#java

The Ewon Cosy+ is a VPN gateway used for remote access and maintenance in industrial environments. The credentials used for the basic authentication against the web interface of Cosy+ are stored in the cookie "credentials" after a successful login. An attacker with access to a victim's browser is able to retrieve the administrative password of Cosy+.

The Ewon Cosy+ is a VPN gateway used for remote access and maintenance in industrial environments. If login against the FTP service of the Cosy+ fails, the submitted username is saved in a log. This log is included in the Cosy+ web interface without neutralizing the content. As a result, an unauthenticated attacker is able to inject HTML/JavaScript code via the username of an FTP login attempt.

Jobs Finder System version 1.0 suffers from a remote SQL injection vulnerability.

Human Resource Management System 2024 version 1.0 suffers from an ignored default credential vulnerability.

Bhojon Restaurant Management System version 3.0 suffers from an ignored default credential vulnerability.

Ubuntu Security Notice 6963-1 - It was discovered that GNOME Shell incorrectly opened the portal helper automatically when detecting a captive network portal. A remote attacker could possibly use this issue to load arbitrary web pages containing JavaScript, leading to resource consumption or other attacks.

Red Hat Security Advisory 2024-5482-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include denial of service and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2024-5481-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include denial of service and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2024-5479-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include denial of service and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2024-5322-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass, out of bounds read, and use-after-free vulnerabilities.