Security
Headlines
HeadlinesLatestCVEs

Tag

#java

Attention Online Shoppers: Don't Be Fooled by Their Sleek, Modern Looks — It's Magecart!

An ongoing Magecart campaign has attracted the attention of cybersecurity researchers for leveraging realistic-looking fake payment screens to capture sensitive data entered by unsuspecting users. "The threat actor used original logos from the compromised store and customized a web element known as a modal to perfectly hijack the checkout page," Jérôme Segura, director of threat intelligence at

The Hacker News
Open in Source
#web#google#js#git#java#intel#auth#The Hacker News
GHSA-j5c3-r84f-9596: Arbitrary File Read in Admin JS CSS files

### Impact It was observed that the `/admin/misc/script-proxy` API endpoint accessible by an authenticated administrator user and is vulnerable arbitrary JavaScript, CSS file read via the "scriptPath" and "scripts" parameters. The "scriptPath" parameter is not sanitized properly and is vulnerable to path traversal attack. Any JavaScript/CSS file from the application server can be read by specifying sufficient number of "../" patterns to go out from the application webroot followed by path of the folder where the file is located in the "scriptPath" parameter and the file name in the "scripts" parameter. The JavaScript file is successfully read only if the web application has read access to it. ### Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/1d128404eddf4beb560d434437347da7aea059eb.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/1d128404eddf4beb560d434437347da7aea059eb.patch manually. ### Referenc...

Red Hat Security Advisory 2023-2041-01

Red Hat Security Advisory 2023-2041-01 - Migration Toolkit for Applications 6.1.0 Images. Issues addressed include denial of service, privilege escalation, server-side request forgery, and traversal vulnerabilities.

CVE-2023-30852

Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the `/admin/misc/script-proxy` API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the `scriptPath` and `scripts` parameters. The `scriptPath` parameter is not sanitized properly and is vulnerable to path traversal attack. Any JavaScript/CSS file from the application server can be read by specifying sufficient number of `../` patterns to go out from the application webroot followed by path of the folder where the file is located in the "scriptPath" parameter and the file name in the "scripts" parameter. The JavaScript file is successfully read only if the web application has read access to it. Users should update to version 10.5.21 to receive a patch or, as a workaround, apply the patch manual.

GHSA-fq95-rx4q-qgg2: Cross-site Scripting (XSS) in Admin Login too many attempts notice

### Impact Malicious JavaScript has access to all the same objects as the rest of the web page, including access to cookies and local storage, which are often used to store session tokens. If an attacker can obtain a user's session cookie, they can then impersonate that user. Furthermore, JavaScript can read and make arbitrary modifications to the contents of a page being displayed to a user. Therefore, XSS in conjunction with some clever social engineering opens up a lot of possibilities for an attacker. ### Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11.patch manually. ### References https://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d/

CVE-2023-30349: jfinal CMS v5.1.0 has a command execution vulnerability exists · Issue #54 · jflyfox/jfinal_cms

JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.

CVE-2023-24966: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2023-24966)

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904.

Magecart threat actor rolls out convincing modal forms

Categories: Threat Intelligence Tags: magecart Tags: skimmer Tags: modal Tags: fraud Tags: e-commerce It's hard to put individuals at fault when the malicious copy is better than the original. This credit card skimmer was built to fool just about anyone. (Read more...) The post Magecart threat actor rolls out convincing modal forms appeared first on Malwarebytes Labs.

Fileless attacks: How attackers evade traditional AV and how to stop them

Categories: Business Find threats camouflaging themselves in RAM. (Read more...) The post Fileless attacks: How attackers evade traditional AV and how to stop them appeared first on Malwarebytes Labs.

ChatGPT writes insecure code

Categories: News Tags: ChatGPT Tags: How Secure is Code Generated by ChatGPT? Tags: Raphaël Khoury Tags: Anderson Avila Tags: Jacob Brunelle Tags: Baba Mamadou Camara Tags: Université du Québec Tags: ChatGPT makes insecure code Researchers have found that ChatGPT, OpenAI's popular chatbot, is prone to generating insecure code. (Read more...) The post ChatGPT writes insecure code appeared first on Malwarebytes Labs.