File Upload Vulnerability in OFCMS Backend

OFCMS is a content management system developed based on java technology. A file upload vulnerability exists in the background of OFCMS, which can be exploited by an attacker to upload arbitrary files...

NSA to release its GHIDRA reverse engineering tool for free

The United States' National Security Agency NSA is planning to release its internally developed reverse engineering tool for free at the upcoming RSA security conference 2019 that will be held in March in San Francisco. The existence of the framework, dubbed GHIDRA, was first publicly revealed by...

NSA to release its GHIDRA reverse engineering tool for free

The United States' National Security Agency NSA is planning to release its internally developed reverse engineering tool for free at the upcoming RSA security conference 2019 that will be held in March in San Francisco. The existence of the framework, dubbed GHIDRA, was first publicly revealed by...

CVE-2018-1000838

autopsy version = 4.9.0 contains a XML External Entity XXE vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted CaseMetadata...

nmap4j Arbitrary Command Execution Vulnerability

nmap4j is an Nmap scanner written in the Java language, which is mainly used to execute, scan and persist Nmap output information. A security vulnerability exists in nmap4j version 1.1.0. An attacker can exploit the vulnerability to execute arbitrary commands with the help of shell metacharacters...

Dicoogle PACS 2.5.0 Web Server Directory Traversal Exploit

This module exploits an unauthenticated directory traversal vulnerability in the Dicoogle PACS Web Server v2.5.0 and possibly earlier, allowing an attacker to read arbitrary files with the web server privileges. While the application is java based, the directory traversal was only successful...

Dicoogle PACS Web Server Directory Traversal

This module exploits an unauthenticated directory traversal vulnerability in the Dicoogle PACS Web Server v2.5.0 and possibly earlier, allowing an attacker to read arbitrary files with the web server privileges. While the application is java based, the directory traversal was only successful...

ruibaby Halo Cross-Site Scripting Vulnerability

ruibaby Halo is a Java-based blogging system. A cross-site scripting vulnerability exists in ruibaby Halo version 0.0.2. A remote attacker can inject arbitrary web script or HTML by sending the commentAuthor field to the FrontCommentController.java file...

Remote Execution Flaw Threatens Apps Built Using Spring Framework — Patch Now

Security researchers have discovered three vulnerabilities in the Spring Development Framework, one of which is a critical remote code execution flaw that could allow remote attackers to execute arbitrary code against applications built with it. Spring Framework is a popular, lightweight and an...

Oracle JDeveloper IDE Directory Traversal Vulnerability

Exploit for java platform in category web applications + Credits: John Page aka hyp3rlinx Vendor: ============= www.oracle.com Product: =========== JDeveloper IDE Oracle JDeveloper is a free integrated development environment that simplifies the development of Java-based applications addressing...

NSE Nmap Script Development IDE: Halcyon

Halcyon IDE lets you quickly and easily develop scripts for performing advanced scans on applications and infrastructures with a range from recon to exploitation capabilities. It is the first IDE released exclusively for Nmap script development. Halcyon IDE is free and open source project always...

LogicalDoc Community Edition XXE Vulnerability

LogicalDoc CommunityEdition is a document management system developed using Java technology . The system has Lucene full-text search index and automatic import and other functions . An XML injection vulnerability exists in LogicalDoc CommunityEdition 7.5.3 and earlier versions. No details of the...

Wave of Java-Based RATs Target Tax Filers

Spammers are spreading Java-based remote access Trojans, known as jRATs, targeting tax filers with attachments named “IRS Updates.jar” and “ImportantPDF.jar” that, if executed, give attackers access to compromised endpoints. Zscaler, which is tracking the jRATs, believes some of the campaigns cou...

Halcyon - IDE for Nmap Script (NSE) Development

Halcyon is the first IDE specifically focused on Nmap Script NSE Development. This research idea was originated while writing custom Nmap Scripts for Enterprise Penetration Testing Scenarios. The existing challenge in developing Nmap Scripts NSE was the lack of a development environment that give...

dotCMS 3.2.4 CSRF / XSS / Open Redirect

dotCMS 3.2.4 Multiple Vulnerabilities Vendor: dotCMS Software, LLC Product web page: http://www.dotcms.com Affected version: 3.2.4 Enterprise Summary: DotCMS is the next generation of Content Management System CMS. Quick to deploy, open source, Java-based, open APIs, extensible and massively...

OracleAS TopLink Mapping Workbench Weak Encryption Algorithm Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9515/info OracleAS TopLink Mapping Workbench is a tool included with OracleAS TopLink, a Java-based database integration development framework that is included as a component of various Oracle Application Server releases...

Ametys CMS 3.5.2 - (lang parameter) XPath Injection Vulnerability

No description provided by source. Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor: Anyware Services Product web page: http://www.ametys.org Download: http://www.ametys.org/en/download/ametys-cms.html Affected version: 3.5.2 and 3.5.1 Summary: Ametys is a Java-based open sour...

Bradamsa - Burp Suite extension to generate Intruder payloads using Radamsa

Bradamsa is a Burp Suite extension for Radamsa, a well-known fuzzer made by the Oulu University Secure Programming Group. Inspired by burp-radamsa, this plugin allows to generate Intruder payloads using Radamsa. Features Java-based plugin using native Burp Suite extension APIs Intruder payloads...

CVE-2014-2121

The Java-based software in Cisco Hosted Collaboration Solution HCS allows remote attackers to cause a denial of service closing of TCP ports via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667, CSCug78266, CSCug82795, and CSCuh58643...

Design/Logic Flaw

The Java-based software in Cisco Hosted Collaboration Solution HCS allows remote attackers to cause a denial of service closing of TCP ports via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667, CSCug78266, CSCug82795, and CSCuh58643...