0Menc

**Nome do Software Vulnerável e Versões Afetadas** Fujian Apex LiveBOS versões anteriores a 2.1 **Descrição** Um problema de path traversal existe no componente Endpoint. Um invasor remoto pode manipular o argumento `filename` no endpoint '/feed/UploadImage.do' para acessar ou sobrescrever arquivos fora do diretório pretendido. Path traversal é uma técnica que permite a um invasor ler ou gravar arquivos no servidor usando caracteres especiais como "../" para navegar no sistema de arquivos. **Recomendações** Atualizar para a versão 2.1.

A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Name of the Vulnerable Software and Affected Versions Shandong Hoteam InforCenter PLM versions up to 8.3.8 Description A flaw exists in the function `uploadFileToIIS` within the file `/Base/BaseHandler.ashx` of Shandong Hoteam InforCenter PLM. Manipulation of the `File` argument allows for unrestricted file uploads, potentially exploitable remotely. The exploit is publicly available. Recommendations Update to a version beyond 8.3.8.

**Name of the Vulnerable Software and Affected Versions** Shenzhen Ruiming Technology Streamax Crocus versions up to 1.3.44 **Description** A security issue exists in Shenzhen Ruiming Technology Streamax Crocus. The issue involves a SQL injection affecting an unknown function within the `/RemoteFormat.do` file of the Endpoint component. Manipulation of the `State` argument can lead to SQL injection, and the attack can be launched remotely. The exploit has been publicly disclosed. **Recommendations** Versions prior to 1.3.44 should be updated.

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

**Name of the Vulnerable Software and Affected Versions** Tiandy Easy7 Integrated Management Platform versions prior to 7.17.1 **Description** A security issue exists in Tiandy Easy7 Integrated Management Platform. The manipulation of the `ID` argument in the `/rest/preSetTemplate/getRecByTemplateId` file can lead to SQL injection. This issue may be initiated remotely. The exploit for this issue has been publicly disclosed. **Recommendations** Update Tiandy Easy7 Integrated Management Platform to version 7.17.1 or later.

**Name of the Vulnerable Software and Affected Versions** Tiandy Easy7 Integrated Management Platform version 7.17.0 **Description** A weakness exists in Tiandy Easy7 Integrated Management Platform version 7.17.0. The issue is related to a function within the file `/rest/devStatus/getDevDetailedInfo` of the Endpoint component. Manipulation of the `ID` argument can lead to SQL injection. The attack can be launched remotely. The exploit has been made publicly available. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tiandy Easy7 Integrated Management Platform version 7.17.0 **Description** A flaw exists within the Tiandy Easy7 Integrated Management Platform that allows for unrestricted file uploads. This issue affects the `/rest/file/uploadLedImage` endpoint of the Endpoint component. The `File` parameter can be manipulated to achieve this unrestricted upload, and the attack can be initiated remotely. The exploit for this issue has been publicly released. **Recommendations** Tiandy Easy7 Integrated Management Platform version 7.17.0: Address the unrestricted upload issue in the `/rest/file/uploadLedImage` endpoint by validating the `File` parameter.

**Name of the Vulnerable Software and Affected Versions** Tiandy Easy7 Integrated Management Platform version 7.17.0 **Description** A security flaw exists in Tiandy Easy7 Integrated Management Platform version 7.17.0. The issue is a SQL injection affecting an unknown function within the Endpoint component, specifically through the `/rest/devStatus/queryResources` API endpoint. Manipulation of the `areaId` parameter can trigger the SQL injection. This attack can be initiated remotely. The exploit has been publicly released. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** Tiandy Easy7 Integrated Management Platform version 7.17.0: As a temporary workaround, consider restricting access to the `/rest/devStatus/queryResources` API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tiandy Integrated Management Platform version 7.17.0 **Description** A flaw exists in Tiandy Integrated Management Platform 7.17.0 that could allow for SQL injection. The issue is related to an unknown functionality within the file `/rest/user/getAuthorityByUserId`. Manipulation of the `userId` parameter may lead to a successful exploit. The attack can be initiated remotely, and details of the exploit have been publicly disclosed. The vendor was informed of the issue but did not provide a response. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Technologies Integrated Management Platform version 7.17.0 **Description** A flaw exists in an unknown functionality within the `/SetWebpagePic.jsp` file of the software. Manipulation of the `targetPath`/`Suffix` argument allows for unrestricted file uploads, potentially initiated remotely. The exploit for this issue has been publicly disclosed, and the vendor was informed but did not respond. **Recommendations** Technologies Integrated Management Platform version 7.17.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tiandy Easy7 Integrated Management Platform version 7.17.0 **Description** A security issue exists in Tiandy Easy7 Integrated Management Platform 7.17.0. The issue affects an unknown function within the Device Identifier Handler component, specifically the file `/WebService/UpdateLocalDevInfo.jsp`. Manipulation of the `username`/`password` arguments can bypass authentication. The attack can be initiated remotely. The exploit is publicly available. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Topsec TopACM version 3.0 **Description** A weakness exists in Topsec TopACM 3.0 related to the HTTP Request Handler component and the file '/view/systemConfig/management/nmc sync.php'. Manipulation of the `template path` argument can lead to operating system command injection. The attack can be executed remotely. A public exploit is available. The vendor was contacted regarding this issue but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tiandy Easy7 CMS version 7.17.0 **Description** A flaw exists in Tiandy Easy7 CMS that allows for SQL injection. This issue is related to the manipulation of the `strTBName` argument within the `/Easy7/apps/WebService/GetDBData.jsp` file. The attack can be initiated remotely. The exploit has been published. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do Software Vulnerável e Versões Afetadas** H3C SecCenter SMP-E1114P02 até 20250513 **Descrição** Uma vulnerabilidade foi encontrada na função Download do arquivo /packetCaptureStrategy/download. A manipulação do argumento `Name` resulta em path traversal. É possível executar o ataque remotamente. O exploit foi divulgado ao público e pode ser utilizado. O fornecedor foi contatado antecipadamente sobre esta divulgação, mas não respondeu de nenhuma forma. **Recomendações** Para o H3C SecCenter SMP-E1114P02 até 20250513, como medida de contorno temporária, considere restringir o acesso ao endpoint `/packetCaptureStrategy/download` até que um patch esteja disponível. Evite utilizar o argumento `Name` no endpoint da API afetado até que o problema seja resolvido. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** H3C SecCenter SMP-E1114P02 up to 20250513 **Description** A vulnerability was found in the function `operationDailyOut` of the file `/safeEvent/download`. The manipulation of the argument `filename` leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For H3C SecCenter SMP-E1114P02 up to 20250513, as a temporary workaround, consider restricting access to the `operationDailyOut` function until a patch is available. Avoid using the `filename` argument in the affected file `/safeEvent/download` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do Software Vulnerável e Versões Afetadas** H3C SecCenter SMP-E1114P02 até 20250513 **Descrição** Uma vulnerabilidade crítica foi encontrada no H3C SecCenter SMP-E1114P02, afetando alguma funcionalidade desconhecida do arquivo /safeEvent/importFile/. A manipulação do argumento `logGeneralFile/logGeneralFile 2` resulta em upload irrestrito. O ataque pode ser executado remotamente. O exploit foi divulgado publicamente e pode ser utilizado. O fabricante foi contatado antecipadamente sobre esta divulgação, mas não respondeu de forma alguma. **Recomendações** Para o H3C SecCenter SMP-E1114P02 até 20250513, como uma solução temporária, considere desativar a funcionalidade de importação no arquivo /safeEvent/importFile/ para minimizar o risco de exploração. Restrinja o acesso ao argumento `logGeneralFile/logGeneralFile 2` para prevenir upload irrestrito. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do Software Vulnerável e Versões Afetadas** H3C SecCenter SMP-E1114P02 até 20250513 **Descrição** Uma falha crítica afeta a função `fileContent` do arquivo `/cfgFile/fileContent`. A manipulação do argumento `filePath` resulta em atravessamento de caminho. Esta falha pode ser explorada remotamente. O fabricante foi contatado sobre esta divulgação, mas não respondeu. **Recomendações** Para o H3C SecCenter SMP-E1114P02 até 20250513, como solução alternativa temporária, considere restringir o acesso à função `fileContent` para minimizar o risco de exploração. Evite usar o argumento `filePath` no arquivo afetado até que a falha seja resolvida. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do Software Vulnerável e Versões Afetadas** H3C SecCenter SMP-E1114P02 até 20250513 **Descrição** Uma vulnerabilidade foi encontrada na função Download do arquivo /cfgFile/1/download. A manipulação do argumento `Name` leva à travessia de caminho. O ataque pode ser iniciado remotamente. **Recomendações** Para o H3C SecCenter SMP-E1114P02 até 20250513, considere restringir o acesso à função Download do arquivo /cfgFile/1/download para minimizar o risco de exploração. Evite usar o argumento `Name` no arquivo afetado até que o problema seja resolvido. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.