722 matches found
CVE-2024-54000 Mobile Security Framework (MobSF) bypass of SSRF fix
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...
CVE-2024-54000 Mobile Security Framework (MobSF) bypass of SSRF fix
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...
CVE-2024-54000 Mobile Security Framework (MobSF) bypass of SSRF fix
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...
CVE-2024-54000
CVE-2024-54000 affects MobSF prior to 3.9.7. The root cause is in _check_url using requests.get() with allow_redirects=True, enabling an SSRF when a .well-known/assetlinks.json response returns a 302 redirect. This bypasses the prior fix for CVE-2024-29190 and is fixed in MobSF 3.9.7. The connect...
Mobile Security Framework 安全漏洞
Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...
PT-2024-36005 · Unknown · Mobile Security Framework
Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.2.9 Description: The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the...
Mobile Security Framework 安全漏洞
Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...
PT-2024-36007 · Unknown · Mobile Security Framework
Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 3.9.7 Description: The issue concerns a server-side request forgery vulnerability. It occurs when the requests.get request in the check url method is set to allow redirects=True, allowing a...
CVE-2024-51734 User data deletion by anoynmous users in Zope
Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to...
CVE-2024-51734 User data deletion by anoynmous users in Zope
Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to...
Oracle WebCenter Portal (October 2024 CPU)
The 12.2.1.4.0 versions of WebCenter Portal installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory. - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component: Security Framework jQuery. The supported...
The Spanish National Security Framework (ENS) is Now Part of the Qualys Enterprise TruRisk™ Platform
The Spanish National Security Framework ENS, regulated by Royal Decree 311/2022 , is a mandatory framework designed to ensure an optimal level of security for the digital infrastructure of companies in the Spanish public sector and critical infrastructures. Its main objective is to establish a...
GHSA-76MW-6P95-X9X5 pac4j-core affected by a Java deserialization vulnerability
pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...
CVE-2023-25581
pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...
CVE-2023-25581 Deserialization of untrusted data in InternalAttributeHandler in pac4j
pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...
CVE-2023-25581
The CVE-2023-25581 entry concerns pac4j-core before 4.0.0, where a Java deserialization vulnerability in UserProfile attributes can be triggered by a serialized object with a {#sb64} prefix and Base64 encoding, potentially leading to RCE. Affected versions are prior to 4.0.0; 4.0.0 and later are ...
CVE-2024-43399
MobSF (Mobile Security Framework) prior to version 4.0.7 contains a Zip Slip vulnerability in the Static Libraries analysis when extracting .a files. The mitigation (decoding and string replacement) is bypassable (e.g., using sequences like ....//....//....//), allowing extraction to arbitrary se...
CVE-2024-43399 Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure...
Mobile Security Framework 安全漏洞
Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...
PT-2024-30558 · Unknown · Mobile Security Framework
Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.0.7 Description: The issue is related to a flaw in the Static Libraries analysis section of MobSF, specifically during the extraction of .a extension files. The measure intended to prevent Z...