57 matches found
CVE-2024-40502
SQL injection vulnerability in Hospital Management System Project in ASP.Net MVC 1 allows aremote attacker to execute arbitrary code via the btnloginbClick function of the Loginpage.aspx...
Malicious code in Be.Vlaanԁeren.Basisregisters.AspNetCore.Mvс.Formatters.Csv (NuGet)
--- -= Per source details. Do not edit below this line.=-...
GHSA-R4Q3-7G4Q-X89M Spring Framework server Web DoS Vulnerability
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
GHSA-V94H-HVHG-MF9H Spring Framework vulnerable to denial of service
In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC or Spring WebFlux...
PT-2023-23722 · Umbraco · Umbracoidentityextensions
Name of the Vulnerable Software and Affected Versions: UmbracoIdentityExtensions versions affected versions not specified Description: The issue concerns the UmbracoIdentityExtensions package, which is an Umbraco add-on for ASP.Net Identity integration. In affected versions, client secrets are no...
CVE-2023-33651
An issue in the MVC Device Simulator of Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules...
Spring Framework 资源管理错误漏洞
Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Framework that stems from a possible Denial of Service DoS attack if Spring MVC is used wi...
CVE-2023-22729
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link...
Design/Logic Flaw
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link...
Design/Logic Flaw
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorise...
CVE-2023-22729 Silverstripe Framework has open redirect vulnerability on CMSSecurity relogin screen
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link...
CVE-2023-22728
CVE-2023-22728 affects Silverstripe Framework specifically the GridField print view. The root cause is a missing/incorrect permission check for DataObjects in GridFieldPrintButton, potentially allowing a content author to view records they are not authorized to access. Affected software: Silverst...
spring-framework: RCE via Data Binding on JDK 9+
A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain...
spring-framework: RCE via Data Binding on JDK 9+
A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain...
spring-framework: RCE via Data Binding on JDK 9+
A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain...
spring-framework: RCE via Data Binding on JDK 9+
A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain...
GHSA-36P3-WJMG-H94X Remote Code Execution in Spring Framework
Spring Framework prior to versions 5.2.20 and 5.3.18 contains a remote code execution vulnerability known as Spring4Shell. Impact A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the...
Rails Unsafe Reflection
Ruby On Rails is a popular framework used to build web applications based on the Model-View-Controller MVC architectural pattern. Ruby On Rails provides a method called constantize which allows developers to dynamically find a constant by using a string. The most common usage of this method is to...
Revenera FlexNet Code Insight 授权问题漏洞
Revenera FlexNet Code Insight is a single integrated solution for open source license compliance and security from Revenera, Germany. An authorization issue vulnerability exists in Code Insight because the product does not effectively handle Spring MVC responses, which can be exploited to cause a...
Rails Mass Assignment
Ruby On Rails is a popular framework used to build web applications based on the Model-View-Controller MVC architectural pattern. A mass assignment vulnerability occurs when an application automatically performs the mapping between a request parameters and a model attributes. This vulnerability c...