Security
Headlines
HeadlinesLatestCVEs

Tag

#java

ABB Cylon Aspect 3.08.03 (Java/PHP) Log Forging

Multiple PHP and Java components across the system fail to properly sanitize user-supplied input before including it in application logs. In PHP, files like supervisorProxy.php directly embed values such as $_SERVER['REQUEST_URI'] and raw POST bodies into log messages without filtering, enabling attackers to inject arbitrary log entries using encoded newline characters. Similarly, Java classes using LoggerUtil.logger.* methods concatenate user-controlled strings like usernames and cookie keys into logs without validation. This systemic flaw allows for log forging, manipulating log content to obfuscate activity, insert misleading entries, or facilitate follow-up attacks.

Zero Science Lab
#vulnerability#web#linux#apache#java#intel#php#perl
ABB Cylon Aspect 3.08.03 (MIX->NTPServlet) Time Manipulation

ABB Cylon Aspect MIX's NTPServlet allows NTP config changes via the Host: 127.0.0.1 bypass, writing attacker-controlled hosts to NTPTickers and syncing the system clock. A malicious NTP server can manipulate time, enabling DoS or time-based attacks.

ABB Cylon Aspect 3.08.03 (MIX->HTTPDownloadServlet) File Deletion

ABB Cylon Aspect BMS/BAS is vulnerable to a critical flaw in the AuthenticatedHttpServlet within its application server, enabling remote attackers to bypass authentication by setting the Host: 127.0.0.1 header. This deceives the server into processing requests as if they originate from localhost, granting unauthorized access to privileged operations. This bypass grants access to privileged functionality, including the HTTPDownloadServlet, which is vulnerable to directory traversal. By leveraging this, an attacker can delete arbitrary PHP files outside the intended directory scope.

ABB Cylon Aspect 3.08.03 (login.php) Obscure Authentication Bypass

The ABB Cylon Aspect BAS controller allows login using guest:guest, which initiates a web session but restricts access to administrative features by returning an 'Invalid Admin Username and/or Password' message. However, the session is still active and valid within the HMI environment. Despite failed privilege validation in the login flow, direct navigation to /setup.php bypasses authentication and authorization controls entirely. This endpoint serves as the administrative dashboard and allows full configuration access, including the ability to change credentials for the privileged aamuser account. This flaw results in privilege escalation from a limited guest session to full administrative control, compromising the integrity of the system.

ABB Cylon Aspect Studio 3.08.03 (CylonLicence.dll) Binary Planting

A DLL hijacking vulnerability exists in Aspect-Studio version 3.08.03, where the application attempts to load a library named CylonLicence via System.loadLibrary("CylonLicence") without a full path, falling back to the standard library search order. If an attacker can plant a malicious CylonLicence.dll in a writable directory that is searched before the legitimate library path, this DLL will be loaded and executed with the privileges of the user running the application. This flaw enables arbitrary code execution and can be exploited for privilege escalation or persistence, especially in environments where the application is executed by privileged users.

Feds Charge 16 Russians Allegedly Tied to Botnets Used in Ransomware, Cyberattacks, and Spying

A new US indictment against a group of Russian nationals offers a clear example of how, authorities say, a single malware operation can enable both criminal and state-sponsored hacking.

UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware

Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader.

GHSA-q53q-gxq9-mgrj: Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF. The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.

GHSA-rhfv-688c-p6hp: XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right

### Impact In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are editing documents on which required rights are enforced can be sure that they're not giving a right to a script or object that it didn't have before. A bug in the implementation of the enforcement of this rule means that in fact, it was possible for any user with edit right on a document to set programming right as required right. If then a user with programming right edited that document, the content of that document would gain programming right, allowing remote code execution. This thereby defeats most of the security benefits of required rights. As XWiki still performs the required rights analysis when a user edits a page even when required rights are enforced, the user with programming right would still be warned a...

GHSA-9pp5-9c7g-4r83: Spring Security authorization bypass for method security annotations on private methods

Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: * You are using @EnableMethodSecurity(mode=ASPECTJ) and spring-security-aspects, and * You have Spring Security method annotations on a private method In that case, the target method may be able to be invoked without proper authorization. You are not affected if: * You are not using @EnableMethodSecurity(mode=ASPECTJ) or spring-security-aspects, or * You have no Spring Security-annotated private methods