#java

North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS

The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems. The activity cluster, dubbed DEV#POPPER and linked to North Korea, has been found to have singled out victims across South Korea, North America, Europe, and the Middle East. "This form of attack is an

3 months ago

The Hacker News

Open in Source

#web #mac #windows #google #linux #nodejs #git #java #backdoor #chrome #The Hacker News

Chuksrio LMS 2.9 Insecure Direct Object Reference

Chuksrio LMS version 2.9 suffers from an insecure direct object reference vulnerability.

3 months ago

Packet Storm

Open in Source

#sql #xss #csrf #vulnerability #web #ios #mac #windows #apple #google #ubuntu #linux #debian #cisco #java #php #perl #auth #ruby #firefox

GHSA-h9mq-f6q5-6c8m: GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service

GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions.

3 months ago

ghsa

Open in Source

#vulnerability #web #dos #git #java #perl #maven

New SideWinder Cyber Attacks Target Maritime Facilities in Multiple Countries

The nation-state threat actor known as SideWinder has been attributed to a new cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. The BlackBerry Research and Intelligence Team, which discovered the activity, said targets of the spear-phishing campaign include countries like Pakistan, Egypt, Sri Lanka, Bangladesh, Myanmar, Nepal, and the

3 months ago

The Hacker News

Open in Source

#vulnerability #microsoft #git #java #intel #The Hacker News

GHSA-cf56-g6w6-pqq2: Twisted vulnerable to HTML injection in HTTP redirect body

### Summary The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. ### Details Twisted’s `redirectTo` function generates an `HTTP 302 Redirect` response. The response contains an HTML body, built for exceptional cases where the browser doesn’t properly handle the redirect, allowing the user to click a link, navigating them to the specified destination. The function reflects the destination URL in the HTML body without any output encoding. ```python # https://github.com/twisted/twisted/blob/trunk/src/twisted/web/_template_util.py#L88 def redirectTo(URL: bytes, request: IRequest) -> bytes: # ---snip--- content = b""" <html> <head> <meta http-equiv=\"refresh\" content=\"0;URL=%(url)s\"> </head> <body bgcolor=\"#FFFFFF\" text=\"#000000\"> <a href=\"%(url)...

3 months ago

ghsa

Open in Source

#xss #vulnerability #web #git #java #perl #auth #firefox

QuickJob 6.1 Insecure Settings

QuickJob version 6.1 suffers from an ignored default credential vulnerability.

3 months ago

Packet Storm

Open in Source