PT-2026-40033

A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...

EUVD-2014-4723

Malware in sbrugna...

EUVD-2014-3090

Malware in sbrugna...

Wallets As Universal Access Devices

Wallets are access points for the digital economys value creation. Wallets for blockchains store the end-users cryptographic keys for administrating their digital assets and enable access to blockchain Web3 systems. Web3 delivers new service opportunities. This chapter focuses on the Web3 enabled...

GHSA-FPM5-2WCJ-VFR7 codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service

Summary Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user is generated in a weak manner, cannot be disabled, and has universal access. Details Until CodeChecker version 6.24.1 there was an auto-generated super-user account...

CVE-2024-10082

Summary (CVE-2024-10082) CodeChecker (Clang Static Analyzer/Tidy tooling) up to version 6.24.1 contains an authentication flaw: an auto-generated built-in root user with superuser permissions that cannot be disabled. An attacker who can create an account on an enabled external authentication serv...

CVE-2024-6269

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function getip.addrdetails of the file /view/vpn/autovpn/sxhvpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection. T...

Public AI as an Alternative to Corporate AI

This mini-essay was my contribution to a round table on Power and Governance in the Age of AI. Its nothing I havent said here before, but for anyone who hasnt read my longer essays on the topic, its a shorter introduction. The increasingly centralized control of AI is an ominous sign. When tech...

How Public AI Can Strengthen Democracy

With the worlds focus turning to misinformation, manipulation, and outright propaganda ahead of the 2024 U.S. presidential election, we know that democracy has an AI problem. But were learning that AI has a democracy problem, too. Both challenges must be addressed for the sake of democratic...

Fedora: Security Advisory for nextcloud (FEDORA-2021-9b421b78af)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: IBM Cúram Universal Access is vulnerable to CRLF Injection attack when not deployed on IBM WebSphere. (CVE-2014-4803)

Summary The Universal Access component of IBM Cúram Social Program Management, when not deployed on IBM WebSphere Application Server, is vulnerable to CRLF Injection attack; this is caused by improper sanitization/escaping of a parameter on one page. Vulnerability Details CVEID: CVE-2014-4803 A...

Security Bulletin: A page in IBM Curam Universal Access contains a risk of Sensitive Information Exposure(CVE-2014-4804)

Summary It may be possible for a remote attacker to access sensitive information about a user and associated data via a single page in IBM Curam Universal Access. Vulnerability Details CVEID: CVE-2014-4804 It may be possible for a remote attacker to access sensitive information via a particular...

Security Bulletin: IBM Cúram Universal Access V6.0.5.5 can be vulnerable to CRLF Injection attack (CVE-2014-3069)

Summary IBM Cúram Universal Access is vulnerable to CRLF Injection attack when not deployed on IBM WebSphere. Vulnerability Details CVE ID: CVE-2014-3069 DESCRIPTION: The Universal Access component of IBM Cúram Social Program Management, when not deployed on IBM WebSphere Application Server, is...

Security Bulletin: IBM Cúram Universal Access exposes caseworker usernames under specific circumstances.(CVE-2014-4843).

Summary IBM Universal Access contains a page where internal caseworker usernames are exposed as part of a URL. This information could be used in subsequent attacks against that particular user, e.g. to cause account lockout. Vulnerability Details CVE-2014-4843 CVSS Base Score: 4.3 CVSS Temporal...

IBM Curam Social Program Management Curam Universal Access Information Disclosure Vulnerability (CNVD-2017-09517)

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM in the United States. The solution supports the end-to-end process of social program delivery.Curam Universal Access is a suite of software solutions. An information disclosure vulnerability exists ...

Design/Logic Flaw

Curam Universal Access in IBM Curam Social Program Management SPM 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL...

CVE-2014-4843

IBM Cúram Universal Access in Curam SPM exposes internal caseworker usernames via a URL under specific versions: 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5. Root cause is information disclosure through URL construction. Impact: partial confidentiality compromise of ...

Apple Mac OSX 10.910 - Local Privilege Escalation

Apple Mac OSX 10.910 - Local Privilege Escalation / osx-irony-assist.m Copyright c 2010 by Apple MACOS X include import import / where you want to write it! / define BACKDOORBIN "/var/db/.AccessibilityAPIEnabled" int doassistivecopyconst char spath, const char dpath NSAutoreleasePool pool =...

Apple Mac OSX < 10.9/10 - Local Privilege Escalation

/ osx-irony-assist.m Copyright c 2010 by Apple MACOS X include import import / where you want to write it! / define BACKDOORBIN "/var/db/.AccessibilityAPIEnabled" int doassistivecopyconst char spath, const char dpath NSAutoreleasePool pool = NSAutoreleasePool alloc init; id authenticatorInstance,...

IBM Curam Social Program Management Curam Universal Access Information Disclosure Vulnerability

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A security vulnerability exists in Curam Universal Access for IBM Curam SPM, which allows a remote attacker to access th...