Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal

Enterprise Resource Planning (ERP) Software is at the heart of many enterprising supporting human resources, accounting, shipping, and manufacturing. These systems can become very complex and difficult to maintain. They are often highly customized, which can make patching difficult. However, critical vulnerabilities keep affecting these systems and put critical business data at risk.  The

The Hacker News
Open in Source
#vulnerability#web#linux#apache#java#botnet#auth#firefox#The Hacker News
Hackers Distributing Malicious Python Packages via Popular Developer Q&A Platform

In yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to light that the question-and-answer (Q&A) platform known as Stack Exchange has been abused to direct unsuspecting developers to bogus Python packages capable of draining their cryptocurrency wallets. "Upon installation, this code would execute automatically,

AMPLE BILLS 1.0 Cross Site Scripting

AMPLE BILLS version 1.0 suffers from a cross site scripting vulnerability.

Aero CMS 0.0.1 Cross Site Request Forgery

Aero CMS version 0.0.1 suffers from a cross site request forgery vulnerability.

SchoolPlus LMS 1.0 SQL Injection

SchoolPlus LMS version 1.0 suffers from a remote SQL injection vulnerability.

AccPack Cop 1.0 SQL Injection

AccPack Cop version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

AccPack Buzz 1.0 Arbitrary File Upload

AccPack Buzz version 1.0 suffers from an arbitrary file upload vulnerability.

GHSA-cf56-g6w6-pqq2: Twisted vulnerable to HTML injection in HTTP redirect body

### Summary The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. ### Details Twisted’s `redirectTo` function generates an `HTTP 302 Redirect` response. The response contains an HTML body, built for exceptional cases where the browser doesn’t properly handle the redirect, allowing the user to click a link, navigating them to the specified destination. The function reflects the destination URL in the HTML body without any output encoding. ```python # https://github.com/twisted/twisted/blob/trunk/src/twisted/web/_template_util.py#L88 def redirectTo(URL: bytes, request: IRequest) -> bytes: # ---snip--- content = b""" <html> <head> <meta http-equiv=\"refresh\" content=\"0;URL=%(url)s\"> </head> <body bgcolor=\"#FFFFFF\" text=\"#000000\"> <a href=\"%(url)...