Craig Arendt

**Name of the Vulnerable Software and Affected Versions** SeedDMS versions prior to 5.1.8 **Description** The issue allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. This can be used to extract, change, or delete sensitive information within the database, and potentially run system commands on the underlying operating system. **Recommendations** For versions prior to 5.1.8, update to version 5.1.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Users management" functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EpubCheck version 4.0.1 **Description** The issue allows an attacker to exploit the behavior of EpubCheck when parsing XML in EPUB files during validation, potentially enabling them to read arbitrary files or have the victim execute arbitrary requests on their behalf. This is possible because EpubCheck does not properly restrict resolving external entities. **Recommendations** For EpubCheck version 4.0.1, consider disabling the XML parsing functionality for external entities until a patch is available. Restrict access to sensitive files and network resources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.4 **Description** The issue is related to the iBooks component and involves a lack of protection for service data. It allows remote attackers to obtain sensitive information from local files via a file: URL in an iBooks file. **Recommendations** For macOS versions prior to 10.12.4, update to version 10.12.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the iBooks component to minimize the risk of exploitation. Avoid using the file: URL scheme in iBooks files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Transporter versions prior to 1.9.2 **Description** The issue involves the `iTMSTransporter` component, which allows attackers to obtain sensitive information via a crafted EPUB. **Recommendations** For Transporter versions prior to 1.9.2, update to version 1.9.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MODX Revolution versions prior to 2.2.14 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the session ID (PHPSESSID) to index.php. Additionally, remote authenticated users can execute arbitrary SQL commands via the `user` parameter to connectors/security/message.php or the `id` parameter to manager/index.php. **Recommendations** For MODX Revolution versions prior to 2.2.14, update to version 2.2.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the `connectors/security/message.php` and `manager/index.php` endpoints until a patch is available. Avoid using the `user` and `id` parameters in the affected API endpoints until the issue is resolved.