29 matches found
CVE-2023-25402
CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload...
EUVD-2023-30572
Malicious code in bioql PyPI...
EUVD-2023-30573
Malicious code in bioql PyPI...
EUVD-2023-29357
Malicious code in bioql PyPI...
CVE-2023-26779
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution RCE...
CVE-2023-26780
CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection...
CVE-2023-25403
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication...
CVE-2023-26779
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution RCE...
CVE-2023-25402
CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload...
CVE-2023-26779
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution RCE...
Unrestricted file upload
CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload...
Deserialization of untrusted data
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution RCE...
CVE-2023-26779
CVE-2023-26779 affects CleverStupidDog yf-exam v1.8.0. The vulnerability is described as a Deserialization flaw that can lead to Remote Code Execution (RCE). CVSS 3.1 base score 9.8 (CRITICAL) with NETWORK attack vector, low attack complexity, no privileges or user interaction required, and impac...
CVE-2023-25402
The CVE-2023-25402 entry concerns CleverStupidDog yf-exam 1.8.0. The Red Hat, NVD, and other sources confirm an unrestricted file upload vulnerability caused by no suffix/file-type validation, enabling uploading of arbitrary files. Impact stated: potential for arbitrary file upload with high inte...
CVE-2023-25403
CVE-2023-25403 affects CleverStupidDog yf-exam v1.8.0. Root cause: authentication bypass due to a fixed JWT key and a stored key that uses username-format characters. Any user who logged in within 24 hours can forge a token with their username to bypass authentication. Impact: authentication can ...
CVE-2023-25402
CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload...
CVE-2023-26779
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution RCE...
yf-exam 安全漏洞
yf-exam CloudFan Training Exam System is a training exam system for CleverStupidDog individual developers. A security vulnerability exists in CleverStupidDog yf-exam version 1.8.0, which stems from the presence of an authentication bypass vulnerability that allows any user logged in within 24 hou...
yf-exam 代码问题漏洞
yf-exam CloudFan Training Exam System is a training exam system for CleverStupidDog individual developers. A security vulnerability exists in CleverStupidDog yf-exam version 1.8.0, which stems from the lack of restriction on the suffix of uploaded files, resulting in an arbitrary file upload...
yf-exam 代码问题漏洞
yf-exam CloudFan Training and Exam System is a training and exam system for CleverStupidDog individual developers. A security vulnerability exists in CleverStupidDog yf-exam version 1.8.0, which stems from the presence of a deserialization vulnerability that can be exploited by an attacker to cau...