Security, Privacy, and Ethical Risks in OpenClaw

This paper systematically investigates the security, privacy, and ethical risks, as well as the traceability challenges of OpenClaw, a locally executable AI agent system for natural language interaction and real-world task completion. While OpenClaw shows strong potential for personal assistance,...

EUVD-2012-2654

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-19059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple memory leaks in the iwlpciectxtinfogen3init function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 all...

SUSE CVE-2019-10247

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches...

CrackerJack - Web GUI for Hashcat

Web Interface for Hashcat by Context Information Security Demo / StartCracking in Under 5 Minutes Introduction CrackerJack is a Web GUI for Hashcat developed in Python. Architecture This project aims to keep the GUI and Hashcat independent. In a nutshell, here's how it works: User uploads hashes,...

Security update for chromium, re2 (important)

openSUSE Security Update: Security update for chromium, re2 Announcement ID: openSUSE-SU-2019:2425-1 Rating: important References: 1154806 Cross-References: CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707...

Security update for chromium, re2 (important)

openSUSE Security Update: Security update for chromium, re2 Announcement ID: openSUSE-SU-2019:2420-1 Rating: important References: 1154806 Cross-References: CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707...

Google Chrome Security Updates (stable-channel-update-for-desktop_22-2019-10) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

KLA11588 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerability in media can be exploited to arbitrary code execution; 2. Buffer overrun vulnerability in...

Hacking LIFX Smart LED Light bulbs to steal WiFi Passwords

Context Information Security firm has discovered a security vulnerability in LIFX smart LED light bulbs that can be remotely controlled by mobile devices. Researchers at Context Information Security have discovered a security flaw in a WiFi enabled, smart LED light LIFX bulb that can be remotely...

CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-3524 OpenOffice Calc Command Injection Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache OpenOffice 4.1.0 and older on Windows. OpenOffice.org versions may also be affected. Description: The...

Congratulations to James Forshaw Recipient of Our First $100,000 Bounty for New Mitigation Bypass Techniques!

Congratulations to James Forshaw for coming up with a new exploitation technique to get our first ever $100,000 bounty. A security vulnerability researcher with Context Information Security, James already came in hot with design level bugs he found during the IE11 Preview Bug Bounty, and we’re...

Cisco ISE Guest Portal Cross-Site Scripting Vulnerability

A vulnerability in the guest portal of the Cisco Identity Services Engine ISE Software could allow an unauthenticated, remote attacker to send a malicious script to an unsuspecting user. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by...

VMSA-2013-0011:VMware ESXi and ESX address an NFC Protocol Unhandled Exception

VMSA-2013-0011 VMware ESXi and ESX address an NFC Protocol Unhandled Exception VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0011 VMware Security Advisory Synopsis: VMware ESXi and ESX address an NFC Protocol Unhandled Exception VMware Security Advisory Issue date:...

Re: CVE-2013-2156: Apache Santuario C++ heap overflow vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-2156: Apache Santuario XML Security for C++ contains heap overflow while processing InclusiveNamespace PrefixList Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security for C++ library...

CVE-2013-2153: Apache Santuario C++ signature bypass vulnerability

CVE-2013-2153: Apache Santuario XML Security for C++ contains an XML Signature Bypass issue Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security for C++ library versions prior to V1.7.1 Description: The implementation of XML digital signatures...

Debian Security Advisory DSA 2710-1 (xml-security-c - several vulnerabilities)

James Forshaw from Context Information Security discovered several vulnerabilities in xml-security-c, an implementation of the XML Digital Security specification. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2153 The implementation of XML digital...

DSA-2710-1 xml-security-c - several

Bulletin has no description...

DEBIAN-CVE-2012-2672

Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function...

CVE-2012-2672

Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function...