#java

Scripting languages like JavaScript are being integrated into commercial software to support easy file modification. For example, Adobe Acrobat accepts JavaScript to dynamically manipulate PDF files. To bridge the gap between the high-level scripts and the low-level languages (like C/C++) used to implement the software, a binding layer is necessary to transfer data and transform representations. However, due to the complexity of two sides, the binding code is prone to inconsistent semantics and security holes, which lead to severe vulnerabilities. Existing efforts for testing binding code merely focus on the script side, and thus miss bugs that require special program native inputs. In this paper, the researchers propose cooperative mutation, which modifies both the script code and the program native input to trigger bugs in binding code.

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart.

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category.

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=delete_application.

A brand-new attack vector lays open enterprise data lakes, threatening grave consequences for AI use cases like telesurgery or autonomous cars.

Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img.

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo_type.

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo_type.

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo.

Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files.