Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...

[SECURITY] Fedora 44 Update: perl-Catalyst-Plugin-Authentication-0.10026-1.fc44

The authentication plugin provides generic user support for Catalyst apps. It is the basis for both authentication checking the user is who they claim to be, and authorization allowing the user to do what the system authorizes them to do...

USN-5376-6: Git regression

USN-5376-4 fixed a regression in Git. This update provides the corresponding update for Ubuntu 18.04 LTS. We apologize for the inconvenience. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could...

Understanding Content Moderation Policies and User Experiences in Generative AI Products

While recent research has focused on developing safeguards for generative AI GAI model-level content safety, little is known about how content moderation to prevent malicious content performs for end-users in real-world GAI products. To bridge this gap, we investigated content moderation policies...

GHSA-MFJ5-CF8G-G2FV AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s

Summary When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that have the same name from the cookie jar. For services that operate with multiple users, this can result in one user's Cookie...

mblog 代码问题漏洞

langhsu mblog is langhsu open source an application system . Open source Java blog system , support for multi-user , support for switching themes . mblog version 3.5.0 security vulnerabilities , the vulnerability stems from the existence of operating system command injection vulnerability ,...

Cloak - A Censorship Circumvention Tool To Evade Detection By Authoritarian State Adversaries

Cloak is a pluggable transport that enhances traditional proxy tools like OpenVPN to evade sophisticated censorship and data discrimination. Cloak is not a standalone proxy program. Rather, it works by masquerading proxied traffic as normal web browsing activities. In contrast to traditional tool...

SUSE-SU-2022:1105-1 Security update for util-linux

This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. bsc1194642 - Prevent root owning of /var/lib/libuuid/clock.txt. bsc1194642 - Warn if uuidd lock state is not usable. bsc1194642...

Mblog Cross-Site Scripting Vulnerability (CNVD-2021-26162)

Mblog is an open source Java blog system , support for multi-user , support for switching themes. Mblog 3.5 has a cross-site scripting vulnerability that can be exploited to inject arbitrary Web script or HTML via the nickname field in /settings/profile...

DeimosC2 - A Golang Command And Control Framework For Post-Exploitation

DeimosC2 is a post-exploitation Command & Control C2 tool that leverages multiple communication methods in order to control machines that have been compromised. DeimosC2 server and agents works on, and has been tested on, Windows, Darwin, and Linux. It is entirely written in Golang with a front e...

Solutions for Handling ".ica" Files in Web Browsers

Note : This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer toCTX297149for more information. When launching an application or desktop via an Internet Browser Google Chrome, Firefox, Intern...

ADC SAML Error : “Malformed Assertion sent to NetScaler; Please contact your administrator”

End user getting the error message : “Malformed Assertion sent to NetScaler; Please contact your administrator” after authenticating at IDP ADFS v3...

Hashtopolis - A Hashcat Wrapper For Distributed Hashcracking

Hashtopolis is a multi-platform client-server tool for distributing hashcat tasks to multiple computers. The main goals for Hashtopolis's development are portability, robustness, multi-user support, and multiple groups management. The application has two parts: Agent Multiple clients C, Python,...

Error "Your smart card does not have a valid certificate" when using Citrix Receiver for iOS 7.3 with iOS 11

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. When users try to connect to Storefront orNetScaler Gateway using smart cards PIV or CAC using Citri...

ACR/SR Behavior Change with Receiver for Windows 4.7

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. ACR/SR is enabled out-of-the-box after users upgrade XenApp/XenDesktop to 7.13 or newer along with...

Error "Cannot Connect to Server" when configuring receiver externally

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. While configuring the receiver; We may get the error message still beacons are perfect to connect...

[Dexter] A Free Tool for Mobile (Android) Malware Analysis

Bluebox Labs just released Dexter, a free tool which wants to help information security professionals and malware analysts to analyze Android mobile applications in order to find malware and vulnerabilities. .png Dexter combines manual and automatic static program analysis to provide a better...

JonDo 00.16.001 Released - Automatic error recognition and easier usability

JonDo 00.16.001 Released - Automatic error recognition and easier usability JonDos publishes a new version of the JonDo-Software, an IP changer and IP anonymization program, that you can use for anonymous surfing in the Internet with high security anonymous proxy servers. What is JonDo? JonDo is ...

[SECURITY] Fedora 14 Update: wordpress-mu-2.9.2-3.fc14

WordPress-MU is a derivative of the WordPress blogging codebase, to allow one instance to serve multiple users...

Fedora 11 : systemtap-1.1-1.fc11 (2010-0671)

Fixes CVE-2009-4273 Bugzilla 550172: https://bugzilla.redhat.com/showbug.cgi?id=CVE-2009-4273 New upstream release containing new features and bug fixes: better support for gcc 4.5 richer DWARF debuginfo, new preprocessor conditional for kernel 'CONFIG' testing, improved experimental unprivileged...