Dino Barlattani

**Name of the Vulnerable Software and Affected Versions** sleuthkit fls tool version 4.11.1 **Description** The issue allows attackers to execute arbitrary commands via a crafted value to the `m` parameter. This is an OS Command injection vulnerability. Note that there is a dispute regarding the impact of this issue, as some parties claim that the backtick command does not execute outside the context of the user account that entered the command line. **Recommendations** For sleuthkit fls tool version 4.11.1, consider restricting the use of the `m` parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using crafted values for the `m` parameter. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SolarWinds DameWare Mini Remote Control version 10.0 **Description** The issue is related to a Buffer Overflow in the DWRCC component of SolarWinds DameWare Mini Remote Control, specifically associated with the size field for the machine name. **Recommendations** For SolarWinds DameWare Mini Remote Control version 10.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico version 1.7.0 **Description** The issue concerns a security problem where an attacker can execute malicious scripts. This is possible due to the presence of a flaw in the "secret/relogoff.aspx" endpoint, specifically through the `Error Desc` parameter. **Recommendations** For AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico version 1.7.0, as a temporary workaround, consider restricting access to the "secret/relogoff.aspx" endpoint until a patch is available. Avoid using the `Error Desc` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OPAC EasyWeb Five version 5.7 **Description** An issue was discovered that allows SQL injection via the "w2001/index.php?scelta=campi biblio" parameter. **Recommendations** For OPAC EasyWeb Five version 5.7, consider restricting access to the vulnerable parameter `scelta` in the "w2001/index.php" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zimbra Collaboration versions prior to 8.7.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For versions prior to 8.7.0, update to version 8.7.0 or later to resolve the issue.