Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection. "This RAT is infamous for its ransomware-like behavior of appending the file name extension...

JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2021-34738)

TeamCity is a Java-based build management and continuous integration server from JetBrains. A stored cross-site scripting vulnerability exists in the test page of JetBrains TeamCity versions prior to 2020.2.2. No detailed vulnerability details are available at this time...

JetBrains TeamCity Parameter Injection Vulnerability

TeamCity is a Java-based build management and continuous integration server from JetBrains. A parameter injection vulnerability exists in JetBrains TeamCity versions prior to 2020.2.3. An attacker can exploit this vulnerability to achieve remote code execution...

Magnolia Cross-Site Scripting Vulnerability

Magnolia is a Java-based open source content management system CMS. A reflected cross-site scripting vulnerability exists in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter in Magnolia versions 6.1.3 - 6.2.3. No detailed vulnerability details are available at this time...

Magnolia cross-site scripting vulnerability (CNVD-2021-26171)

Magnolia is a Java-based open source content management system CMS. A stored cross-site scripting vulnerability exists in the setText parameter of /magnoliaAuthor/.magnolia/ in Magnolia versions 6.1.3 - 6.2.3. No details of the vulnerability are provided at this time...

Eclipse Jetty Denial of Service Vulnerability (CNVD-2021-25683)

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A security vulnerability exists in Eclipse Jetty 7.2.2 through 9.4.38, 10.0.0.alpha0 through 10.0.1, and 11.0.0.alpha0 through 11.0.1, which stems from abnormal processing after receivin...

CloudBees Jenkins REST List Parameter Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

Command Execution Vulnerability in jeewms

jeewms is led by Linglu Valley Technology open source project , JAVA-based warehouse management system support for self- and third-party , including PDA side and WEB side . jeewms has a command execution vulnerability. Attackers can use this vulnerability to obtain server privileges...

Debian DLA-2595-1 : velocity security update

It was discovered that there was a potential arbitrary code execution vulnerability in velocity, a Java-based template engine for writing web applications. It could be exploited by applications which allowed untrusted users to upload/modify templates. For Debian 9 'Stretch', this problem has been...

Debian: Security Advisory (DLA-2595-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2595-1] velocity security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2595-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb March 17, 2021 https://wiki.debian.org/LTS -...

CVE-2021-21307

Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...

CVE-2021-21307

Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...

Code injection

Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...

CVE-2021-21307 Remote Code Exploit in Lucee Admin

Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...

CVE-2021-21307

Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...

Eclipse Californium Denial of Service Vulnerability

Eclipse Californium is a Java-based codebase from the Eclipse Foundation that provides Coap back-end support for the Internet of Things. A security vulnerability exists in Eclipse Californium versions 2.3.0 through 2.6.0, which stems from DTLS server-side persistence of incorrect internal state. ...

JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2021-09318)

TeamCity is a Java-based build management and continuous integration server from JetBrains. A reflected cross-site scripting vulnerability exists in JetBrains TeamCity versions prior to 2020.2. No detailed vulnerability details are provided at this time...

Theonedev OneDev Injection Vulnerability (CNVD-2021-09799)

Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. OneDev version before 4.0.3 has a...

Theonedev Onedev Injection Vulnerability (CNVD-2021-06530)

Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. OneDev versions prior to 4.0.3 hav...