Redguard Ag

Name of the Vulnerable Software and Affected Versions VertiGIS FM version 10.5.00119 (0d29d428) Description A local file inclusion issue exists in the upload/download functionality of VertiGIS FM. Authenticated attackers can read arbitrary files from the server by manipulating a file's path during upload. Downloading the file then returns the attacker-controlled file. The ASP.NET architecture may allow for remote code execution if the `web.config` file is obtained. UNC path resolution may also enable NTLM-relaying attacks. Recommendations Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EZCast Pro II version 1.17478.146 **Description** A Cross-Site Request Forgery exists in the Admin UI. This allows attackers to bypass authorization checks and gain full access to the admin UI. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EZCast Pro II version 1.17478.146 **Description** The Admin UI of EZCast Pro II utilizes well-known default credentials, potentially allowing attackers to gain access to protected areas within the web application. **Recommendations** Change the default credentials for the Admin UI.

**Name of the Vulnerable Software and Affected Versions** EZCast Pro II version 1.17478.146 **Description** The Admin UI of EZCast Pro II contains cross-site scripting flaws. Successful exploitation allows attackers to execute arbitrary JavaScript code within the browser of other Admin UI users. **Recommendations** Update to a newer version that contains a fix for this vulnerability.