Root

**Name of the Vulnerable Software and Affected Versions** Ofcms version 1.1.4 **Description** An issue in Ofcms allows a remote attacker to escalate privileges via the `respwd` method in `SysUserController`. **Recommendations** For Ofcms version 1.1.4, consider disabling the `respwd` method in `SysUserController` as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPCMS (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Guestbook module. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the `list` and `introduce` parameters to `index.php` are vulnerable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Symantec pcAnywhere version 12.5 **Description** The issue allows local users to gain privileges by inserting a superuser .cif file into the "SymantecpcAnywhereHosts" folder, and then using a pcAnywhere client to login as a local administrator. This is due to weak default permissions for the folder. **Recommendations** For Symantec pcAnywhere version 12.5, consider changing the default permissions of the "SymantecpcAnywhereHosts" folder to prevent local users from inserting malicious .cif files. As a temporary workaround, restrict access to the folder and monitor for any suspicious activity.

**Name of the Vulnerable Software and Affected Versions** Symantec pcAnywhere version 12.5 **Description** The issue allows local users to obtain passwords from a window using certain tools, such as Nirsoft Asterwin, because the passwords are not encrypted in the associated .cif file, despite being obfuscated with asterisks in a GUI textbox. **Recommendations** For Symantec pcAnywhere version 12.5, consider restricting access to the .cif file to minimize the risk of password exposure until a proper fix is available. As a temporary workaround, avoid storing sensitive passwords in the GUI textbox.

**Name of the Vulnerable Software and Affected Versions** Symantec pcAnywhere version 12.5 **Description** The issue concerns weak integrity protection for .cif files, which allows local users to generate a custom .cif file and modify the superuser flag. **Recommendations** For Symantec pcAnywhere version 12.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.