βΌ CVE-2021-41637 βΌ
π Read
via "National Vulnerability Database".
Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41636 βΌ
π Read
via "National Vulnerability Database".
MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to break out of the FTP servers root directory and operate on the entire operating system, while the access restrictions of the user running the FTP server apply.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41634 βΌ
π Read
via "National Vulnerability Database".
A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid FTP usernames.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41638 βΌ
π Read
via "National Vulnerability Database".
The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-41639 βΌ
π Read
via "National Vulnerability Database".
MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41635 βΌ
π Read
via "National Vulnerability Database".
When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system.π Read
via "National Vulnerability Database".
β OpenSSL issues a bugfix for the previous bugfix β
π Read
via "Naked Security".
Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.π Read
via "Naked Security".
Naked Security
OpenSSL issues a bugfix for the previous bugfix
Fortunately, itβs not a major bugfix, which means itβs easy to patch and can teach us all some useful lessons.
π Friday Five 6/24 π
π Read
via "".
Read about how daycare apps may be putting your security at risk, why to double-check before ordering your COVID-19 test, the newest cybersecurity legislation signed into law, and more in this week's Friday Five!
π Read
via "".
βΌ CVE-2022-2104 βΌ
π Read
via "National Vulnerability Database".
The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash).π Read
via "National Vulnerability Database".
βΌ CVE-2022-1745 βΌ
π Read
via "National Vulnerability Database".
The authentication mechanism used by technicians on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker with physical access may use this to gain administrative privileges on a device and install malicious code or perform arbitrary administrative actions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1518 βΌ
π Read
via "National Vulnerability Database".
LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1739 βΌ
π Read
via "National Vulnerability Database".
The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to detect tampering. An attacker could leverage this vulnerability to install malicious code, which could also be spread to other vulnerable ImageCast X devices via removable media.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1668 βΌ
π Read
via "National Vulnerability Database".
Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2102 βΌ
π Read
via "National Vulnerability Database".
Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32209 βΌ
π Read
via "National Vulnerability Database".
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags: ["select", "style"] %>```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])```All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21829 βΌ
π Read
via "National Vulnerability Database".
Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing Γ’β¬Λconcrete_secureΓ’β¬β’ instead of Γ’β¬ΛconcreteΓ’β¬β’. Concrete now only makes requests over https even a request comes in via http. Concrete CMS security team ranked this 8 with CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Credit goes to Anna for reporting HackerOne 1482520.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30117 βΌ
π Read
via "National Vulnerability Database".
Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesnΓ’β¬β’t allow traversal and by changing isFullChunkFilePresent to have an early false return when input doesn't match expectations.Concrete CMS Security team ranked this 5.8 with CVSS v3.1 vector AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H. Credit to Siebene for reporting.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1741 βΌ
π Read
via "National Vulnerability Database".
The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1744 βΌ
π Read
via "National Vulnerability Database".
Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1666 βΌ
π Read
via "National Vulnerability Database".
The default password for the web applicationΓ’β¬β’s root user (the vendorΓ’β¬β’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30120 βΌ
π Read
via "National Vulnerability Database".
XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reportingπ Read
via "National Vulnerability Database".