Max Segura

**Name of the Vulnerable Software and Affected Versions** EnGenius EWS660AP version 2.0.284 **Description** The issue allows an attacker to execute arbitrary commands using the built-in `ping` and `traceroute` utilities by injecting multiple parameters with different payloads. **Recommendations** For EnGenius EWS660AP version 2.0.284, update to a later firmware version to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Multi-Tech FaxFinder versions prior to 5.1.6 **Description** The issue allows an attacker to perform SQL Injection via the "status/call details?oid=" URI, enabling them to extract the underlying database schema and potentially disclose other fax server information through different injection points. **Recommendations** For versions prior to 5.1.6, update to version 5.1.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the "status/call details?oid=" URI to minimize the risk of exploitation.