Improper Ownership Management

Overview Affected versions of this package are vulnerable to Improper Ownership Management in the AuthManager process. An attacker can cause the association of a temporary account's username and IP address with a real username in AbuseLog by creating a permanent account from a temporary account...

CVE-2025-6592 Creating a permanent account from a temporary account associates temp username and IP address with real username in AbuseLog

Vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects AbuseFilter: from fe0b1cb9e9691faf4d8d9bd80646589f6ec37615 before 1.43.2, 1.44.0...

CVE-2025-6592

CVE-2025-6592 affects Wikimedia Foundation AbuseFilter, specifically the AuthManager.php component. The issue impacts AbuseFilter versions prior to 1.43.2 and 1.44.0. Red Hat, Debian, and OSV records corroborate the vulnerability in AbuseFilter/AuthManager.php and reference affected versions. Sny...

CVE-2025-6592 Creating a permanent account from a temporary account associates temp username and IP address with real username in AbuseLog

Vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects AbuseFilter: from fe0b1cb9e9691faf4d8d9bd80646589f6ec37615 before 1.43.2, 1.44.0...

EUVD-2015-8001

Malware in sbrugna...

Cross site scripting

Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code...

CVE-2023-26449

The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker...

PYSEC-2023-313

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is...

[SECURITY] Fedora 23 Update: xguest-1.0.10-33.fc23

Installing this package sets up the xguest user to be used as a temporary account to switch to or as a kiosk user account. The account is disabled un less SELinux is in enforcing mode. The user is only allowed to log in via graphi cal login program. The home and temporary directories of the user...

[SECURITY] Fedora 24 Update: xguest-1.0.10-34.fc24

Installing this package sets up the xguest user to be used as a temporary account to switch to or as a kiosk user account. The account is disabled un less SELinux is in enforcing mode. The user is only allowed to log in via graphi cal login program. The home and temporary directories of the user...