Theonedev Onedev 代码问题漏洞

Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. Theonedev A security vulnerability...

Theonedev Onedev Security Breach

Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. OneDev before version 4.0.3 has a...

It’s Not the Trump Sex Tape, It’s a RAT

As outgoing President Donald Trump continues to dominate headlines, cybercriminals have decided to horn in on the much-gossiped-about — and yet to materialize — Trump sex tape as a lure for malware delivery. A campaign has been uncovered that labels a malware downloader with the filename...

Eclipse Che Cross-Site Request Forgery Vulnerability (CNVD-2021-14164)

Eclipse Che is the Eclipse Foundation's set of Java-based open source online integrated development environment IDE. A cross-site request forgery vulnerability exists in Eclipse Che versions prior to 7.14.0. No detailed vulnerability details are provided at this time...

Arbitrary File Deletion Vulnerability in ZrLog CMS

ZrLog is a blogging program developed using Java. ZrLog CMS suffers from an arbitrary file deletion vulnerability that can be exploited by an attacker to compromise the integrity of the system...

Unauthorized Arbitrary File Read Vulnerability in jeewms

jeewms is a JAVA-based warehouse management system . jeewms has an unauthorized arbitrary file read vulnerability that can be exploited by an attacker to read any file on the server without authorization...

USN-4495-1: Apache Log4j vulnerability

It was discovered that Apache Log4j does not properly deserialize untrusted data. An attacker could possibly use this issue to remotely execute arbitrary code. CVE-2019-17571...

ManageEngine Desktop Central < 10 Build 10.0.533 Integer Overflow

The ManageEngine Desktop Central application running on the remote host is prior to version 10 build 10.0.533. It is, therefore, affected by an integer overflow condition due to improper handling of header values. An unauthenticated, remote attacker can exploit this, by sending specially crafted...

CloudBees Jenkins Zephyr for JIRA Test Management Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Zephyr for JIRA Test Management Plugin is used...

CloudBees Jenkins Slack Upload Plugin Information Disclosure Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Slack Upload Plugin is used in one of the...

PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time

A Java-based ransomware known as PonyFinal has galloped onto the scene, targeting enterprise systems management servers as an initial infection vector. According to a warning on Twitter from Microsoft Security Intelligence on Wednesday, PonyFinal is not an automated threat, but rather has humans...

ManageEngine Desktop Central < 10 Build 10.0.515 Information Disclosure

The ManageEngine Desktop Central application running on the remote host is prior to version 10 build 10.0.515. It is, therefore, affected by an information disclosure vulnerability in the PDFGenerationServlet component due to improper access controls. An unauthenticated, remote attacker can explo...

Live Coronavirus Map Used to Spread Malware

Cybercriminals constantly latch on to news items that captivate the public's attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates...

File upload vulnerability in jpress

JPress is a product developed in Java, similar to WordPress. Incorporating the microsoft ecosystem, the jpress has a file upload vulnerability that can be exploited by attackers to gain access to the web server...

HtmlUnit Code Execution Vulnerability

HtmlUnit is a Java-based library . A code execution vulnerability exists in HtmlUnit that can be exploited by an attacker to execute arbitrary Java code...

[SECURITY] Fedora 30 Update: jss-4.6.2-1.fc30

Java Security Services JSS is a java native interface which provides a br idge for java-based applications to use native Network Security Services NSS. This only works with gcj. Other JREs require that JCE providers be signed...

CloudBees Jenkins path traversal vulnerability (CNVD-2019-23290)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

XSS Vulnerability at JEESNS Groups

JEESNS is an open source social management system developed on the JAVA enterprise level platform. JEESNS groups at the existence of an XSS vulnerability can be exploited by an attacker to inject arbitrary Web script or HTML...

KonaKart Remote Code Execution Vulnerability

KonaKart is a Java-based shopping cart software solution for online retailers. A remote code execution vulnerability exists in KonaKart version 8.9.0.0. An attacker could exploit the vulnerability to execute code...

NSA Releases GHIDRA Source Code — Free Reverse Engineering Tool

Update 4/4/2019 — Great news. NSA today finally released the complete source code for GHIDRA version 9.0.2 which is now available on its Github repository. GHIDRA is agency's home-grown classified software reverse engineering tool that agency experts have been using internally for over a decade t...