#linux

The application is vulnerable to sensitive directory indexing / information disclosure vulnerability. An unauthenticated attacker can visit the log directory and disclose the server's log files containing sensitive and system information.

The application suffers from an unauthenticated stored XSS vulnerability that results in stored JS code and authentication bypass. The issue is triggered when input passed to the 'username' parameter is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The application suffers from an unauthenticated directory traversal file write vulnerability. Input passed through the 'filename' POST parameter called by the 'upgrade.php' script is not properly verified before being used to upload .upgbox Firmware files. This can be exploited to write to arbitrary locations on the system via directory traversal attacks.

The server binary has hard-coded credentials within its Linux and Windows distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device. To add/modify other credentials you need to use the SOUND4 Remote Control thick client.

The application allows an unauthenticated attacker to send network signals to an arbitrary target host that can be abused in an ICMP flooding attack. This includes the utilisation of the ping, traceroute and nslookup commands through ping.php, traceroute.php and dns.php respectively.

A vulnerability classified as critical was found in scifio. Affected by this vulnerability is the function downloadAndUnpackResource of the file src/test/java/io/scif/util/DefaultSampleFilesService.java of the component ZIP File Handler. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is fcb0dbca0ec72b22fe0c9ddc8abc9cb188a0ff31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215803.

Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.

<p>Today we present a new way to use the <strong><a href="https://www.redhat.com/en/technologies/management/insights">Red Hat Insights</a></strong> Advisor service by <a href="https://access.redhat.com/articles/6981482">using system tags</a> to enable extended security hardening recommendations.</p> <p>Not all systems are equal. For example, a web server and a workstation have different security profiles. For systems with extended

Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability

Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects. The Go-based tool, powered by the Open Source Vulnerabilities (OSV) database, is designed to connect "a project's list of dependencies with the vulnerabilities that affect them," Google software engineer Rex Pan in a post shared