CVE-2025-36137

IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director CCD users that could allow a privileged user to escalate their privileges...

CVE-2025-36137

IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director CCD users that could allow a privileged user to escalate their privileges...

CVE-2025-36137 IBM Sterling Connect:Direct for UNIX command execution

IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director CCD users that could allow a privileged user to escalate their privileges...

PT-2025-44452

Name of the Vulnerable Software and Affected Versions IBM Sterling Connect Direct for Unix versions 6.2.0.7 through 6.2.0.9 iFix004 IBM Sterling Connect Direct for Unix versions 6.3.0.2 through 6.3.0.5 iFix002 IBM Sterling Connect Direct for Unix versions 6.4.0.0 through 6.4.0.2 iFix001 Descripti...

Malicious code in maintenance_tasks (npm)

The package maintenancetasks was found to contain malicious code...

MAL-2025-25797 Malicious code in maintenance_tasks (npm)

The package maintenancetasks was found to contain malicious code...

Start the cron Daemon Properly

The cron daemon is used to execute batch processing jobs on the system. Even if the OS does not have user jobs that need to be run, some system jobs need to be run, including important jobs such as security monitoring. The cron daemon is used to execute these jobs. If the cron daemon is not start...

Citrix DaaS Studio: Resolving VM List Delay Due to Cloud Connector Timeout

Administrators may encounter a delay when retrieving the list of machines from Citrix Cloud in a particular resource location. This issue is often observed under the following circumstances: The Cloud Connector is unavailable or unresponsive. The connector is undergoing maintenance or is being...

Serverless at the Edge: Enabling Magical Unicorns

Before we dive straight into the magical unicorn from heaven that is serverless computing embedded within the CDN edge a direct customer quote that I want on a team T-shirt soon, let's first level-set on some basic concepts of computing. In the context of web experiences, IoT device messaging, an...

Privilege Escalation

postgresql is vulnerable to privilege escalation. The vulnerability exists as an authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming...

Microsoft Windows 10: Perform volume maintenance tasks

This policy setting determines which users can perform volume or disk management tasks, such as defragmenting an existing volume, creating or removing volumes, and running the Disk Cleanup tool. Use caution when assigning this user right. Users with this user right can explore disks and extend...

Integrate Your Ticketing System into Database Security to Prevent DBA Privilege Abuse

Many of the recent high-profile data security breaches were made by trusted insiders. They are often database administrators DBAs who are highly privileged and trusted insiders with access to sensitive data. In this blog post, I will discuss the inherent risk introduced by highly privileged...

BASE base_maintenance.php Authentication Bypass

The remote host is running BASE, a web-based tool for analyzing alerts from one or more SNORT sensors. The version of BASE installed on the remote host allows a remote attacker to bypass authentication to the 'basemaintenance.php' script and then perform selected maintenance tasks. %NASLMINLEVEL...