#google

### Summary An arbitrary file read vulnerability allows any unauthenticated user to read the file on the server._ ### Details Hi,Team, i find openrefine support to import data from database,When use mysql jdbc to connect to database,It is vulnerable to jdbc url attacks,for example,unauthenticated attacker can read the file on the server. There are some differences in utilization depending on the version of the mysql-connector dependency on the server side. 1. mysql-connector-java version > 8.14 The default value of `allowLoadLocalInfile` on the server side is false in this case.We need to manually set this value to true in the connection string. Since the way to get the databaseurl in `com/google/refine/extension/database/mysql/MySQLConnectionManager.java` is to splice the individual configurations directly, we can set the `allowLoadLocalInfile` parameter after the other parameters(for example the `databaseName` parameter ). ![image](https://user-images.githubusercontent.com/24...

SaaS applications are the backbone of modern businesses, constituting a staggering 70% of total software usage. Applications like Box, Google Workplace, and Microsoft 365 are integral to daily operations. This widespread adoption has transformed them into potential breeding grounds for cyber threats. Each SaaS application presents unique security challenges, and the landscape constantly evolves

Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects Wing FTP Server: <= 7.2.0.

Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash. Apple Security Engineering and Architecture (SEAR

Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Chrome Tags: CVE-2023-4863 Tags: WebP Tags: buffer overflow Tags: 116.0.5845.187/.188 Chrome users are being urged to patch a critical vulnerability for which an exploit is available. (Read more...) The post Update Chrome now! Google patches critical vulnerability being exploited in the wild appeared first on Malwarebytes Labs.

The Google Maps Plugin by Intergeo for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'intergeo' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.