BIT-POSTGRESQL-JDBC-DRIVER-2022-41946 TemporaryFolder on unix-like systems does not limit access to created files in pgjdbc

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which...

CentOS 8 : postgresql-jdbc (CESA-2023:2867)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:2867 advisory. - pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or...

Upgrade Postgres for CVE-2022-41946

h3. Issue Summary The version of Postgresql bundled in Bitbucket is affected by CVE-2022-41946|https://nvd.nist.gov/vuln/detail/CVE-2022-41946 as described below: quote pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either...

Information disclosure

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which...

CVE-2022-41946 TemporaryFolder on unix-like systems does not limit access to created files in pgjdbc

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which...

Information disclosure

In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this...

ModbusPal 1.6b - XML External Entity Injection

ModbusPal 1.6b - XML External Entity Injection + Exploit Title: ModbusPal XXE Injection + Date: 05-08-2018 + Exploit Author: Trent Gordon + Vendor Homepage: http://modbuspal.sourceforge.net/ + Software Link: https://sourceforge.net/projects/modbuspal/files/latest/download?source=files + Version:...

ModbusPal 1.6b - XML External Entity Injection

Exploit Title: ModbusPal XXE Injection + Date: 05-08-2018 + Exploit Author: Trent Gordon + Vendor Homepage: http://modbuspal.sourceforge.net/ + Software Link: https://sourceforge.net/projects/modbuspal/files/latest/download?source=files + Version: 1.6b + Tested on: Ubuntu 16.04 with Java 1.8.0151...

Burp Vulners Scanner - Vulnerability scanner based on vulners.com search API

Burp Suite scanner plugin based on Vulners.com vulnerability database API Search fingerprints in HTTP response inspired by plugin "Software Version Reporter" and check found version in vulners.com vulnerability database Experemental Check unique URLs in vulners.com finding exploits for such paths...

Super Android Analyzer

Super Android Analyzer Secure, Unified, Powerful and Extensible Rust Android Analyzer SUPER is a command-line application that can be used in Windows, MacOS X and Linux, that analyzes .apk files in search for vulnerabilities. It does this by decompressing APKs and applying a series of rules to...

SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:2953-1)

This update for java-170-openjdk fixes the following issues : - Update to 2.6.8 - OpenJDK 7u121 - Security fixes + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks bsc1005522 + S8157176: Improved classfile parsing + S8157739,...

file security, bug fix, and enhancement update

5.04-30 - fix CVE-2014-3538 unrestricted regular expression matching 5.04-29 - fix 1284826 - try to read ELF header to detect corrupted one 5.04-28 - fix 1263987 - fix bugs found by coverity in the patch 5.04-27 - fix CVE-2014-3587 incomplete fix for CVE-2012-1571 - fix CVE-2014-3710 out-of-bound...

Lobotomy - Android Reverse Engineering Framework & Toolkit

Lobotomy is an Android security toolkit that will automate different Android assessments and reverse engineering tasks. The goal of the Lobotomy toolkit is to provide a console environment, which would allow a user to load their target Android APK once, then have all the necessary tools without...

Oracle Java 1.7.x Detection

Binary data 8892.prm...

On the use of Adobe 0day – CVE-2 0 1 4-0 5 0 2 attack behavior analysis-vulnerability warning-the black bar safety net

The other day FireEye released a use AdobeFlash new 0day attack report, and Adobe has been based on vulnerabilities released a security update. According to FireEye report, many sites will redirect visitors to the following contain a Trojan the malicious Server: Peterson Institute for...

Updated java-1.7.0-openjdk package fixes multiple security vulnerabilities

Updated java-1.7.0-openjdk packages fix security vulnerabilities: An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could...

FreeBSD : Java 1.7 -- security manager bypass (16846d1e-f1de-11e1-8bd8-0022156e8794)

US-CERT reports : Oracle Java Runtime Environment JRE 1.7 contains a vulnerability that may allow an applet to call setSecurityManager in a way that allows setting of arbitrary permissions. By leveraging the public, privileged getField function, an untrusted Java applet can escalate its privilege...