SugarCRM 12.2.0 PHP Object Injection Vulnerability

Post ContentRead More ...

Continue Reading

August 24, 2023

CVSS3 - HIGH

CVSS2 - MEDIUM

Authorization Bypass

gitlab is vulnerable to Authorization Bypass. The vulnerability allows a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsusp ...

Continue Reading

August 23, 2023

CVSS3 - LOW

CVSS2 - LOW

SugarCRM 12.2.0 Bean Manipulation

Post ContentRead More ...

Continue Reading

August 23, 2023

CVSS3 - HIGH

CVSS2 - MEDIUM

SugarCRM 12.2.0 PHP Object Injection

Post ContentRead More ...

Continue Reading

August 23, 2023

CVSS3 - HIGH

CVSS2 - MEDIUM

Tackling the OAuth2 Client component model in Spring Security

In Spring Security 5, we saw many developments in the OAuth2 story with the introduction of OAuth2 Resource Server and OAuth2 Client into the framework. Today, it is quite convenient to develop applic ...

Continue Reading

August 23, 2023

How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes

[![Investigate an OAuth Grant](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)]() From a user's perspective, OAuth works like magic. ...

Continue Reading

August 21, 2023

mTLS: When certificate authentication is done wrong

Although [X.509]() certificates have been here for a while, they have become more popular for client authentication in zero-trust networks in recent years. Mutual TLS, or authentication based on X.509 ...

Continue Reading

August 18, 2023

CVSS3 - HIGH

CVSS2 - MEDIUM

Jenkins Tuleap Authentication Plugin non-constant time token comparison

Jenkins Tuleap Authentication Plugin 1.1.20 and earlier does not use a constant-time comparison when checking whether two authentication tokens are equal. This could potentially allow attackers to use ...

Continue Reading

August 17, 2023

1 125 126 127 128 129 193

Back to Main
Subscribe for the latest news: