#java

Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods to collect information about the providers and methods exposed by the service and it can even allow to shutdown the service. This endpoint is unprotected. Additionally, a provider method can be invoked using the `invoke` handler. This handler uses a safe version of FastJson to process the call arguments. However, the resulting list is later processed with `PojoUtils.realize` which can be used to instantiate arbitrary classes and invoke its setters. Even though FastJson is properly protected with a default blocklist, `PojoUtils.realize` is not, and an attacker can leverage that to achieve remote code execution. Versions 2.6.10 and 2.7.10 contain fixes for this issue.

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue.

The User Post Gallery - UPG plugin for WordPress is vulnerable to authorization bypass which leads to remote command execution due to the use of a nopriv AJAX action and user supplied function calls and parameters in versions up to, and including 2.19. This makes it possible for unauthenticated attackers to call arbitrary PHP functions and perform actions like adding new files that can be webshells and updating the site's options to allow anyone to register as an administrator.

### Impact I found "multipart/form-data request tampering vulnerability" caused by Content-Disposition "filename" lack of escaping in httparty. `httparty/lib/httparty/request` > `body.rb` > `def generate_multipart` https://github.com/jnunemaker/httparty/blob/4416141d37fd71bdba4f37589ec265f55aa446ce/lib/httparty/request/body.rb#L43 By exploiting this problem, the following attacks are possible * An attack that rewrites the "name" field according to the crafted file name, impersonating (overwriting) another field. * Attacks that rewrite the filename extension at the time multipart/form-data is generated by tampering with the filename For example, this vulnerability can be exploited to generate the following Content-Disposition. > Normal Request example: > normal input filename: `abc.txt` > > generated normal header in multipart/form-data > `Content-Disposition: form-data; name="avatar"; filename="abc.txt"` > Malicious Request example > malicious input filename: `overwrite_name_f...

Financial and insurance sectors in Europe have been targeted by the Raspberry Robin worm, as the malware continues to evolve its post-exploitation capabilities while remaining under the radar. "What is unique about the malware is that it is heavily obfuscated and highly complex to statically disassemble," Security Joes said in a new report published Monday. The intrusions, observed against

The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filters passed in the ufg_gallery_filters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the plugin settings page, even when the unfiltered_html capability is disabled.

A vulnerability has been found in IS_Projecto2 and classified as critical. This vulnerability affects unknown code of the file Cnn-EJB/ejbModule/ejbs/NewsBean.java. The manipulation of the argument date leads to sql injection. The name of the patch is aa128b2c9c9fdcbbf5ecd82c1e92103573017fe0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217192.

Red Hat Security Advisory 2023-0005-01 - The Byte Code Engineering Library is intended to give users a convenient way to analyze, create, and manipulate Java class files.

Red Hat Security Advisory 2023-0004-01 - The Byte Code Engineering Library is intended to give users a convenient way to analyze, create, and manipulate Java class files.

Debian Linux Security Advisory 5307-1 - ZeddYu Lu discovered that the FTP client of Apache Commons Net, a Java client API for basic Internet protocols, trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client.