, implement, and optimize them for your needs...