EUVD-2005-1083

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-10181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature...

NetScout nGeniusONE 安全漏洞

NetScout nGeniusONE is a centralized application management and network performance solution from NetScout, Inc. A security vulnerability exists in NetScout nGeniusONE versions prior to 6.4.0 b2350, which stems from the presence of hard-coded credentials in a JAR file...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sequoia that stems from a malicious JAR file that could bypass Gatekeeper checks...

firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was...

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized...

Fedora: Security Advisory for maven-jar-plugin (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: maven-jar-plugin-3.3.0-6.fc40

Builds a Java Archive JAR file from the compiled project classes and resources...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a path traversal...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell CVE-2021-44228 minecraft demo This demo is used at...

PT-2023-26962 · Inductive Automation · Inductive Automation Ignition

Name of the Vulnerable Software and Affected Versions: Inductive Automation Ignition affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. The specific flaw exists within the...

Apache StreamPark 代码问题漏洞

Apache StreamPark is a streaming media application development framework from the Apache Foundation. Apache StreamPark suffers from a code issue vulnerability that stems from allowing any user to upload a jar as an application, but not forcing validation of the uploaded file type, leading to the...

K60565503: OpenJDK vulnerability CVE-2005-1080

Security Advisory Description Directory traversal vulnerability in the Java Archive Tool Jar utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. dot dot in filenames in a .jar file. CVE-2005-1080 Impact There is no impact; F5...

SUSE CVE-2008-5343

Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF an...

SUSE CVE-2008-5360

Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknow...

Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar

Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive JAR files, once again highlighting how threat actors are continuously finding new ways to fly under the radar. "Attackers now use the polyglot technique to confuse security...

CVE-2022-47895

In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files...

PT-2022-7094 · Jetbrains · Intellij Idea

Name of the Vulnerable Software and Affected Versions: JetBrains IntelliJ IDEA versions prior to 2022.3.1 Description: The issue is related to the "Validate JSP File" action in IntelliJ IDEA, which used the HTTP protocol to download required JAR files. This allows a remote attacker to download...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j-finder A Python3 script to scan the filesystem to find...

Apache Log4j JAR Detection (Windows)

Binary data apachelog4jwininstalled.nbin...