Human Vulnerability Assessment in Cybersecurity: A Systematic Literature Review of Methods, Models, and Instruments

In cybersecurity, vulnerability assessment has typically focused on identifying and measuring vulnerabilities within digital assets and technical infrastructures. However, there is growing recognition that this approach alone is inadequate without a structured examination of the human factor, whi...

Vulnerable-Flask-Web-App-with-intentional-XSS-SQLi-flaws-

Vulnerable-Flask-Web-App-with-intentional-XSS-SQLi-flaws- A de...

CVE-2024-40457

No-IP Dynamic Update Client DUC v3.x uses cleartext credentials that may occur on a command line or in a file. NOTE: the vendor's position is that cleartext in /etc/default/noip-duc is recommended and is the intentional behavior...

CVE-2019-1010283

Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function dataonconnection in src/callback.c. The attack vector is: network connectivity. The fixed...

CVE-2024-51210

Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional behavior for anyone who knows the full...

CVE-2024-51210

Firepad 1.5.11 and earlier versions are affected. Remote attackers who know a pad ID can retrieve the current document text and all previously pasted content due to an access-control vulnerability; several listings note this behavior is intentional for known document IDs/URLs. The maintainer-stat...

CVE-2024-30896

InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and...

CVE-2024-30896

CVE-2024-30896 affects InfluxDB OSS 2.x up to 2.7.11, where the administrative operator token is stored under the default organization. This allows authorized users with read access to the default organization’s authorization resource to retrieve the operator token, enabling potential privilege e...

How to protect your small business from social engineering

When Alvin Staffin received an email from his boss, he didn't question it. In the email, Gary Bragg, then-president of Pennsylvania law firm O'Neill, Bragg & Staffin, asked Staffin to wire $580,000 to a Bank of China account. Staffin, who was VP and in charge of banking, sent the money through as...

SUSE CVE-2018-18839

An issue was discovered in Netdata 1.10.0. Full Path Disclosure FPD exists via api/v1/alarms. NOTE: the vendor says "is intentional...

SWC-109 Uninitialized Storage Pointer

Lines of code Vulnerability details Impact Uninitialized local storage variables can point to unexpected storage locations in the contract, which can lead to intentional or unintentional vulnerabilities. Proof of Concept OrderStatus storage orderStatus; Tools Used github Recommended Mitigation...

GSD-2022-1000008 faker.js 6.6.6 is broken and the developer has wiped the original GitHub repo

faker.js had it's version updated to 6.6.6 in NPM which reports it as having 2,571 dependent packages that rely upon it and the GitHub repo has been wiped of content. This appears to have been done intentionally as the repo only has a single commit so it was likjely deleted, recreated and a singl...

CVE-2021-43398

Crypto++ aka Cryptopp 8.6.0 and earlier contains a timing leakage in MakePublicKey. There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks. NOTE: this...

Finding a common language to describe AI security threats

As artificial intelligence AI and machine learning systems become increasingly important to our lives, it’s critical that when they fail we understand how and why. Many research papers have been dedicated to this topic, but inconsistent vocabulary has limited their usefulness. In collaboration wi...

CVE-2019-1010283

Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function dataonconnection in src/callback.c. The attack vector is: network connectivity. The fixed...

UBUNTU-CVE-2018-18839

DISPUTED An issue was discovered in Netdata 1.10.0. Full Path Disclosure FPD exists via api/v1/alarms. NOTE: the vendor says "is intentional."...

CVE-2018-18839

An issue was discovered in Netdata 1.10.0. Full Path Disclosure FPD exists via api/v1/alarms. NOTE: the vendor says "is intentional...

Apple and Samsung fined millions for intentionally slowing down old smartphones

By Waqas The Italian Competition Authority AGCM has fined Apple and Samsung a whopping 5 million Euros $5.7m - £4.4m and 10 million Euros $11.4m - £8.84m. for what it called "planned obsolescence" of their smartphones. If you have ever noticed how your old iPhone or Samsung device had performance...

The enemy is us: a look at insider threats

They can go undetected for years. They do their questionable deeds in the background. And, at times, one wonders if they're doing more harm than good. Although this sounds like we're describing some sophisticated PUP you haven’t heard of, we're not. These are the known attributes of insider...

CVE-2018-10220

Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation...