Adobe Experience Manager (AEM) QueryBuilder Feed Servlet Detected

This plugin detects the presence of the Adobe Experience Manager AEM QueryBuilder Feed Servlet on a web application. The QueryBuilder Feed Servlet is part of AEM's QueryBuilder API, which allows developers to construct and execute queries against the AEM repository to retrieve content based on...

Adobe Experience Manager (AEM) QueryBuilder JCR Hashed Password Disclosure

The remote Adobe Experience Manager AEM QueryBuilder Servlet is prone to an information disclosure vulnerability. An unauthenticated attacker can exploit this issue to retrieve the hashed passwords of users in the AEM instance by sending a specially crafted HTTP request to the QueryBuilder Servle...

Adobe Experience Manager (AEM) Dispatcher Bypass

The remote Adobe Experience Manager AEM is affected by a dispatcher misconfiguration that allows for security filter bypass. By sending a specially crafted request, an unauthenticated, remote attacker can access internal endpoints, such as the QueryBuilder JSON API. A successful exploit could lea...

MAL-2022-4051 Malicious code in jquery-querybuilder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57bfd8522bd1fa5221cea1ce468e61ef81bfcdcb45d394c11ad4adf9c05c270e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in jquery-querybuilder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57bfd8522bd1fa5221cea1ce468e61ef81bfcdcb45d394c11ad4adf9c05c270e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Quick wins with Adobe Experience Manager

Introduction Adobe Experience Manager AEM, is a comprehensive content management solution for building websites, mobile apps and forms. And it makes it easy to manage your marketing content and assets. If you've ever looked into AEM you may have heard of Mikhail Egorov @0ang3el. He has done some...

Unexpected bindings in QueryBuilder

This is a follow-up to the previous security advisory GHSA-3p32-j457-pg5x which addresses a few additional edge cases. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the quer...

Unexpected bindings in QueryBuilder

This is a follow-up to the previous security advisory GHSA-3p32-j457-pg5x which addresses a few additional edge cases. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the quer...

Unexpected bindings in QueryBuilder

More info at https://blog.laravel.com/security-laravel-62011-7302-8221-released...

OSF for Drupal - Less Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-014

This module enables administrators to use a user interface to create complex semantic queries that can be saved to be used in different locations of a Drupal instance that uses OSF. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in accordance with Drupal Securi...

phpwind 8.7 querybuilder.class.php sql注入

No description provided by source...