Fara Rustein

**Name of the Vulnerable Software and Affected Versions** Epicor Enterprise version 7.4 before FS74SP6 HotfixTL054181 **Description** The issue allows attackers to obtain sensitive information, including the database connection and email connection passwords, by reading the HTML source code of the database connection and email settings page. **Recommendations** For Epicor Enterprise version 7.4 before FS74SP6 HotfixTL054181, apply the FS74SP6 HotfixTL054181 patch to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Tftpd32 versions prior to 4.50 **Description** The issue is related to a format string vulnerability in the client. This vulnerability can be exploited by remote servers, potentially leading to a denial of service (crash) or the execution of arbitrary code. The exploitation occurs through format string specifiers in the Remote File field. **Recommendations** For versions prior to 4.50, update to version 4.50 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SilverStripe version 3.0.3 **Description** The issue allows remote attackers to conduct phishing attacks without detection by the victim, as the `security/MemberLoginForm.php` in the affected version supports login using a GET request. **Recommendations** For SilverStripe version 3.0.3, consider modifying the `security/MemberLoginForm.php` to only support login via POST requests to mitigate the risk of phishing attacks.