Kwangyun

**Name of the Vulnerable Software and Affected Versions** ScreenToGif versions prior to 2.42.1 **Description** ScreenToGif is susceptible to a DLL sideloading issue via the `version.dll` file. When the portable executable is launched from a directory writable by the user, it loads `version.dll` from the application directory instead of the standard Windows System32 directory. This allows for the execution of arbitrary code within the user's context. The application is commonly distributed as a portable application, making it frequently run from user-writable locations, which increases the risk. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** osctrl versions prior to 0.5.0 **Description** osctrl is a management solution for osquery. A command injection issue exists in the `osctrl-admin` environment configuration before version 0.5.0. An authenticated administrator can inject arbitrary shell commands through the hostname parameter when creating or editing environments. These commands are embedded into enrollment scripts generated using Go's `text/template` package, which does not perform shell escaping, and execute on every endpoint that enrolls using the compromised environment. An attacker with administrator access can achieve remote code execution on every endpoint that enrolls using the compromised environment. Commands execute as root/SYSTEM before osquery is installed, leaving no agent-level audit trail. This enables backdoor installation, credential exfiltration, and full endpoint compromise. The **API endpoint** used for environment configuration is within the `osctrl-admin` interface. The vulnerable parameter is `hostname`. **Recommendations** Restrict osctrl administrator access to trusted personnel. Review existing environment configurations for suspicious hostnames. Monitor enrollment scripts for unexpected commands.

**Name of the Vulnerable Software and Affected Versions** osctrl versions prior to 0.5.0 **Description** osctrl is an osquery management solution. A stored cross-site scripting (XSS) issue exists in the `osctrl-admin` on-demand query list. A user with query-level permissions can inject arbitrary JavaScript via the query parameter when running an on-demand query. The payload is stored and executes in the browser of any user, including administrators, who visits the query list page. This can be combined with Cross-Site Request Forgery (CSRF) token extraction to escalate privileges and perform actions as the logged-in user. An attacker with query-level permissions can execute arbitrary JavaScript in the browsers of all users who view the query list, potentially leading to full platform compromise if an administrator executes the payload. **Recommendations** Restrict query-level permissions to trusted users. Monitor the query list for suspicious payloads. Review osctrl user accounts for unauthorized administrators.

**Nome do software vulnerável e versões afetadas** Versões do LinkAce anteriores à 1.15.6 **Descrição** Existe uma vulnerabilidade de cross-site scripting (XSS) refletido no campo “URL” do módulo “Editar Link”, onde a entrada do usuário não é devidamente sanitizada ou codificada antes de ser refletida na resposta HTML. Isso permite que invasores injetem e executem JavaScript arbitrário no contexto do navegador da vítima, levando a possíveis sequestros de sessão, roubo de dados e ações não autorizadas. **Recomendações** Para versões anteriores à 1.15.6, atualize para a versão 1.15.6 para resolver o problema. Como solução alternativa temporária, considere restringir a entrada do usuário no campo “URL” do módulo “Editar Link” para minimizar o risco de exploração.

**Nome do software vulnerável e versões afetadas** Versões do LinkAce anteriores à 1.15.6 **Descrição** O problema ocorre na funcionalidade “Importar Favoritos”, na qual é possível fazer upload de arquivos HTML maliciosos contendo cargas de JavaScript. Essas cargas são executadas quando os links enviados são acessados, levando a possíveis cenários de XSS refletido ou persistente. **Recomendações** Para versões anteriores à 1.15.6, atualize para a versão 1.15.6 para resolver o problema. Como solução temporária, considere desativar a funcionalidade “Importar Favoritos” até que um patch esteja disponível. Restrinja o acesso aos links enviados para minimizar o risco de exploração. Evite usar o recurso “Importar Favoritos” com arquivos não confiáveis até que o problema seja resolvido.