56,596
questions
-1
votes
0
answers
16
views
Privilege escalation issue in Spring MVC project
I am dealing with an issue in spring MVC application
in my application menus are visible to user based on role based menu access logic in db.
even though user is able to see only the menus mapped as ...
-2
votes
1
answer
95
views
Vulnerabilities in spring-webmvc-5.3.39 to 5.3.40 [closed]
I'm using Spring Web MVC v5.3.39 and I'm affected by vulnerability CVE-2024-38816. According to the advisory message of GitHub, I should update to Spring Web MVC v5.3.40.
However, I can't find the ...
-1
votes
1
answer
51
views
Libexpat Vulnerabilities exists in python:3.11-slim Docker Image
There are three vulnerabilities: CVE-2024-45490, CVE-2024-45491 and CVE-2024-45492).
It looks, these vulnerabilities get fixed as part of https://github.com/python/cpython/issues/123678
But when I ...
0
votes
0
answers
35
views
How to access locally saved credential data of a user from the SYSTEM context?
I am building an application that requires deletion of saved credentials (Web credentials, windows credentials saved within credential manager) of a user. My process is running in the SYSTEM context.
...
0
votes
1
answer
14
views
Is it more secure to change a forgotten password with a token or to send a one-time password in plain text?
I inherited web software where the forgotten password page sends a new password to the user by email. I plan to change that and I am now searching for arguments why one of the two methods below (or ...
-1
votes
0
answers
28
views
Why aren't data URL schemes in href attributes sanitized by default by Angular?
I'm building a simple Angular application where I'm experimenting with different ways of binding potentially unsafe content. Here's the component code I'm using:
@Component({
selector: 'app-root',
...
0
votes
0
answers
31
views
crafted icmp reply or tcp rst-syn cannot be received
I try to craft an icmp echo reply (type=0) or a tcp rst-syn (flags="RA") sent by VM-A (ubuntu22.04, ip=192.168.22.241) and cannot be received by VM-B (ubuntu22.04, ip=192.168.22.241).
icmp ...
0
votes
0
answers
35
views
How can I secure my Android app from CVE-2024 vulnerabilities and detect which CVEs affect my app?
I'm developing an Android app and I'm concerned about potential vulnerabilities related to CVE-2024. I would like to better understand how I can secure my app from these vulnerabilities and how to ...
0
votes
3
answers
57
views
Is it possible to have SQL Injection in Java PreparedStatement without setString() or setInt() methods? [duplicate]
In Java, if a user input is directly appended to an SQL query without using methods like setString() or setInt(), but the query is executed using a PreparedStatement, is it still considered SQL ...
1
vote
0
answers
30
views
How to Implement a Custom Dynamic Authentication and Authorization System for ASP.NET Core Web API with Angular?
Hello I am working on a large-scale project with the following technology stack:
Backend: ASP.NET Core Web API
Frontend: Angular
The primary challenge is designing and implementing a custom, dynamic ...
0
votes
1
answer
37
views
Secrets Manager structure in AWS
I want to start using secrets manager in my business, but I have a question concerning the structure.
should I create a unique value per secret? or should I use one secret per platform? example:
...
-3
votes
0
answers
25
views
Webdev security in frontend [closed]
Im new to web development and I have question about security, if any js code can be modified from browser how can you achieve completely protected routes? Im using react as frontend and nodejs/express ...
-3
votes
0
answers
19
views
I don't understand ipsec [closed]
ESP, IKev2, Child SA
Can you explain what is Child SA? Is this exchange used only for rekey IKEv2 OR ESP or this exchange is used for rekey IKE SA AND Child SA at the same time?
What is IKE SA? Is ...
0
votes
0
answers
34
views
How can I resolve the error "relative path not allowed in hardened program" when loading an SQLite3 extension in Go using the following code?
sql.Register("sqlite3_with_extensions",
&sqlite3.SQLiteDriver{
Extensions: []string{
"regex_match",
},
})
I am working on loading an SQLite3 extension in Go, ...
0
votes
0
answers
26
views
Extjs 4.2 JavaScript_Server_Side_Vulnerabilities/Stored_Code_Injection
My customer's company run a vulnerability check with some tool and (aside others) found the vulnerability "JavaScript_Server_Side_Vulnerabilities/Stored_Code_Injection" on the extjs base ...