Pre-auth RCE in ForgeRock Access Manager (CVE-2021-35464)

ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...

CVE-2021-2463

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Dynamo Application Framework. Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

PT-2021-5345

Name of the Vulnerable Software and Affected Versions ForgeRock Access Management AM Core Server versions prior to 7.0 ForgeRock OpenAM version 14.6.3 and earlier Description The issue is related to a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. This...

Django path traversal vulnerability (CNVD-2022-31940)

Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, etc. Django has a path traversal vulnerability that stems from the fact that a user can use the:...

LivingLogic XIST4C Cross-Site Scripting Vulnerability (CNVD-2021-39967)

XIST4C is a content management system, shopping cart software and web application framework from LivingLogic. A cross-site scripting vulnerability exists in LivingLogic XIST4C versions prior to 0.107.8. The vulnerability can be exploited by an attacker to conduct a cross-site scripting attack via...

LivingLogic XIST4C 跨站脚本漏洞

XIST4C is a content management system, shopping cart software and web application framework from LivingLogic. A cross-site scripting vulnerability exists in LivingLogic XIST4C versions prior to 0.107.8. The vulnerability can be exploited by an attacker to conduct a cross-site scripting attack via...

The vulnerability of the Application Framework component of the Cisco IOx software platform allows a perpetrator to trigger a service failure.

The vulnerability of the Application Framework component of the Cisco IOx software platform is related to uncontrolled resource depletion. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

Bitweaver cross-site scripting vulnerability (CNVD-2021-22574)

Bitweaver is a free, open source web application framework and content management system. A cross-site scripting vulnerability exists in Bitweaver 3.1.0. A remote attacker can exploit this vulnerability to inject JavaScript via the /users/myimages.php URI...

CVE-2021-1460

A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers Industrial ISRs, Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of...

CVE-2021-1460 Cisco IOx Application Framework Denial of Service Vulnerability

A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers Industrial ISRs, Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of...

CVE-2021-1460 Cisco IOx Application Framework Denial of Service Vulnerability

A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers Industrial ISRs, Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of...

CVE-2021-1460

The CVE-2021-1460 issue affects the Cisco IOx Application Framework running on Cisco 809/829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway. The root cause is insufficient error handling during packet processing in the IOx web server, which could be tr...

Cisco 多款设备资源管理错误漏洞

Cisco Iox is the U.S. Cisco Cisco a combination of Cisco IOS and Linux OS for secure network connectivity and the development of IOT applications for secure development environment. The Cisco IOx Application Framework's Cisco 809 Industrial Integrated Services Routers Industrial ISRs, Cisco 829...

Debian DLA-2564-1 : php-horde-text-filter security update

Alex Birnberg discovered a cross-site scripting XSS vulnerability in the Horde Application Framework, more precisely its Text Filter API. An attacker could take control of a user's mailbox by sending a crafted e-mail. CVE-2021-26929 An XSS issue was discovered in Horde Groupware Webmail Edition...

Unspecified vulnerability in Jetbrains JetBrains Ktor framework

JetBrains Ktor framework is a Web application framework from the Czech company JetBrains Jetbrains. A security vulnerability exists in JetBrains Ktor before 1.5.0, which stems from the fact that a birthday attack on SessionStorage keys is possible. No details of the vulnerability are provided at...

CVE-2021-21263

Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an...

Design/Logic Flaw

Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an...

Apache Tapestry 代码问题漏洞

Apache Tapestry is the United States Apache Apache Foundation of a Web application framework written in the Java language . A deserialization vulnerability exists in Apache Tapestry version 4, which originates from an attempt to deserialize the "sp" parameter before calling the page's...

CVE-2020-6367

There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50. An unauthenticated attacker can trick an unsuspecting authenticated user to click on a malicious link. The end users browser has no way to know that t...

CVE-2020-6367

CVE-2020-6367 — Affected software and impact: SAP NetWeaver Composite Application Framework (CAF) across versions 7.20, 7.30, 7.31, 7.40, and 7.50 suffers a reflected cross-site scripting (XSS) vulnerability. An unauthenticated attacker can trick an authenticated user into clicking a malicious li...