Apache Roller Cross-Site Request Forgery Vulnerability (CNVD-2024-47716)

Apache Roller is the United States Apache Apache Foundation of a Java-based multi-user open source blogging system . A cross-site request forgery vulnerability exists in Apache Roller versions prior to 6.1.4, which can be exploited by an attacker to elevate privileges...

Eclipse Jetty URI parsing of invalid authority

Summary Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common...

CVE-2024-6763

A flaw was found in Jetty. The HttpURI class performs insufficient validation on the authority segment of a URI. The HttpURI and the browser may differ on the value of the host extracted from an invalid URI. This combination of Jetty and a vulnerable browser may be vulnerable to an open redirect...

CVE-2024-6763

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browser...

Traccar 安全漏洞

Traccar is a Java-based website builder that provides GPS tracking capabilities from Traccar, Inc. in the United States. The software supports more than 170 GPS protocols and more than 1500 models of GPS tracking devices.Traccar can be used with any major SQL database system. It also provides an...

Exploit for Code Injection in Geoserver

🚀 GeoServer Exploit for CVE-2024-36401 🚀 📝 Description...

Alert: Cybercriminals Deploying VCURMS and STRRAT Trojans via AWS and GitHub

A new phishing campaign has been observed delivering remote access trojans RAT such as VCURMS and STRRAT by means of a malicious Java-based downloader. "The attackers stored malware on public services like Amazon Web Services AWS and GitHub, employing a commercial protector to avoid detection of...

Fedora: Security Advisory for velocity (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

JeeWMS Security Vulnerabilities

JeeWMS is JeeWMS open source a JAVA-based warehouse management system . JeeWMS v.3.7 and earlier versions of a security vulnerability , the vulnerability stems from allowing remote attackers to obtain sensitive information through the cgformTemplateController component...

Spring Tips: Spring Boot Testjars

Hi, Spring fans! In this installment we look at the brand new Spring Boot Testjars project, which greatly simplifies standing up and reusing satellite Java-based services like other Spring Boot-based microservices or infrastructure like the Spring Authorization Server. springboot java java21...

NS-STEALER Utilizes Discord Bots for Covert Exfiltration of Sensitive Data

Summary: A recently discovered Java-based information stealer, named NS-STEALER, employs a Discord bot channel as an EventListener to exfiltrate sensitive data from compromised hosts. This malware is distributed through ZIP archives that disguise themselves as cracked software. Threat Level - Amb...

NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers

Cybersecurity researchers have discovered a new Java-based "sophisticated" information stealer that uses a Discord bot to exfiltrate sensitive data from compromised hosts. The malware, named NS-STEALER, is propagated via ZIP archives masquerading as cracked software, Trellix security researcher...

FlyCms Security Vulnerability

sunkaifei FlyCms is sunkaifei open source application . A similar to Zhihu to Q&A based on the fully open source JAVA language development of social networking site builder . FlyCms security vulnerabilities , the vulnerability stems from the existence of cross-site scripting vulnerabilities...

JAVA-based Sophisticated Stealer Using Discord Bot as EventListener

JAVA-Based Sophisticated Stealer Using Discord Bot as EventListener By Gurumoorthi Ramanathan · January 18, 2024 Executive Summary: In mid-November 2023, Trellix Advanced Research Center team members observed a Java-based stealer being spread through cracked software zip files using JDABuilder...

JAVA-based Sophisticated Stealer Using Discord Bot as EventListener

JAVA-Based Sophisticated Stealer Using Discord Bot as EventListener By Trellix · January 18, 2024 This blog was written by Gurumoorthi Ramanathan Executive Summary: In mid-November 2023, Trellix Advanced Research Center team members observed a Java-based stealer being spread through cracked...

Apache OFBiz Server-Side Request Forgery Vulnerability

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. Apache OFBiz suffers from a server-side request forgery vulnerability that can be exploited by an attacker ...

Apache OFBiz Access Control Error Vulnerability

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. An access control error vulnerability exists in Apache OFBiz versions prior to 18.12.09 that stems from a...

CVE-2023-40167 Jetty accepts "+" prefixed value in Content-Length

Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests...

OpenRefine SQL Injection Vulnerability

OpenRefine is a Java-based open source tool. The product is mainly used for loading data, analyzing data and cleaning data. OpenRefine suffers from a SQL injection vulnerability. No information about this vulnerability is available at this time, please stay tuned to CNNVD or vendor announcements...

Bolo Code Issue Vulnerability

Bolo is a Java-based pineapple blogging system, simple and easy to deploy, exquisite theme, intimate service, designed for programmers. A security vulnerability exists in Bolo v.2.6, which stems from a file upload issue...