CVE-2023-25581 Deserialization of untrusted data in InternalAttributeHandler in pac4j

pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...

CVE-2023-25581

The CVE-2023-25581 entry concerns pac4j-core before 4.0.0, where a Java deserialization vulnerability in UserProfile attributes can be triggered by a serialized object with a {#sb64} prefix and Base64 encoding, potentially leading to RCE. Affected versions are prior to 4.0.0; 4.0.0 and later are ...

CVE-2024-43399

MobSF (Mobile Security Framework) prior to version 4.0.7 contains a Zip Slip vulnerability in the Static Libraries analysis when extracting .a files. The mitigation (decoding and string replacement) is bypassable (e.g., using sequences like ....//....//....//), allowing extraction to arbitrary se...

CVE-2024-43399 Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure...

PT-2024-30558 · Unknown · Mobile Security Framework

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.0.7 Description: The issue is related to a flaw in the Static Libraries analysis section of MobSF, specifically during the extraction of .a extension files. The measure intended to prevent Z...

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...

The vulnerability of the Mobile Security Framework (MobSF), which involves redirecting URLs to unreliable websites, allows attackers to carry out phishing attacks using specially created malicious links.

The vulnerability of the Mobile Security Framework MobSF for mobile application security research involves redirecting URLs to unreliable websites. Exploiting this vulnerability allows attackers to carry out phishing attacks using specially created malicious links...

Open Redirection

Mobile Security Framework MobSF is vulnerable to Open Redirection. The vulnerability is due to URL redirection to Untrusted Site through the authentication view by manipulating the redirect URL after a successful login...

CVE-2024-41955

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5...

CVE-2024-41955

Summary: CVE-2024-41955 affects Mobile Security Framework (MobSF). The vulnerability is an open redirect in the authentication view, potentially allowing an attacker to redirect authenticated users to a malicious site after login. Multiple sources document this as MobSF open redirect, with remedi...

EUVD-2024-2299

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5...

CVE-2024-41955 Mobile Security Framework (MobSF) has an Open Redirect in Login Redirect

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5...

PT-2024-5612 · Unknown · Mobile Security Framework

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.0.5 Description: The issue is related to an open redirect vulnerability in the authentication view of Mobile Security Framework MobSF, a security research platform for mobile applications...

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. It is used for penetration testing, malware analysis, and security assessments, and is capable of performing both static and dynamic analysis. A security vulnerability exists i...

DNSJava DNSSEC Bypass

Summary Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. Details DNS Messages are not authenticated. They do not guarantee that - received RRs are authentic - not received RRs do not exist - all or any received...

Oracle WebCenter Portal (July 2024 CPU)

The 12.2.1.4.0 versions of WebCenter Portal installed on the remote host are affected by a vulnerability as referenced in the July 2024 CPU advisory. - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component: Portal Core Apache SOAP. The supported version that i...

ledexpert.bg Cross Site Scripting vulnerability OBB-3945838

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

agromec.co.cr Cross Site Scripting vulnerability OBB-3944083

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

jscombustibles.com Cross Site Scripting vulnerability OBB-3928600

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

RHEL 7 : xstream (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulati...