Paul J Docherty

Name of the Vulnerable Software and Affected Versions: Spectrum Cash Receipting System versions prior to 6.504 Description: The issue concerns the use of weak cryptography, specifically static substitution, in the PASSFILE password file. This weakness makes it easier for local users to gain privileges by decrypting a password. Recommendations: For versions prior to 6.504, update to version 6.504 or later to resolve the issue. As a temporary workaround, consider restricting access to the PASSFILE password file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Toshiba ACPI BIOS version 1.6 **Description** The issue is related to an error in the BIOS that causes it to only examine the first slot in the Master Boot Record (MBR) table for an active partition. This prevents the system from booting even if the MBR is not malformed. It has been debated whether this issue poses a security risk, as administrative privileges would be required to exploit it, and other denial-of-service (DoS) attacks are possible with such privileges. **Recommendations** For Toshiba ACPI BIOS version 1.6, consider updating to a newer version of the BIOS that addresses this issue, if available. As a temporary workaround, ensure that the first slot in the MBR table contains an active partition to allow the system to boot. However, since the provided information does not specify a fixed version, it is essential to check with the manufacturer for updates. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Webseries Payment Application (affected versions not specified) **Description** The issue concerns the Webseries Payment Application, which fails to properly restrict privileged operations. This allows remote authenticated users to gain privileges by directly accessing certain URLs, such as "/admin/dashboard" or "/users/{id}", potentially exploiting vulnerable parameters like `username` or `user id`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EMotion MediaPartner Web Server version 5.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary HTML or web script. This can be demonstrated using a URL containing .. sequences and HTML, resulting in a directory browsing page that does not properly filter the HTML. **Recommendations** For EMotion MediaPartner Web Server version 5.0, consider implementing proper HTML filtering for the directory browsing page to prevent arbitrary HTML or web script injection. As a temporary workaround, restrict access to the directory browsing functionality until a proper fix is available.

**Name of the Vulnerable Software and Affected Versions** EMotion MediaPartner Web Server version 5.0 **Description** A directory traversal issue allows remote attackers to read arbitrary files by including a .. (dot dot) in the URL. **Recommendations** For EMotion MediaPartner Web Server version 5.0, consider restricting access to sensitive files and directories as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** eMotion MediaPartner Web Server versions 5.0 through 5.1 **Description** The issue allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file. This can happen when the file contains a `dot` (.) or a `plus sign` (+) at the end, which then returns the source code for that file. **Recommendations** For versions 5.0 through 5.1, consider restricting access to .bhtml files to minimize the risk of exploitation. As a temporary workaround, avoid using .bhtml files that contain a `dot` (.) or a `plus sign` (+) at the end until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Bottomline Webseries Payment Application (affected versions not specified) **Description** The issue concerns the change password functionality, which does not require the old password when entering a new one. This could allow remote authenticated users to change other users' passwords. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bottomline Webseries Payment Application (affected versions not specified) **Description** The issue allows remote attackers to read arbitrary files on the network by utilizing a report template with modified `ReportPath` or `ReportName` values. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.