Francois Harvey

**Nome do software vulnerável e versões afetadas** Copymatic – AI Content Writer & Generator, versões 1.6 e anteriores **Descrição** O problema está relacionado a um carregamento irrestrito de arquivos de tipos perigosos, o que afeta o Copymatic – AI Content Writer & Generator. Isso permite o carregamento de arquivos com tipos potencialmente perigosos, representando um risco. **Recomendações** Para o Copymatic – AI Content Writer & Generator versões 1.6 e anteriores, considere restringir o upload de arquivos para permitir apenas tipos de arquivos seguros até que uma correção esteja disponível. Como solução alternativa temporária, desativar o recurso de upload de arquivos pode ajudar a minimizar o risco de exploração.

**Nome do software vulnerável e versões afetadas** Solid Affiliate versões 1.9.1 e anteriores **Descrição** O problema está relacionado à inserção de informações confidenciais em arquivos de log. Isso poderia expor dados confidenciais. **Recomendações** Para as versões 1.9.1 e anteriores do Solid Affiliate, no momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Asterisk@Home versions prior to 2.8 **Description** The issue allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the `recording` parameter in the Asterisk Recording Interface (ARI) web interface. This can also be used to determine the existence of files. **Recommendations** For versions prior to 2.8, update to version 2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the recordings/misc/audio.php file to minimize the risk of exploitation. Avoid using the `recording` parameter with full pathnames in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Barracuda Spam Firewall versions 3.1.16 through 3.1.17 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `f` parameter in the img.pl file. **Recommendations** For versions 3.1.16 and 3.1.17, avoid using the `f` parameter in the img.pl file until a fix is available. As a temporary workaround, consider restricting access to the img.pl file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Barracuda Spam Firewall versions 3.1.16 through 3.1.17 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `f` parameter of the img.pl file. **Recommendations** For versions 3.1.16 and 3.1.17, consider restricting access to the img.pl file until a patch is available. As a temporary workaround, avoid using the `f` parameter in the img.pl file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Barracuda Spam Firewall versions 3.1.16 through 3.1.17 **Description** The issue allows remote attackers to read portions of source code via the -f option to `dig device.cgi`, determine file existence via the -r argument to `tcpdump device.cgi`, or modify files in the cgi-bin directory via the -w argument to `tcpdump device.cgi`. **Recommendations** For versions 3.1.16 and 3.1.17, consider restricting access to the `dig device.cgi` and `tcpdump device.cgi` scripts until a patch is available. As a temporary workaround, avoid using the -f option with `dig device.cgi`, the -r argument with `tcpdump device.cgi`, and the -w argument with `tcpdump device.cgi` to minimize the risk of exploitation.