GHSA-8786-WG74-F522 Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior t...

Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior t...

Microsoft Temporarily Disables MSIX App Installers to Prevent Malware Abuse

Microsoft last week announced that it's temporarily disabling the MSIX ms-appinstaller protocol handler in Windows following evidence that a security vulnerability in the installer component was exploited by threat actors to deliver malware such as Emotet, TrickBot, and Bazaloader. MSIX, based on...

What’s New for Developers: January 2022

Hello, and welcome to our very first Developer Community update of 2022. In this new monthly series, we’ll share highlights of what is happening across the Akamai Developer Community. Since this is the first blog we’re posting, we will also catch up on news from October 2021 through today...

CVE-2021-46087

In jfinalcms = 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background permission can affect the system security by entering malicious code...

Online Banking System SQL Injection Vulnerability

g33kyrash Online Banking System is an online banking system developed by g33kyrash individual developers using PHP and MySQL. g33kyrash Online Banking System is vulnerable to a SQL injection vulnerability, which stems from the fact that Online Banking System v1.0 was found to contain a SQL...

[SECURITY] Fedora 34 Update: prosody-0.11.12-1.fc34

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

CVE-2022-22752

Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox 95. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

vuln4japi A vulnerable Java based REST API for demonstrating C...

MAL-2022-7431 Malicious code in bootstrap-feature (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3db5e43a78e41f050b0e265c951bc776e693abd20a01108e6c8ea2e15a5e7c4d Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in cxp-jquery (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b0e4725a2db5433915386ce19dadd7812b0f44e9afcb7c48d855797cf7a78537 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in lib-bb-html-sanitizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 74072bddc9908e0147976fde0680c197ac5b38167bfcdf14afc5f79f23749f72 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2021-1 Malicious code in cxp-jquery (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b0e4725a2db5433915386ce19dadd7812b0f44e9afcb7c48d855797cf7a78537 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2021-3 Malicious code in digital-marketing-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 902d44e21b6271e6b66059054f16d136d16fdc5172a47797fcfc9eda5a32fa05 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in digital-marketing-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 902d44e21b6271e6b66059054f16d136d16fdc5172a47797fcfc9eda5a32fa05 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in dbp-polyfills (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4f59dcb33c6b979c2571b136278d2a4dbb77c122506b74f77ed0bc422fed824a Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2021-2 Malicious code in dbp-polyfills (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4f59dcb33c6b979c2571b136278d2a4dbb77c122506b74f77ed0bc422fed824a Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

DBeaver XML External Entity Injection Vulnerability

DBeaver is a free multi-platform database tool for developers, Sql programmers, database administrators and analysts from the DBeaver team in the U.S. An XML external entity injection vulnerability exists in DBeaver, which stems from a web-based system or product that does not set the correct...

CVE-2021-43608

Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other A...

HTTP Request Smuggling in github.com/hyperledger/fabric

A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the...