#git

Equipment Rental Script version 1.0 suffers from a remote SQL injection vulnerability.

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1.

Cross-site Scripting (XSS) - Reflected in GitHub repository cecilapp/cecil prior to 7.47.1.

Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1.

Cross-site Scripting (XSS) - Reflected in GitHub repository cecilapp/cecil prior to 7.47.1.

Categories: Threat Intelligence Ransomware news in August was highlighted by the sudden fall of CL0P from the list of the monthly most active gangs, while Lockbit returned to the number one spot. (Read more...) The post Ransomware review: September 2023 appeared first on Malwarebytes Labs.

### Summary An remote Code exec vulnerability allows any unauthenticated user to exec code on the server. ### Details Hi,Team, i find openrefine support to import data from database,When use mysql jdbc to connect to database,It is vulnerable to jdbc url attacks,for example,unauthenticated attacker can get rce on the server through the mysql userializable If the mysql-connector-java version used on the server side is less than 8.20. In order for the server to enable deserialization we need to set the `autoDeserialize` and `queryInterceptors` parameters in the connection string,As same with https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-qqh2-wvmv-h72m, since the concatenation string is a direct concatenation, it is possible to inject the required parameters after the other parameters.  And there is a commons-beanutils dependency library on the server side, w...

### Summary An arbitrary file read vulnerability allows any unauthenticated user to read the file on the server._ ### Details Hi,Team, i find openrefine support to import data from database,When use mysql jdbc to connect to database,It is vulnerable to jdbc url attacks,for example,unauthenticated attacker can read the file on the server. There are some differences in utilization depending on the version of the mysql-connector dependency on the server side. 1. mysql-connector-java version > 8.14 The default value of `allowLoadLocalInfile` on the server side is false in this case.We need to manually set this value to true in the connection string. Since the way to get the databaseurl in `com/google/refine/extension/database/mysql/MySQLConnectionManager.java` is to splice the individual configurations directly, we can set the `allowLoadLocalInfile` parameter after the other parameters(for example the `databaseName` parameter ). ![image](https://user-images.githubusercontent.com/24...

### Summary _Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server._ The current implementation of `BaseUser.login` leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on it's own does not also enforce strong passwords (see [here](https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#implement-proper-password-strength-controls)), these lists of valid accounts are likely to be used in a password spray attack with the outcome being attempted takeover of user accounts on the platform. The impact of this vulnerability is minor as it requires chaining with other attack vectors in order to gain more then simply a list of valid users on the underlying platform. The likelihood of this vulnerability is possible as it requir...