name: Joomla Helpdesk Pro plugin before 1.4.0 - Local File Disclosure
4
+
author: 0x_Akoko
5
+
severity: high
6
+
description: Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.
description: Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile
name: Vehicle Service Management System - Cross Site Scripting
5
+
author: TenBird
6
+
severity: medium
7
+
description: |
8
+
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.
name: Directory Management System 1.0 - SQLi Authentication Bypass
5
+
author: TenBird
6
+
severity: critical
7
+
description: |
8
+
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.
This library supports the parsing and verification as well as the generation and signing of JWTs. Current supported signing algorithms are HMAC SHA, RSA, RSA-PSS, and ECDSA, though hooks are present for adding your own.
38
38
39
+
## Installation Guidelines
40
+
41
+
1. To install the jwt package, you first need to have [Go](https://go.dev/doc/install) installed, then you can use the command below to add `jwt-go` as a dependency in your Go program.
42
+
43
+
```sh
44
+
go get -u github.com/golang-jwt/jwt/v4
45
+
```
46
+
47
+
2. Import it in your code:
48
+
49
+
```go
50
+
import "github.com/golang-jwt/jwt/v4"
51
+
```
52
+
39
53
## Examples
40
54
41
-
See [the project documentation](https://pkg.go.dev/github.com/golang-jwt/jwt) for examples of usage:
55
+
See [the project documentation](https://pkg.go.dev/github.com/golang-jwt/jwt/v4) for examples of usage:
42
56
43
57
* [Simple example of parsing and validating a token](https://pkg.go.dev/github.com/golang-jwt/jwt#example-Parse-Hmac)
44
58
* [Simple example of building and signing a token](https://pkg.go.dev/github.com/golang-jwt/jwt#example-New-Hmac)
skipped 1 lines
46
60
47
61
## Extensions
48
62
49
-
This library publishes all the necessary components for adding your own signing methods. Simply implement the `SigningMethod` interface and register a factory method using `RegisterSigningMethod`.
63
+
This library publishes all the necessary components for adding your own signing methodsorkeyfunctions. Simply implement the `SigningMethod` interface and register a factory method using `RegisterSigningMethod`orprovidea`jwt.Keyfunc`.
50
64
51
-
A common use case would be integrating with different 3rd party signature providers, like key management services from various cloud providers or Hardware Security Modules (HSMs).
65
+
A common use case would be integrating with different 3rd party signature providers, like key management services from various cloud providers or Hardware Security Modules (HSMs)ortoimplementadditionalstandards.
| JWKS | Provides support for JWKS ([RFC 7517](https://datatracker.ietf.org/doc/html/rfc7517)) as a `jwt.Keyfunc` | https://github.com/MicahParks/keyfunc |
57
72
58
73
*Disclaimer*: Unless otherwise specified, these integrations are maintained by third parties and should not be considered as a primary offer by any of the mentioned cloud providers
As of February 2022 (and until this document is updated), the latest version `v4` is supported.
6
+
7
+
## Reporting a Vulnerability
8
+
9
+
If you think you found a vulnerability, and even if you are not sure, please report it to [email protected] or one of the other [golang-jwt maintainers](https://github.com/orgs/golang-jwt/people). Please try be explicit, describe steps to reproduce the security issue with code example(s).
10
+
11
+
You will receive a response within a timely manner. If the issue is confirmed, we will do our best to release a patch as soon as possible given the complexity of the problem.
12
+
13
+
## Public Discussions
14
+
15
+
Please avoid publicly discussing a potential security vulnerability.
16
+
17
+
Let's take this offline and find a solution first, this limits the potential impact as much as possible.