spring-framework: RCE via Data Binding on JDK 9+

A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain...

GHSA-36P3-WJMG-H94X Remote Code Execution in Spring Framework

Spring Framework prior to versions 5.2.20 and 5.3.18 contains a remote code execution vulnerability known as Spring4Shell. Impact A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the...

Rails Unsafe Reflection

Ruby On Rails is a popular framework used to build web applications based on the Model-View-Controller MVC architectural pattern. Ruby On Rails provides a method called constantize which allows developers to dynamically find a constant by using a string. The most common usage of this method is to...

Revenera FlexNet Code Insight 授权问题漏洞

Revenera FlexNet Code Insight is a single integrated solution for open source license compliance and security from Revenera, Germany. An authorization issue vulnerability exists in Code Insight because the product does not effectively handle Spring MVC responses, which can be exploited to cause a...

Rails Mass Assignment

Ruby On Rails is a popular framework used to build web applications based on the Model-View-Controller MVC architectural pattern. A mass assignment vulnerability occurs when an application automatically performs the mapping between a request parameters and a model attributes. This vulnerability c...

Matteo Piovanelli Orchard 代码问题漏洞

Matteo Piovanelli Orchard is a Matteo Piovanelli open source application. A free, open source, community-centered content management system built on the ASP.NET MVC platform. A security vulnerability exists in Orchard versions prior to 1.10, which stems from a vulnerability that allows an attacke...

SQL injection vulnerability in TEMMOKUMVC in***.php file

TEMMOKUMVC is Pizhou Tianmu Network Technology Co., Ltd. developed a professional PHP MySQL products , using independent MVC framework for large and medium-sized enterprises and open source MVC. TEMMOKUMVC in.php file has a SQL injection vulnerability . Attackers can exploit the vulnerability to...

Logic Flaw Vulnerability in Dream CMS

Dream CMS is developed using php language and mysql database, and adopts the mainstream MVC design model. A logic flaw vulnerability exists in Dream CMS, which can be exploited by attackers to affect the integrity of the system...

XSS Vulnerability in Blog-System Personal Blog System

Blog-System personal blog system based on Spring Spring MVC Mybatis Maven way to build. Blog-System personal blog system has an XSS vulnerability that can be exploited by attackers to obtain user cookie information...

Dream CMS LmxCMS has an arbitrary file deletion vulnerability

LmxCMS is developed using php language and mysql database, and adopts the mainstream MVC design model. Dream CMS LmxCMS has an arbitrary file deletion vulnerability that can be exploited by attackers to cause arbitrary file deletion...

SQL Injection Vulnerability in QCMS Backend

QCMS website management system is a PHP lightweight system developed through MVC architecture. There is a SQL injection vulnerability in the backend of QCMS, which can be exploited by attackers to obtain sensitive database information...

Command Execution Vulnerability in QCMS

QCMS website management system is a PHP lightweight system developed through MVC architecture. QCMS has a command execution vulnerability that can be exploited by attackers to gain server privileges...

PT-2018-13871 · Telerik · Telerik Extensions For Asp.Net Mvc

Name of the Vulnerable Software and Affected Versions: Telerik Extensions for ASP.NET MVC all versions Description: The issue allows a remote attacker to access files inside the server's web directory because it does not properly restrict access to these files. This product has been obsolete sinc...

Apple iOS SafariViewController Address Bar Spoofing Vulnerability

Apple iOS is an operating system developed by Apple for mobile devices, and SafariViewController is one of the web browser components. A security vulnerability exists in the SafariViewController component in versions of Apple iOS prior to 12. The vulnerability can be exploited by an attacker to...

File Inclusion Vulnerability in LankeCMS

LankeCMS Lanke Enterprise Website System is developed with PHP+MYSQL technology and MVC mode, with clear architecture and easy-to-maintain code. Support pseudo-static function, can generate google and baidu map, support custom url, keywords and description, in line with SEO standards. LankeCMS fi...

Apple iOS 'SavaReVIEW Controller' Component Spoofing Vulnerability

Apple iOS is an operating system developed by Apple for mobile devices, and SafariViewController is one of the web browser components. A security vulnerability exists in the SafariViewController component in Apple iOS versions prior to 11.3. A remote attacker can exploit this vulnerability to gai...

CVE-2018-4149

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "SafariViewController" component. It allows remote attackers to spoof the user interface via a crafted web site that leverages input into a partially loaded page...

File Containment Vulnerability in iWebShop Open Source Mall System

iWebShop is an open source WEB e-commerce B2B2C platform self-supporting + merchants stationed station-building system based on PHP language + MYSQL database development, using the MVC architecture Yii framework thinking design pattern carefully designed a product. iWebShop open source mall syste...

XSS Vulnerability in HYBBS 1.5.34 CMS

HYBBS is based on HYPHP framework, the framework is a MVC structure program. XSS vulnerability exists in HYBBS 1.5.34 CMS. An attacker can use this vulnerability to implant cross-site code, obtain sensitive information such as user cookies, close cross-site pop-up boxes, and also obtain page path...

The vulnerability of the iOS operating system, which allows a perpetrator to obtain confidential information

The vulnerability of the SafariViewController component in the iOS operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to obtain confidential information by exploiting synchronization errors during cache cleanup...