Security
Headlines
HeadlinesLatestCVEs

Tag

#java

9 vulnerabilities found in VPN software, including 1 critical issue that could lead to remote code execution

Attackers could exploit these vulnerabilities in the SoftEther VPN solution for individual and enterprise users to force users to drop their connections or execute arbitrary code on the targeted machine.

TALOS
Open in Source
#xss#vulnerability#web#mac#cisco#dos#java#intel#rce#buffer_overflow#auth
Winter Vivern APT Blasts Webmail Zero-Day Bug With One-Click Exploit

A campaign targeting European governmental organizations and a think tank shows consistency from the low-profile threat group, which has ties to Belarus and Russia.

Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faou said in a new report published today. Previously, it was using known

APT Winter Vivern Exploits New Roundcube 0-Day to Target European Entities

By Waqas ESET Research Uncovers New Targeted Campaign Impacting European Governments and Think Tanks. This is a post from HackRead.com Read the original post: APT Winter Vivern Exploits New Roundcube 0-Day to Target European Entities

15 Best SaaS SEO Experts That Will Help You Dominate Online

By Owais Sultan Looking for a SaaS SEO consultant? We’ve rounded up the top 15 SaaS SEO experts you need to… This is a post from HackRead.com Read the original post: 15 Best SaaS SEO Experts That Will Help You Dominate Online

Operation Triangulation: Experts Uncover Deeper Insights into iOS Zero-Day Attacks

The TriangleDB implant used to target Apple iOS devices packs in at least four different modules to record microphone, extract iCloud Keychain, steal data from SQLite databases used by various apps, and estimate the victim's location. The findings come from Kaspersky, which detailed the great lengths the adversary behind the campaign, dubbed Operation Triangulation, went to conceal and cover up

GHSA-fgjj-5jmr-gh83: Fides JavaScript Injection Vulnerability in Privacy Center URL

### Impact The Fides web application allows users to edit consent and privacy notices such as cookie banners. These privacy notices can then be served by other integrated websites, for example in cookie consent banners. One of the editable fields is a privacy policy URL and this input was found to not be validated. The vulnerability makes it possible to craft a payload in the privacy policy URL which triggers JavaScript execution when the privacy notice is served by an integrated website. The domain scope of the executed JavaScript is that of the integrated website. Exploitation is limited to Admin UI users with the contributor role or higher. ### Patches The vulnerability has been patched in Fides version `2.22.1`. Users are advised to upgrade to this version or later to secure their systems against this threat. ### Workarounds There are no workarounds.

GHSA-h9mw-grgx-2fhf: sbt vulnerable to arbitrary file write via archive extraction (Zip Slip)

### Impact Given specially crafted zip or JAR file, `IO.unzip` allows writing of arbitrary file. The follow is an example of a malicious entry: ``` +2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys ``` This would have a potential to overwrite `/root/.ssh/authorized_keys`. Within sbt's main code, `IO.unzip` is used in `pullRemoteCache` task and `Resolvers.remote`; however many projects use `IO.unzip(...)` directly to implement custom tasks - https://github.com/search?q=IO.unzip+language%3AScala&type=code&l=Scala&p=1 ### Patches The problem has been patched in https://github.com/sbt/io/pull/360 sbt 1.9.7 is available with the fix. ### Workarounds A workaround might be use some other library to unzip. ### References - https://github.com/snyk/zip-slip-vulnerability - https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680 - https://github.com/sbt/io/issues/358

GHSA-mm8h-8587-p46h: RabbitMQ Java client's Lack of Message Size Limitation leads to Remote DoS Attack

### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = "A"; for(int i=0;i<28;++i){ s = s + s; System.o...

CVE-2023-43358: GitHub - sromanhu/CVE-2023-43358-CMSmadesimple-Stored-XSS---News: Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.