#java

Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script.  Users are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not.

Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known as ResumeLooters since early 2023 with the goal of stealing sensitive data. Singapore-headquartered Group-IB said the hacking crew's activities are geared towards job search platforms and the theft of resumes, with as many as 65

The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue.

### Summary Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leading to allow execute JavaScript code in client side (XSS) ### Details On that snippet code of rendering the file attachments from user tables ``` <?php foreach ($crumbs as $item) : ?> <tr id="attachment_<?= $item->id ?>" title="<?= $item->thema ?>"> <td><?= $item->id ?></td> <td><?= $item->filename ?></td> <td><?= $item->record_lang ?></td> <td><?= Utils::formatBytes($item->filesize) ?></td> <td><?= $item->mime_type ?></td> <td> ``` The data directly rendering with short hand echo without any sanitation first, its recommend to use existing class of `Strings::htmlentities` on use `phpMyFAQ\Strings;` ``` <td><?= Strings::htmlentities($item->filename); ?></td> <td><?= Strings::htmlentities($item->record_lang); ?></td> <td><?= Utils::formatBytes($item->filesize) ?></td> <td><?= Strings::htmlentities($item->mime_type); ?></td> ``` Propo...

WhatsUp Gold 2022 version 22.1.0 Build 39 suffers from a persistent cross site scripting vulnerability.

This Metasploit module exploits a vulnerability in Fortra GoAnywhere MFT that allows an unauthenticated attacker to create a new administrator account. This can be leveraged to upload a JSP payload and achieve RCE. GoAnywhere MFT versions 6.x from 6.0.1, and 7.x before 7.4.1 are vulnerable.

Debian Linux Security Advisory 5613-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking sensitive data to log files, denial of service or bypass of sandbox restrictions.

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-34q3-p352-c7q8. This link is maintained to preserve external references. ## Original Description Central Dogma versions prior to 0.64.0 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass.

## Impacted Resources bref/src/Event/Http/HttpResponse.php:61-90 ## Description When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. Precisely, if PHP generates a response with two headers having the same key but different values only the latest one is kept. ## Impact If an application relies on multiple headers with the same key being set for security reasons, then Bref would lower the application security. For example, if an application sets multiple `Content-Security-Policy` headers, then Bref would just reflect the latest one. ## PoC 1. Create a new Bref project. 2. Create an `index.php` file with the following content: ```php <?php header("Content-Security-Policy: script-src 'none'", false); header("Content-Security-Policy: img-src 'self'", false); ?> <script>alert(document.domain)</script> <img src="https://bref.sh/favicon-32x32.png"> ``` 3. Use the following `serverless.yml` to deploy the Lambda: ```yaml se...

The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network. "The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications as possible," web infrastructure and security