MAL-2025-8076 Malicious code in @ice-desktop/uikit-whitelabel (npm)

The package @ice-desktop/uikit-whitelabel was found to contain malicious code...

Malicious code in @ice-desktop/uikit-whitelabel (npm)

The package @ice-desktop/uikit-whitelabel was found to contain malicious code...

VulnCheck KEV: CVE-2016-4977

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...

MAL-2024-1323 Malicious code in @socialdeal/uikit-whitelabel (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d53c0749d21786a6b7eeea319c37d26573f1ded671dc9cbed9e4508d9b65a2c0 The OpenSSF Package Analysis project identified '@socialdeal/uikit-whitelabel' @ 999.100.1 npm as malicious. It is considered malicious because:...

Malicious code in agency-web-whitelabel (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f7130e18253c6f61e2fded27099f5042425401a0afb2eefc8858aab790e069c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-890 Malicious code in agency-web-whitelabel (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f7130e18253c6f61e2fded27099f5042425401a0afb2eefc8858aab790e069c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Spring Boot < 1.2.8 / 1.3.0 Whitelabel Error Page Remote Code Execution

Pivotal Spring Boot is a Java framework designed to help developers create minimal Spring based applications. Spring applications provide the Spring Expression Language SpEL which is a powerful expression language for querying and manipulating an object graph at runtime. Spring Boot versions belo...

GHSA-7Q9C-H23X-65FQ Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...

Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...

Chaturbate: Bypass subdomain limits using race condition

The hacker found that it was possible to add more than the limit of 5 whitelabel subdomains. The 5 limit is a soft limit, however we resolved this...

MyTy 5.1.7 Cross Site Scripting Vulnerability

MyTy versions 5.0.4 through 5.1.7 suffer from a cross site scripting vulnerability. Product: MyTy Vendor: Finlane GmbH CSNC ID: CSNC-2017-030 CVE ID: - Subject: Reflected Cross-Site Scripting XSS Risk: High Effect: Remotely exploitable Author: Nicolas Heiniger Date: 21.11.2017 Introduction:...

Design/Logic Flaw

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...

CVE-2016-4977

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...

Spring Security Oauth remote code execution vulnerability

Author: p0wd3r 知道创宇404安全实验室 Date: 2016-10-17 0x00 漏洞概述 1.漏洞简介 Spring Security OAuth是为Spring框架提供安全认证支持的一个模块，在7月5日其维护者发布了这样一个升级公告，主要说明在用户使用Whitelabel views来处理错误时，攻击者在被授权的情况下可以通过构造恶意参数来远程执行命令。漏洞的发现者在10月13日公开了该漏洞的挖掘记录。 2.漏洞影响 授权状态下远程命令执行 3.影响版本 2.0.0 to 2.0.9 1.0.0 to 1.0.5 0x01 漏洞复现 1. 环境搭建 bash...