Robin Peraglie

**Nome do software vulnerável e versões afetadas** xfce4-settings versões 4.16.3 e anteriores, 4.17.x anteriores à 4.17.1 **Descrição** Existe uma vulnerabilidade de injeção de argumentos no xfce4-mime-helper do pacote xfce4-settings. Essa vulnerabilidade permite a injeção de argumentos, o que pode ser potencialmente explorado. **Recomendações** Para as versões 4.16.3 e anteriores, atualize para a versão 4.16.4 ou posterior. Para as versões 4.17.x anteriores à 4.17.1, atualize para a versão 4.17.1 ou posterior.

**Nome do software vulnerável e versões afetadas: Versões do Open Container Initiative umoci anteriores à 0.4.7 Descrição: A vulnerabilidade permite que invasores sobrescrevam caminhos de host arbitrários por meio de uma imagem manipulada que provoca o traversal de links simbólicos quando os comandos “umoci unpack” ou “umoci raw unpack” são executados. Isso se deve a uma validação inadequada de entradas no umoci. A vulnerabilidade pode ser explorada criando-se uma camada maliciosa com um link simbólico, o que pode induzir o umoci a modificar arquivos do host. Isso afeta tanto o comando “umoci unpack” quanto o “umoci raw unpack”. Recomendações: Para versões anteriores à 0.4.7, atualize para a versão 0.4.7 ou posterior para resolver o problema. Como solução temporária, considere executar o umoci sob um perfil LSM, como AppArmor ou SELinux, para restringir o nível de acesso que ele tem fora dos diretórios de imagens de contêiner. Se estiver usando o umoci como um usuário sem privilégios com o sinalizador --rootless, o umoci não poderá sobrescrever nenhum arquivo ao qual o usuário não tenha acesso, o que pode servir como uma medida de mitigação.

**Nome do software vulnerável e versões afetadas** Moodle (versões afetadas não especificadas) **Descrição** Foi identificado um risco de execução remota de código no plugin de autenticação Shibboleth do Moodle. O problema está relacionado a um gerenciamento incorreto da geração de código. Um invasor pode explorar essa vulnerabilidade enviando uma solicitação especialmente criada, o que lhe permite executar código arbitrário remotamente. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 8.3.0 through 8.7.26 TYPO3 versions 9.0.0 through 9.5.7 **Description** The issue allows for cross-site scripting (XSS), which is a type of attack where an attacker can inject malicious scripts into a website, potentially leading to unauthorized access or control. **Recommendations** For TYPO3 versions 8.3.0 through 8.7.26, update to a version outside of this range to mitigate the risk. For TYPO3 versions 9.0.0 through 9.5.7, update to a version outside of this range to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 8.x through 8.7.26 TYPO3 versions 9.x through 9.5.7 **Description** The issue allows Deserialization of Untrusted Data. **Recommendations** For versions 8.x through 8.7.26, update to a version outside of this range to resolve the issue. For versions 9.x through 9.5.7, update to a version outside of this range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.21 **Description** The issue is related to a parsing flaw in the Private Message / Post renderer, specifically a nested video MyCode issue, which can lead to persistent XSS. This allows an attacker to potentially take over any forum account. **Recommendations** For versions prior to 1.8.21, update to version 1.8.21 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.21 **Description** The issue allows an attacker to create a PHP shell in the cache directory of a targeted forum via a crafted XML import. This is achieved by exploiting a default behavior of MySQL on many systems, where strings that are too long for a database column are truncated. For example, a string like `aaaaaaaaaaaaaaaaaaaaaa.php.css` can be truncated to `aaaaaaaaaaaaaaaaaaaaaa.php` due to a 30-character limit, leading to remote code execution. **Recommendations** For MyBB versions prior to 1.8.21, update to version 1.8.21 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LimeSurvey versions prior to 2.72.4 **Description** The issue concerns a Stored XSS that can be triggered by utilizing the Continue Later feature to input an email address. This email address is then mishandled within the admin panel, leading to potential exploitation. **Recommendations** For versions prior to 2.72.4, update to version 2.72.4 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 1.7.2.5 Description: The issue allows an attack in the orders section of PrestaShop after gaining access with a user role of at least a Salesman or higher privileges. The attacker can inject arbitrary PHP objects and abuse an object chain to gain Remote Code Execution. This occurs because protection against serialized objects looks for a `0:` followed by an integer, but does not consider `0:+` followed by an integer. Recommendations: For PrestaShop versions prior to 1.7.2.5, update to version 1.7.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the orders section to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpBB versions prior to 3.2.4 **Description** The issue allows for Remote Code Execution through Object Injection by utilizing Phar deserialization. This can be achieved by passing an absolute path to a file exists check. The exploitation of this issue requires access to the Admin Control Panel with founder permissions. **Recommendations** For versions prior to 3.2.4, update to version 3.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Admin Control Panel to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 3.x **Description** An issue was discovered that allows a Teacher creating a Calculated question to intentionally cause remote code execution on the server through eval injection. **Recommendations** For Moodle versions 3.x, update to a version that includes a fix for this issue to prevent remote code execution.

**Name of the Vulnerable Software and Affected Versions** Roundcube versions prior to 1.1.7 Roundcube versions 1.2.x prior to 1.2.3 **Description** The issue allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message. This is due to the improper restriction of custom envelope-from addresses on the sendmail command line when no SMTP server is configured and the sendmail program is enabled. **Recommendations** For Roundcube versions prior to 1.1.7, update to version 1.1.7 or later. For Roundcube versions 1.2.x prior to 1.2.3, update to version 1.2.3 or later.