47 matches found
CVE-2024-23453
Android Spoon app (versions 7.11.1–8.6.0) contains a hard-coded API key that can be retrieved by reverse-engineering the binary, enabling unauthorized access to an external service. Root cause: embedded credentials in the mobile app. Impact: local attacker could obtain the API key; impact consist...
Android App "Spoon" uses a hard-coded API key for an external service
Overview Android App "Spoon" provided by Spoon Radio Japan Inc. uses a hard-coded API key for an external service CWE-798. Yoshihito Sakai of BroadBand Security, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
JVN#96154238: Android App "Spoon" uses a hard-coded API key for an external service
Android App "Spoon" provided by Spoon Radio Japan Inc. uses a hard-coded API key for an external service CWE-798. Impact The hard-coded API key may be retrieved when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service. Note that t...
PT-2024-19877 · Unknown · Android Spoon
Name of the Vulnerable Software and Affected Versions: Android Spoon application versions 7.11.1 through 8.6.0 Description: The issue concerns the use of hard-coded credentials in the application, which could allow a local attacker to retrieve a hard-coded API key by reverse-engineering the...
Spoon Security Vulnerability
Spoon is a software from Spoon, a South Korean company that provides live streaming, talking, and chatting. A security vulnerability exists in Spoon versions 7.11.1 through 8.6.0. An attacker exploited the vulnerability to retrieve hard-coded API keys when reverse engineering application binaries...
CVE-2023-49752
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4...
CVE-2023-49752
CVE-2023-49752 pertains to the Adifier System WordPress Theme (Adifier – Classified Ads WordPress Theme) with an SQL Injection vulnerability in versions prior to 3.1.4. The root cause is improper handling/escaping of user input in SQL commands, enabling unauthenticated attackers to manipulate que...
CVE-2023-49752 WordPress Adifier System Plugin < 3.1.4 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4...
spoon-tamago.com Cross Site Scripting vulnerability OBB-3366076
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Cross-Site Scripting (XSS)
forkcms/forkcms is vulnerable to cross-site scripting. The vulnerability exists in the defineForkConstants function in Kernel.php because the spoon library charset is not handled properly, which allows an attacker to inject and execute arbitrary javascript via the publishondate parameter...
GHSA-2P2X-MW56-JC98 Spoon Library as used in Fork CMS allows PHP object injection
Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...
Spoon Library as used in Fork CMS allows PHP object injection
Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...
welshlovespoon.com Improper Access Control vulnerability OBB-2268634
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Cross-site Scripting (XSS)
spoon/library is vulnerable to cross-site scripting XSS attacks. A specifically crafted string injected through form attribute placeholders allows remote attackers to execute malicious scripts...
Cross-site Scripting (XSS)
Overview spoon/library is a PHP5 library used to build web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via getAttributesHTML in library/spoon/form/attributes.php due to lack of sanitization. In an affected application, an attacker could insert XSS...
spoon-petshop.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1158389 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Spoon Library Code Injection Vulnerability
Fork CMS is an open source content management system CMS developed in PHP. The system contains blogs , questions and answers , forms and other modules . Spoon Library is used in which a PHP library for building kickass Web applications . A code injection vulnerability exists in Spoon Library...
Remote Code Execution
spoon/library is vulnerable to remote code execution. Lack of validation of the cookie allows a remote attacker to submit a cookie containing malicious executable objects that will execute upon deserialization in the wakeup magic method in spoon/cookie/cookie.php...
CVE-2019-15521
Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...
Code injection
Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...