Lastxuan

**Name of the Vulnerable Software and Affected Versions** Netcore Power 15AX versions up to 3.0.0.6938 **Description** A security flaw exists in Netcore Power 15AX up to version 3.0.0.6938. This issue involves the `setTools` function within the `/bin/netis.cgi` file of the Diagnostic Tool Interface component. Manipulation of the `IpAddr` argument can lead to os command injection. Remote exploitation is possible. The exploit has been publicly released. The vendor was contacted but did not respond. **Recommendations** Versions prior to 3.0.0.6938 should be updated. As a temporary workaround, restrict access to the `/bin/netis.cgi` file. Avoid using the `IpAddr` argument in the `setTools` function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** bolo-blog version 2.6.4 **Description** A security issue exists in bolo-blog 2.6.4. The affected element is a function within the file `/console/article/` of the Article Title Handler component. Manipulating the `articleTitle` argument can lead to cross site scripting. This attack can be initiated remotely. An exploit for this issue has been publicly released. The project was notified of the problem through an issue report but has not yet responded. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.