GHSA-W3C8-7R8F-9JP8 Spring MVC controller vulnerable to a DoS attack

Spring MVC controller methods with an @RequestBody byte method parameter are vulnerable to a DoS attack...

VMware Spring Framework < 5.3.42 DoS Vulnerability - Linux

The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2024-28235 · Unknown +1 · Spring Mvc +1

Name of the Vulnerable Software and Affected Versions: Spring MVC affected versions not specified Description: The issue concerns Spring MVC controller methods that utilize an @RequestBody byte method parameter, making them susceptible to Denial of Service DoS attacks. Recommendations: At the...

The vulnerability of the Orchid Platform, related to the use of dangerous methods or functions, allows a hacker to obtain the server’s IP address.

The vulnerability of the Orchid Platform is related to the use of dangerous methods or functions. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain the server’s IP address through a brute-force attack...

Exposed Dangerous Method or Function

Overview orchid/platform is a Platform for back-office applications, admin panel or CMS your Laravel app. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in the asynchronous modal functionality via the Screen class. An attacker can call arbitrary methods...

CVE-2024-51992 Method Exposure Vulnerability in Modals in orchid/platform

Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue CWE-749: Exposed Dangerous Method or Function in the Orchid Platform’s asynchronous modal functionality, affecti...

CVE-2024-43430 Moodle: lack of access control when using external methods for quiz overrides

A flaw was found in moodle. External API access to Quiz can override contained insufficient access control...

go-toolset:rhel8 security update

An update is available for module.go-toolset, go-toolset, delve, golang, module.golang, module.delve. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset...

Mars: unauthorized access and add user and change personal information all users

The report describes a vulnerability in the ██████████ website, where unauthorized access to an API endpoint allowed attackers to add new users and modify personal information of existing users. The vulnerability was classified as Improper Access Control. The issue stemmed from the absence of...

PT-2024-36: Calling arbitrary methods in Orchid Platform

The vulnerability was identified in Orchid Platform versions 8 - 14.42.x. Discovered vulnerability can be exploited by an attacker to call arbitrary methods in the Screen class, which could lead to the ability to brute force database tables and disclosure of the server's IP address. Vulnerability...

How Ransomware Is Delivered and How to Prevent Attacks

...

The vulnerability of the software platform for managing security in industrial networks, MXSecurity, arises from the use of dangerous methods or functions, allowing attackers to enhance their privileges.

The vulnerability of the MXSecurity software platform for managing security in industrial networks is related to the use of dangerous methods or functions. Exploiting this vulnerability can allow attackers to enhance their privileges...

PT-2024-40897 · Unknown · Langchainjs

Name of the Vulnerable Software and Affected Versions: langchainjs version 0.2.5 Description: A path traversal issue exists, allowing attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. This is exploited through the setFileContent,...

ROS-20241028-02

The vulnerability of the net-netip component of Golang programming language is related to incorrect operation of Is methods IsPrivate, IsLoopback, etc. methods. Exploitation of the vulnerability can allow an intruder to bypass the existing access restriction policy...

This Week in Spring - October 22nd, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring. I write this to you in an Uber speeding down the autobahn near Frankfurt, Germany. What a time to be alive! At the rate this driver's going, I won't have much time to write this before we've arrived, so let's dive right into...

CVE-2024-40084

A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths...

SSRF via POST /v1/llm/add_llm and /v1/conversation/tts

This report is not public...

CVE-2024-40084

A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths...

CVE-2024-40084

CVE-2024-40084 describes a remote, unauthenticated buffer overflow in the Boa webserver used by the Vilo 5 Mesh WiFi System (versions

CVE-2024-40084

A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths...