Infosec-Au

Name of the Vulnerable Software and Affected Versions: DNN (formerly DotNetNuke) versions 6.0.0 through 10.0.0 Description: The issue allows a specially crafted series of malicious interactions to potentially expose NTLM hashes to a third-party SMB server. This is a problem in the DNN.PLATFORM, part of the DNN content management system within the Microsoft ecosystem. Recommendations: For versions 6.0.0 through 10.0.0, update to version 10.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the DNN.PLATFORM to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TelescopeJS versions prior to 0.15 **Description** The issue allows remote attackers to obtain user bcrypt password hashes via a cross-site scripting attack, as these hashes are leaked in websocket messages. **Recommendations** For versions prior to 0.15, update to version 0.15 or later to resolve the issue. As a temporary workaround, consider restricting access to websocket messages to minimize the risk of exploitation.