Advisories

java-1.8.0-openjdk-1.8.0.372.b07-6.fc38

July 17, 2023

Read Time:8 Second

FEDORA-2023-cccfdd62d2

Packages in this update:

java-1.8.0-openjdk-1.8.0.372.b07-6.fc38

Update description:

feature complete repack of jdk8 portable

Advisories

DSA-5455 iperf3 – security update

July 17, 2023

Read Time:9 Second

A memory allocation issue was found in iperf3, the Internet Protocol
bandwidth measuring tool, that could cause denial of service when
encontering certain invalid length value in TCP packet.

Advisories

WBCE – Stored XSS

July 16, 2023

Read Time:24 Second

Posted by Andrey Stoykov on Jul 16

# Exploit Title: WBCE – Stored XSS
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Version: 1.6.1
# Tested on: Windows Server 2022
# Blog: http://msecureltd.blogspot.com

Steps to Exploit:

1. Login to application
2. Browse to following URI “http://host/wbce/admin/pages/intro.php"
3. Paste XSS payload “TEST”><img src=x onerror=alert(1)>”
4. Then browse to settings “Settings->General Settings->Enable…

Advisories

Re: Citrix Gateway & Cloud MFA – Insufficient Session Validation Vulnerability

July 16, 2023

Read Time:22 Second

Posted by Jens Timmerman on Jul 16

Hi,

I’ve been working with a lot of products I believe that are vulnerable
to a very similar exploit, and I was wondering how one should fix
this/protect against this attack?

I looked at
https://owasp.org/www-community/attacks/Session_hijacking_attack
<https://owasp.org/www-community/attacks/Session_hijacking_attack> but
the page linking to the related controls doesn’t seem to exist.