Java Code Security Toolkit Path Traversal Vulnerability

The Java Code Security Toolkit is a set of security APIs designed to help secure Java code. A path traversal vulnerability exists in Java Code Security Toolkit 1.1.1 and prior versions, which stems from ZipSecurityisBelowCurrentDirectory being susceptible to a partial path traversal vulnerability...

java security update

CentOS Errata and Security Advisory CESA-2024:0223 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks

Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. "The web shells are concealed within an unknown binary format and are designed to evade security...

GHSA-HJ55-9JMV-9JRJ Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-227w-wv4j-67h4. This link is maintained to preserve external references. Original Description Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class...

OpenJDK: arbitrary Java code execution in Nashorn (8314284)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or...

Important: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a...

OpenJDK: arbitrary Java code execution in Nashorn (8314284)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or...

CVE-2022-34267

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint...

CVE-2022-34267

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint...

CVE-2022-34267

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint...

PT-2023-13352 · Rws · Rws Worldserver

Name of the Vulnerable Software and Affected Versions: RWS WorldServer versions prior to 11.7.3 Description: An issue was discovered in RWS WorldServer where adding a token parameter with the value of 02 bypasses all authentication requirements. This allows arbitrary Java code to be uploaded and...

CVE-2022-34267

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint...

CVE-2022-34267

Summary: RWS WorldServer before 11.7.3 contains an authentication bypass. By adding a token parameter with value 02, an attacker can bypass all auth requirements and upload/execute arbitrary Java code via a .jar archive at the ws-api/v2/customizations/api endpoint. Impact: unauthenticated code ex...

Imperva Detects Undocumented 8220 Gang Activities

Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and Linux web servers with cryptojacking malware. In...

CVE-2023-37913 org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to a...

PT-2023-26181 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.5-milestone-1 through 14.10.7 XWiki Platform versions 15.3-rc-1 and earlier Description: Triggering the office converter with a specially crafted file name allows writing the attachment's content to an...

radare2 buffer error vulnerability

radare2 is a set of libraries and tools for working with binary files. A security vulnerability exists in radare2 versions prior to 5.9.0, which stems from a heap buffer overflow vulnerability in /radare2/shlr/java/code.c:211:21 in javaprintopcode...

Improper Control of Generation of Code ('Code Injection') in jai-ext

Impact Programs using jt-jiffle, and allowing Jiffle script to be provided via network request, are susceptible to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects the downstream GeoServer project. Patches Version 1.2.22...

CVE-2023-4528

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 Windows, Linux, and MacOS permits an attacker to run arbitrary Java code including OS commands via its management interface...

Deserialization of untrusted data

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 Windows, Linux, and MacOS permits an attacker to run arbitrary Java code including OS commands via its management interface...