104 matches found
CVE-2024-13111
A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl of the component JWT Token...
CVE-2024-13111
The CVE-2024-13111 entry affects Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected is an unknown functionality within src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl of the JWT Token Handler, leading to improper authentication. The issue ca...
CVE-2024-13111 Beijing Yunfan Internet Technology Yunfan Learning Examination System JWT Token SysUserControl improper authentication
A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl of the component JWT Token...
CVE-2024-11619
A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown functionality of the component JWT Token Handler. The manipulation leads to use of default cryptographic key. The complexity of an attack is rather high. The...
CVE-2024-11619
A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown functionality of the component JWT Token Handler. The manipulation leads to use of default cryptographic key. The complexity of an attack is rather high. The...
CVE-2024-11619
The CVE-2024-11619 issue affects macrozheng mall up to version 1.0.3, specifically the JWT Token Handler component. Root cause: use of a default cryptographic key, which can compromise confidentiality/integrity if exploited. Exploitation complexity is described as high and exploitation is difficu...
CVE-2024-11619 macrozheng mall JWT Token default key
A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown functionality of the component JWT Token Handler. The manipulation leads to use of default cryptographic key. The complexity of an attack is rather high. The...
PT-2024-17140 · Unknown · Macrozheng Mall
Name of the Vulnerable Software and Affected Versions: macrozheng mall versions up to 1.0.3 Description: A problematic issue has been found in the JWT Token Handler component, leading to the use of a default cryptographic key. The complexity of an attack is rather high, and exploitation is known ...
CVE-2024-7659
A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to...
CVE-2024-7659
A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to...
CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values
A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to...
The vulnerability of the Access Token Handler component in the software integration control panel for IBM App Connect Enterprise allows a malicious actor to obtain confidential calendar information using an access token with an expired validity period.
The vulnerability of the Access Token Handler component in the software integration control panel for IBM App Connect Enterprise is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to obtain confidential calendar information using ...
The vulnerability of the Access Token Handler component of the JetBrains YouTrack software suite for managing projects and tasks allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Access Token Handler component of the JetBrains YouTrack software for managing projects and tasks is related to insufficient protection of registration data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to...
The vulnerability of the JWE Token Handler component in JavaScript object signing and encryption technologies is related to an uncontrolled resource consumption, allowing attackers to cause service failures.
The vulnerability of the JWE Token Handler component in JavaScript object signing and encryption technologies with Python is related to high resource consumption during decryption using the created JSON Web Encryption token. Exploiting this vulnerability can allow a malicious actor to cause servi...
PT-2024-4825 · Jetbrains · Youtrack
Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.2.34646 Description: The issue is related to insufficient protection of registration data in the Access Token Handler component. This could allow a remote attacker to gain unauthorized access to...
The vulnerability of the Authentication Token Handler component in the IntelliJ IDEA integrated development environment allows a attacker to send the authentication token to any arbitrary URL.
The vulnerability of the Authentication Token Handler component in the IntelliJ IDEA integrated development environment exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to send authentication tokens to any specified URL...
The vulnerability of the Session Token Handler component in the application for creating supplements, related to integrating external data sources with the Splunk Add-on Builder platform, arises from improper processing of output data for registration logs. This allows a malicious actor to gain unauthorized access to edit the application.
The vulnerability of the Session Token Handler component in application add-ons for integrating external data sources with the Splunk Add-on Builder platform is related to improper processing of output data for registration logs. Exploiting this vulnerability allows a malicious actor, operating...
CVE-2014-125057
A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument token leads to incorrect comparison. It is possible to initiate the attack...
Cross site request forgery (csrf)
A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument token leads to incorrect comparison. It is possible to initiate the attack...
CVE-2014-125057 mrobit robitailletheknot CSRF Token filters.php comparison
A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument token leads to incorrect comparison. It is possible to initiate the attack...