parse-server 授权问题漏洞

parse-server is a Node.js/Express parse server open-sourced by Parse Platform. An authorization issue vulnerability exists in parse-server versions prior to 7.5.2 and prior to 8.0.2, which stems from mishandling of third-party authentication and could result in authentication credentials being...

CVE-2024-8176

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

Linux Distros Unpatched Vulnerability : CVE-2010-3776

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before...

Huawei HarmonyOS Security Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from a privilege control vulnerability in the audio module. Successful exploitation of this...

Hospital Management System 4.0 SQL Injection Vulnerability

Hospital Management System version 4.0 suffers from multiple remote SQL injection vulnerabilities. Original discovered of SQL injection in this version is attributed to Metin Yunus Kandemir in January of 2020. Title: Hospital Management System v4.0 Multiple SQL-Injections Author: nu11secur1ty...

Secure Your SaaS Apps With Security Posture Management Platform

As security professionals who have spent more than a few years in the industry, we know a good challenge when we see one. SaaS and cloud-based technologies are growing rapidly, offering organizations convenience and constant feature refreshes without the need to install and deploy software...

polkit authorization bypass in multiple application

Invalid Policy Kit authorization usage...

Apple ColorSync ICC Profile ncl2 Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari on Windows and multiple applications on OSX. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The fla...

Platinum SDK Library - POST UPnP sscanf Buffer Overflow (PoC)

Platinum SDK Library - POST UPnP sscanf Buffer Overflow PoC / -POC CODE Remote Buffer Overflow - ========================================================================= ! Exploit Title: Platinum SDK library post upnp sscanf buffer overflow !...

Cisco multiple applications code execution

CiscoWorks Common Services code execution...

Kahua vulnerable in allowing to share login sessions

Overview Kahua is an open source application development and runtime environment server. Kahua contains a vulnerability which allows the sharing of sessions among multiple applications which are referring to different user databases. Impact A remote attacker could possibly take over the user...

CVE-2006-5932

Kahua before 0.7, when running multiple applications under a single supervisor, grants application access on the basis of username instead of username and database name, which allows remote authenticated users to obtain unauthorized access if different databases assign the same username to...

JVN#34522909 Kahua vulnerable in allowing to share login sessions

Impact A remote attacker could possibly take over the user privileges and manipulate applications when several user databases are in use. If a multiple applications of Kahua refer to different user database, a user could log into multiple applications which results in a login session to be shared...