CVE-2023-42445

CVE-2023-42445 affects Gradle: XML External Entity (XXE) resolution was not disabled in some parsing paths, enabling potential exfiltration of local text files via XML parsing with an OOB-XXE scenario. Documents confirm Gradle now disables XML external entities for all use cases in Gradle 7.6.3 a...

CVE-2023-42445 Possible local file exfiltration by XML External entity injection

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

CVE-2023-44387

Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...

CVE-2023-44387

Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...

Behind the Scenes of a Tailor-Made Massive Phishing Campaign

A global phishing campaign caught our attention after one of our colleagues was targeted by, and nearly fell victim, to a social engineering attack. The campaign involved more than 800 different scam domains and impersonated around 340 legitimate companies all over the world – including well-know...

CVE-2023-35947

Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...

CVE-2023-35946

Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to writ...

CVE-2023-35947

Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...

CVE-2023-35946

CVE-2023-35946 is a path-traversal vulnerability in Gradle’s dependency caching. When Gradle writes a dependency into the cache, it uses the dependency coordinates to determine the file path; crafted coordinates can cause writes outside the cache or overwrite other files in the cache. This can en...

CVE-2023-35946 Dependency cache path traversal in Gradle

Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to writ...

CVE-2023-35947

CVE-2023-35947 affects Gradle, a build tool. The vulnerability arises when unpacking Tar archives: Gradle did not prevent path traversal, allowing potential writes outside the unpack directory and, in reads from a Tar entry, possible disclosure of sensitive files. This is commonly referred to as ...

CVE-2023-35947 Path traversal vulnerabilities in handling of Tar archives in Gradle

Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...

Apache OpenMeetings Information Disclosure Vulnerability

Apache OpenMeetings is a multi-language, customizable video conferencing and collaboration system from the Apache Foundation. The product supports audio, video and allows users to view each participant's desktop and more. A security vulnerability exists in Apache OpenMeetings versions 2.0.0 throu...

CVE-2023-2565

Summary of CVE-2023-2565 : A cross-site scripting vulnerability exists in SourceCodester Multi Language Hotel Management Software 1.0, specifically in the file ajax.php of the POST Parameter Handler. The vulnerability is triggered by manipulating the complaint_type parameter (e.g., using ), enabl...

Code injection

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...

CVE-2023-26053

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...

CVE-2023-26053

CVE-2023-26053 affects Gradle, where dependency verification can be bypassed via a collision attack using long IDs for PGP keys in trusted-key/pgp metadata. The vulnerability arises from accepting non-fingerprint IDs and is mitigated by making verification fail when anything but a full fingerprin...

CVE-2023-26053 Gradle usage of long IDs for PGP keys opens potential for collision attacks

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...

[SECURITY] Fedora 37 Update: phpMyAdmin-5.2.1-1.fc37

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and i...

ThinkPHP Command Execution Vulnerability (CNVD-2022-86535)

ThinkPHP is an open source lightweight PHP framework created to simplify enterprise-level application development and agile WEB application development. ThinkPHP there is a command execution vulnerability , the vulnerability is due to the opening of the multi-language function , the parameter lan...