Lucene search
K

47 matches found

CVE
CVE
added 2024/01/23 11:12 p.m.94 views

CVE-2024-23453

Android Spoon app (versions 7.11.1–8.6.0) contains a hard-coded API key that can be retrieved by reverse-engineering the binary, enabling unauthorized access to an external service. Root cause: embedded credentials in the mobile app. Impact: local attacker could obtain the API key; impact consist...

5.5CVSS5.2AI score0.00163EPSS
Exploits0References3Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/23 7:53 a.m.3 views

Android App "Spoon" uses a hard-coded API key for an external service

Overview Android App "Spoon" provided by Spoon Radio Japan Inc. uses a hard-coded API key for an external service CWE-798. Yoshihito Sakai of BroadBand Security, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

5.5CVSS6.6AI score0.00163EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/23 12:0 a.m.32 views

JVN#96154238: Android App "Spoon" uses a hard-coded API key for an external service

Android App "Spoon" provided by Spoon Radio Japan Inc. uses a hard-coded API key for an external service CWE-798. Impact The hard-coded API key may be retrieved when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service. Note that t...

5.5CVSS5.3AI score0.00163EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/01/23 12:0 a.m.9 views

PT-2024-19877 · Unknown · Android Spoon

Name of the Vulnerable Software and Affected Versions: Android Spoon application versions 7.11.1 through 8.6.0 Description: The issue concerns the use of hard-coded credentials in the application, which could allow a local attacker to retrieve a hard-coded API key by reverse-engineering the...

5.5CVSS5.3AI score0.00163EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/01/23 12:0 a.m.6 views

Spoon Security Vulnerability

Spoon is a software from Spoon, a South Korean company that provides live streaming, talking, and chatting. A security vulnerability exists in Spoon versions 7.11.1 through 8.6.0. An attacker exploited the vulnerability to retrieve hard-coded API keys when reverse engineering application binaries...

5.5CVSS6.7AI score0.00163EPSS
Exploits0References3
NVD
NVD
added 2023/12/20 6:15 p.m.18 views

CVE-2023-49752

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4...

9.8CVSS0.00588EPSS
Exploits0References1
CVE
CVE
added 2023/12/20 5:38 p.m.116 views

CVE-2023-49752

CVE-2023-49752 pertains to the Adifier System WordPress Theme (Adifier – Classified Ads WordPress Theme) with an SQL Injection vulnerability in versions prior to 3.1.4. The root cause is improper handling/escaping of user input in SQL commands, enabling unauthenticated attackers to manipulate que...

9.8CVSS8.9AI score0.00588EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/20 5:38 p.m.23 views

CVE-2023-49752 WordPress Adifier System Plugin < 3.1.4 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4...

9.3CVSS10AI score0.00588EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2023/05/28 3:54 a.m.15 views

spoon-tamago.com Cross Site Scripting vulnerability OBB-3366076

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Veracode
Veracode
added 2022/08/15 4:13 a.m.21 views

Cross-Site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scripting. The vulnerability exists in the defineForkConstants function in Kernel.php because the spoon library charset is not handled properly, which allows an attacker to inject and execute arbitrary javascript via the publishondate parameter...

4.8CVSS5.6AI score0.00673EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/05/24 4:54 p.m.19 views

GHSA-2P2X-MW56-JC98 Spoon Library as used in Fork CMS allows PHP object injection

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...

9.8CVSS9.6AI score0.02482EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 4:54 p.m.22 views

Spoon Library as used in Fork CMS allows PHP object injection

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...

9.8CVSS7.3AI score0.02482EPSS
Exploits0References5Affected Software1
Openbugbounty
Openbugbounty
added 2021/11/14 1:1 a.m.12 views

welshlovespoon.com Improper Access Control vulnerability OBB-2268634

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.6AI score
Exploits0
Veracode
Veracode
added 2021/03/23 8:47 a.m.9 views

Cross-site Scripting (XSS)

spoon/library is vulnerable to cross-site scripting XSS attacks. A specifically crafted string injected through form attribute placeholders allows remote attackers to execute malicious scripts...

5.7AI score
Exploits0
Snyk
Snyk
added 2021/01/08 9:57 a.m.1 views

Cross-site Scripting (XSS)

Overview spoon/library is a PHP5 library used to build web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via getAttributesHTML in library/spoon/form/attributes.php due to lack of sanitization. In an affected application, an attacker could insert XSS...

7.1CVSS5.2AI score
Exploits0References3
Openbugbounty
Openbugbounty
added 2020/05/10 1:58 p.m.13 views

spoon-petshop.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1158389 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

0.5AI score
Exploits0
CNVD
CNVD
added 2019/08/28 12:0 a.m.5 views

Spoon Library Code Injection Vulnerability

Fork CMS is an open source content management system CMS developed in PHP. The system contains blogs , questions and answers , forms and other modules . Spoon Library is used in which a PHP library for building kickass Web applications . A code injection vulnerability exists in Spoon Library...

9.8CVSS7.6AI score0.02482EPSS
Exploits0References1
Veracode
Veracode
added 2019/08/27 5:54 a.m.19 views

Remote Code Execution

spoon/library is vulnerable to remote code execution. Lack of validation of the cookie allows a remote attacker to submit a cookie containing malicious executable objects that will execute upon deserialization in the wakeup magic method in spoon/cookie/cookie.php...

9.8CVSS5AI score0.02482EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2019/08/26 1:15 p.m.13 views

CVE-2019-15521

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...

9.8CVSS9.6AI score0.02482EPSS
Exploits0References3
Prion
Prion
added 2019/08/26 1:15 p.m.15 views

Code injection

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...

7.5CVSS9.5AI score0.02482EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder