Mc Iglo

**Name of the Vulnerable Software and Affected Versions** Windows Mobile 6 **Description** The issue allows physically proximate attackers to bypass password authentication and obtain WLAN access by exploiting the auto-completion mechanism for the password input field, which has access to WLAN passwords. **Recommendations** For Windows Mobile 6, consider disabling the auto-completion feature for password input fields as a temporary workaround to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zwahlen Online Shop (affected versions not specified) **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `cat` parameter in the article.htm file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HLStats version 1.34 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This can be achieved via several parameters, including the `game` parameter in players mode, the `weapon` parameter in weaponinfo mode, the `st` parameter in search mode, the `action` parameter in actioninfo mode, and the `map` parameter in mapinfo mode. **Recommendations** For HLStats version 1.34, as a temporary workaround, consider restricting access to the affected parameters, such as `game`, `weapon`, `st`, `action`, and `map`, until a patch is available. Avoid using these parameters in the respective modes until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Guder und Koch Netzwerktechnik Eichhorn Portal (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. The potentially vulnerable parameters include `profil nr` and `sprache` in the main portion of the portal, `suchstring` field in `suchForm`, `GaleryKey` and `Breadcrumbs` parameters in the gallerie module, and the `GGBNSaction` parameter in the ggbns module. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Guder und Koch Netzwerktechnik Eichhorn Portal (affected versions not specified) **Description** The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. The attack vectors may include the `profil nr` and `sprache` parameters in the main portion of the portal, the `suchstring` field in `suchForm`, the `GaleryKey` and `Breadcrumbs` parameters in the gallerie module, and the `GGBNSaction` parameter in the ggbns module. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OMEGA (aka Omegasoft) INterneSErviesLosungen (INSEL) (affected versions not specified) **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `WCE` parameter in the OmegaMw7a.ASP file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.