Dookie

**Name of the Vulnerable Software and Affected Versions** SpiceWorks version 5.3.75941 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `id` parameter to the "api v2.json" API endpoint. **Recommendations** For SpiceWorks version 5.3.75941, avoid using the `id` parameter in the "api v2.json" API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "api v2.json" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SpiceWorks version 5.3.75941 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via specific configurations in snmpd.conf, including the `syslocation`, `syscontact`, or `sysName` parameters. **Recommendations** For SpiceWorks version 5.3.75941, consider restricting access to the snmpd.conf configurations to minimize the risk of exploitation. Avoid using the `syslocation`, `syscontact`, or `sysName` parameters in the snmpd.conf file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP1 through SP2 Microsoft Windows Server 2003 versions up to SP1 Description: A denial of service issue exists, allowing remote attackers to cause the system to hang via an IGMP packet with an invalid IP option. An attacker could send a specially crafted IGMP packet to the affected system, causing it to stop responding. Recommendations: For Microsoft Windows XP versions SP1 through SP2, apply the necessary configuration changes to restrict the handling of IGMP packets. For Microsoft Windows Server 2003 versions up to SP1, restrict access to the system to minimize the risk of exploitation until a fix is available. As a temporary workaround, consider disabling the handling of IGMP v3 packets until a patch is available.