Russ Mcree

**Name of the Vulnerable Software and Affected Versions** InterSect Alliance Snare Agent versions 3.2.3 and earlier on Solaris InterSect Alliance Snare Agent versions 3.1.7 and earlier on Windows InterSect Alliance Snare Agent versions 1.5.0 and earlier on Linux and AIX InterSect Alliance Snare Agent versions 1.4 and earlier on IRIX InterSect Alliance Snare Epilog versions 1.5.3 and earlier on Windows InterSect Alliance Snare Epilog versions 1.2 and earlier on UNIX **Description** The issue affects the web management interface, allowing remote attackers to hijack the authentication of administrators. This can be done through requests that change the password or change the listening port. **Recommendations** For InterSect Alliance Snare Agent versions 3.2.3 and earlier on Solaris, consider disabling the web management interface until a patch is available. For InterSect Alliance Snare Agent versions 3.1.7 and earlier on Windows, restrict access to the web management interface to minimize the risk of exploitation. For InterSect Alliance Snare Agent versions 1.5.0 and earlier on Linux and AIX, avoid using the web management interface for sensitive operations until the issue is resolved. For InterSect Alliance Snare Agent versions 1.4 and earlier on IRIX, consider implementing additional authentication measures to prevent hijacking. For InterSect Alliance Snare Epilog versions 1.5.3 and earlier on Windows, disable the web management interface as a temporary workaround. For InterSect Alliance Snare Epilog versions 1.2 and earlier on UNIX, restrict access to the web management interface to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: American Power Conversion (APC) Switched Rack PDU devices (affected versions not specified) Description: The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) of affected devices. These vulnerabilities allow remote attackers to hijack the authentication of administrator or device users for requests, potentially creating new administrative users or having other unspecified impacts. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tendenci CMS (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the search.asp file of Tendenci CMS. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via several parameters, including `category`, `searchtext`, `jobcategoryid`, and `contactcompany`. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.