Insufficient Verification Of Data Authenticity

swag/paypal is vulnerable to Insufficient Verification Of Data Authenticity. When the JavaScript-based PayPal checkout methods PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card are used the amount and item list sent to PayPal may not be identical to the one in the created...

Default account creation on all installation methods

Description The credentials of the administrator user console installation are set by default. Additionally in both the console installation and the gui installation a janedoe account is created with default credentials...

The vulnerability of the libssh2 library, which implements Git methods in C language using Libgit2, allows a attacker to perform a type of “man-in-the-middle” attack.

The vulnerability of the libssh2 library, which implements Git methods in C using Libgit2, is related to errors in verifying the cryptographic signature. Exploiting this vulnerability could allow a remote attacker to execute a “man-in-the-middle” attack...

CVE-2023-23941

SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card, the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has bee...

CVE-2023-23941 SwagPayPal payment not sent to PayPal correctly

SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card, the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has bee...

The 2022 State of Spring Survey Report

Hi, Spring fans! You're awesome! I know you're awesome. You know you're awesome. And the Spring team works for you. We like working for you because you dream awesome dreams and build awesome things. And we can't work effectively with and for you if we don't know where everyone stands. Every year ...

[M-04] Balance manipulation when contract is paused

Lines of code Vulnerability details Impact State-changing methods missing the whenNotPaused modifier, is a security hole. Even when contract is paused increaseTotalBalance and decreaseTotalBalance methods can be called internally. Therefore, medium severity matches. Proof of Concept function...

GHSA-MRQX-MJC4-VFH3 wallabag subject to Improper Authorization via annotations

Impact The annotations feature lets users add annotations on highlighted parts of an entry. The controller does not validate authorization on PUT and DELETE requests which lets a logged user modify or delete any annotation using their ID on their endpoints example.org/annotations/id. These...

CVE-2023-22422

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to...

CVE-2023-22422 HTTP profile vulnerability

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to...

K43881487: HTTP profile vulnerability CVE-2023-22422

Security Advisory Description When an HTTP profile with the non-default Enforcement options Enforce RFC Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2023-22422 Impact Traffic is...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in F5 HTTP profiles, when a non-default HTTP profile is configured on a virtual serv...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

[SECURITY] Fedora 36 Update: libgit2-1.3.2-1.fc36

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

CVE-2015-2309

Unsafe methods in the Request class...

CVE-2021-39217 OpenMage LTS arbitrary command execution in custom layout update through blocks

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue...

Fix for arbitrary command execution in custom layout update through blocks

Impact Custom Layout enabled admin users to execute arbitrary commands via block methods...

GHSA-C9Q3-R4RV-MJM7 Fix for arbitrary command execution in custom layout update through blocks

Impact Custom Layout enabled admin users to execute arbitrary commands via block methods...

Design/Logic Flaw

Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

The Definitive Browser Security Checklist

Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it ...