Apache Dubbo Code Issue Vulnerability

Apache Dubbo is the United States Apache Apache Foundation of a lightweight Java-based RPC Remote Procedure Call framework. The product provides interface-based remote calling , fault tolerance and load balancing and automatic service registration and discovery. A code issue vulnerability exists ...

dotCMS file upload vulnerability

dotCMS is a powerful Java-based content management system CMS. dotCMS 5.2.3 and earlier versions are vulnerable to file uploads. A remote attacker can exploit this vulnerability to execute arbitrary code via /src/main/java/com/dotmarketing/filters/CMSFilter.java...

CloudBees Jenkins Nomad Plugin Information Disclosure Vulnerability

CloudBees Jenkins Hudson Labs is a Java-based continuous integration tool developed by CloudBees, Inc. An information disclosure vulnerability exists in CloudBees Jenkins Nomad Plugin 0.7.4 and prior versions. The vulnerability is caused by the program storing unencrypted Docker passwords in the...

Apache Roller Resource Management Error Vulnerability

Apache Roller is a Java-based multi-user open source blogging system from the Apache Foundation. a security vulnerability exists in Apache Roller. An attacker could exploit this vulnerability to cause security issues...

JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2021-89065)

TeamCity is a Java-based build management and continuous integration server from JetBrains.A cross-site scripting vulnerability exists in versions of JetBrains TeamCity prior to 2020.2.3. An attacker could exploit this vulnerability to insert malicious code...

Modesty Pdf2json resource management error vulnerability

Modesty Pdf2json is Modesty's personal developer of a Java-based code library that interacts PDF files with Json files. PDF2JSON version 0.70 has a security vulnerability that stems from an issue found in the function DCTStream::transformDataUnit, which could be used by an attacker to cause a...

Modesty Pdf2json code issue vulnerability

Modesty Pdf2json is a Java-based code library from Modesty's personal developer that allows PDF files to interact with Json files. PDF2JSON version 0.70 has a security vulnerability that stems from an issue found in the function DCTStream::getChar, which could be used by an attacker to cause a...

SQL injection vulnerability in jeewms (CNVD-2021-57222)

jeewms is led by Linglu Valley Technology open source project , JAVA-based warehouse management system support for self- and third-party , including PDA side and WEB side . jeewms SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive database information...

XML Entity Injection Vulnerability in jeewms

jeewms is led by Linglu Valley Technology open source project , JAVA-based warehouse management system support for self- and third-party , including PDA side and WEB side . jeewms there is an XML entity injection vulnerability , an attacker can use the vulnerability to read the server file...

Eclipse Jetty has an arbitrary file download vulnerability

Jetty is a lightweight and highly scalable Java-based web server and servlet engine. Eclipse Jetty has an arbitrary file download vulnerability that can be exploited by attackers to obtain sensitive information...

JEEWMS suffers from a file upload vulnerability (CNVD-2021-51493)

JEEWMS JAVA-based warehouse management system support for self-support and third-party, including PDA side and WEB side. JEEWMS has a file upload vulnerability that can be exploited by an attacker to gain control of the server...

File upload vulnerability in jeewms (CNVD-2021-51414)

jeewms is led by Linglu Valley Technology open source project , JAVA-based warehouse management system support for self- and third-party , including PDA side and WEB side . jeewms file upload vulnerability , attackers can upload malicious files through the vulnerability , control the server...

SQL injection vulnerability in jeewms (CNVD-2021-51413)

jeewms is led by Linglu Valley Technology open source project , JAVA-based warehouse management system support for self- and third-party , including PDA side and WEB side . jeewms SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive database information...

File upload vulnerability in jeewms (CNVD-2021-49574)

jeewms is led by Linglu Valley Technology open source project , JAVA-based warehouse management system support for self- and third-party , including PDA side and WEB side . jeewms file upload vulnerability , attackers can use the vulnerability to obtain server privileges...

File upload vulnerability in jeewms (CNVD-2021-49598)

jeewms is led by Linglu Valley Technology open source project , JAVA-based warehouse management system support for self- and third-party , including PDA side and WEB side . jeewms file upload vulnerability , attackers can use the vulnerability to obtain server privileges...

Apache Dubbo suffers from a deserialization vulnerability

Apache Dubbo is Apache's a lightweight Java-based RPC Remote Procedure Call framework. Apache Dubbo has a deserialization vulnerability that can be exploited by an attacker to gain control of the server...

jfinal logic flaw vulnerability

JFinal is a Java-based language WEB ORM open source framework. A processing logic error vulnerability exists in jfinal, which originates in jfinal version 4.9.08 and below in applications that use redis, and can be exploited by an attacker to potentially cause remote code execution...

SQL Injection Vulnerability in jeewms

jeewms is led by Linglu Valley Technology open source project , JAVA-based warehouse management system support for self- and third-party , including PDA side and WEB side . jeewms SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive database information...

Email Campaign Spreads StrRAT Fake-Ransomware RAT

An email campaign is delivering a Java-based remote access trojan RAT that can not only steal credentials and take control of systems, but also presents as fake ransomware, Microsoft researchers have discovered. The Microsoft Security Intelligence MSI team has outlined details of a “massive email...

Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection. "This RAT is infamous for its ransomware-like behavior of appending the file name extension...