#web

Cybercriminals are using fake Social Security Administration emails to distribute the ScreenConnect RAT (Remote Access Trojan) and compromise…

Now the US director of national intelligence, Gabbard failed to follow basic cybersecurity practices on several of her personal accounts, leaked records reviewed by WIRED reveal.

A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities. ### Impact Cross-site scripting (XSS) vulnerability in the management console. ### Patches Fixed in [HAL 3.7.11.Final](https://github.com/hal/console/releases/tag/v3.7.11) ### Workarounds No workaround available

Cybercriminals aren’t always loud and obvious. Sometimes, they play it quiet and smart. One of the tricks of…

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the modules/apps/marketplace/marketplace-app-manager-web.

### Summary It seems that when running **goshs** without arguments it is possible for anyone to execute commands on the server. This was tested on version **1.0.4** of **goshs**. The command function was introduced in version **0.3.4**. ### Details It seems that the function ```dispatchReadPump``` does not checks the option cli ```-c```, thus allowing anyone to execute arbitrary command through the use of websockets. ### PoC Used **websocat** for the POC: ```bash echo -e '{"type": "command", "content": "id"}' |./websocat 'ws://192.168.1.11:8000/?ws' -t ``` ### Impact The vulnerability will only impacts goshs server on vulnerable versions.

### Summary Due to a validation error in `got.scpaping`, it is possible to use an HTTP redirect to avoid IP filtering. ### Details In `got.scpaping`, Summaly first makes a HTTP `HEAD` request to the page being summarized. It then preforms private IP address checks on the `HEAD` response, then makes an additional HTTP `GET` request to the page being summarized. Unfortunately, since private IP address checks aren't performed on the `GET` response, the `GET` response can issue a HTTP redirect to a private IP address, which will succeed, regardless of if private IP addresses are allowed by Summaly. ### PoC With a simple Caddy webserver, you can get Summaly to summarize a page hosted via a local IP address: ```caddy @summaly-bypass-head { method HEAD path /summaly-bypass } @summaly-bypass-get { method GET path /summaly-bypass } header @summaly-bypass-head Content-Type "text/html" respond @summaly-bypass-head 200 redir @summaly-bypass-get http://127.0.0.1:3080/ ``` ### Imp...

Disney was hit by two major 2024 cyberattacks, an ex-employee’s sabotage and a hacker’s AI trap, exposing internal…

## Impact: A security issue has been found in `terraform-provider-windns` before version `1.0.5`. The `windns_record` resource did not santize the input variables. This can lead to authenticated command injection in the underlyding powershell command prompt. ## Patches: [`83ef736 (fix: better input validation)`](https://github.com/nrkno/terraform-provider-windns/commit/c76f69610c1b502f90aaed8c4f102194530b5bce) ## Fixed versions: - `v1.0.5`

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be executed. The exploit is only applicable if the client code of parquet-avro uses the "specific" or the "reflect" models deliberately for reading Parquet files. ("generic" model is not impacted) Users are recommended to upgrade to 1.15.2 or set the system property "org.apache.parquet.avro.SERIALIZABLE_PACKAGES" to an empty string on 1.15.1. Both are sufficient to fix the issue.