#java

webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader.

BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file.

As part of Checkmarx's mission to help organizations develop and deploy secure software, the Security Research team started looking at the security posture of major car manufacturers. Porsche has a well-established Vulnerability Reporting Policy (Disclosure Policy)[1], it was considered in scope for our research, so we decided to start there, and see what we could find. What we found is an

A legitimate Windows search feature is being exploited by malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT. The novel attack technique, per Trellix, takes advantage of the "search-ms:" URI protocol handler, which offers the ability for applications and HTML links to launch custom local

Categories: Exploits and vulnerabilities Categories: News Tags: Zimbra Tags: ZCS Tags: CVE-2023-38750 Tags: CISA Tags: CVE-2023-0464 Tags: TAG Tags: XSS Tags: JSP Tags: XML Tags: Zimbra has released ZCS 10.0.2 that fixes two security issues, including the known bug that could lead to exposure of internal JSP and XML files. (Read more...) The post Zimbra issues awaited patch for actively exploited vulnerability appeared first on Malwarebytes Labs.

Directory traversal vulnerability in Jinfornet Jreport 15.6 allows unauthenticated attackers to gain sensitive information.

## Impact The mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. See https://jira.xwiki.org/browse/XWIKI-20601 for the reproduction steps. ## Patches This has been patched in XWiki 14.10.9, and XWiki 15.3-rc-1. ## Workarounds The workaround is to modify the page XWiki.LiveTableResultsMacros following this [patch](https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c). ## References - https://jira.xwiki.org/browse/XWIKI-20601 - https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c ## For more information If you have any questions or comments about this advisory: - Open an issue in [Jira XWiki.org](https://jira.xwiki.org/) - Email us at [Security Mailing List](mailto:security@xwiki.org)

By Owais Sultan Unlocking the Power: Key Benefits of Java and Hiring a Java Web Application Development Company. This is a post from HackRead.com Read the original post: Benefits of hiring a Java web application development company

Buzzy News Viral Lists Polls and Videos version 2.5.1 appears to leave default credentials installed after installation.

A vulnerability, which was classified as problematic, was found in GZ Scripts Availability Booking Calendar PHP 1.0. This affects an unknown part of the file /index.php?controller=GzUser&action=edit&id=1 of the component Image Handler. The manipulation of the argument img leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235569 was assigned to this vulnerability.