S4Tan

**Name of the Vulnerable Software and Affected Versions** Veeam Backup & Replication versions prior to 8.0 update 3 **Description** The issue allows local users to obtain sensitive information by reading log files with world-readable permissions, where local administrator credentials are stored. This is due to the storage of credentials in log files by VeeamVixProxy. **Recommendations** For versions prior to 8.0 update 3, update to version 8.0 update 3 or later to resolve the issue. As a temporary workaround, consider restricting access to the log files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** vtiger CRM version 5.0.4 **Description** A cross-site scripting (XSS) issue exists in the Activities module, allowing remote attackers to inject arbitrary web script or HTML via the `action` parameter to "phprint.php". **Recommendations** For vtiger CRM version 5.0.4, consider restricting access to the "phprint.php" endpoint or the `action` parameter to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** vtiger CRM version 5.0.4 **Description** The issue concerns the saveForwardAttachments procedure in the Compose Mail functionality, allowing remote authenticated users to execute arbitrary code. This can be achieved by composing an e-mail message with a specifically crafted attachment filename and then making a direct request to a certain pathname under storage/. The vulnerability can be exploited in installations based on certain Apache HTTP Server configurations, and the attachment filename can end in .php, .php., or .php/ on different operating systems. **Recommendations** For vtiger CRM version 5.0.4, consider restricting access to the saveForwardAttachments procedure in the Compose Mail functionality until a patch is available. As a temporary workaround, avoid using the Compose Mail functionality with attachments that have filenames ending in .php, .php., or .php/. Restrict access to the storage/ directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** vtiger CRM version 5.0.4 **Description** The issue allows remote attackers to include and execute arbitrary local files via directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the `module` parameter to "graph.php", or the `module` or `file` parameter to "include/Ajax/CommonAjax.php", which can be reached through various modules such as "modules/Campaigns/CampaignsAjax.php", "modules/SalesOrder/SalesOrderAjax.php", and others. Additionally, remote authenticated users can include and execute arbitrary local files via a .. (dot dot) in the `step` parameter in an Import action to certain modules, including Accounts, Contacts, HelpDesk, Leads, Potentials, Products, or Vendors, reachable through "index.php" and related to "modules/Import/index.php" and multiple "Import.php" files. **Recommendations** For vtiger CRM version 5.0.4, consider disabling the vulnerable `graph.php` and `include/Ajax/CommonAjax.php` files, as well as restricting access to the `step` parameter in Import actions for the affected modules until a patch is available. Restrict access to the vulnerable modules, such as "modules/Campaigns/CampaignsAjax.php", "modules/SalesOrder/SalesOrderAjax.php", and others, to minimize the risk of exploitation. Avoid using the `module` and `file` parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** vtiger CRM version 5.0.4 **Description** A cross-site request forgery issue exists in the RSS module, allowing remote attackers to hijack Admin user authentication for modifying the news feed system. This is achieved via the `rssurl` parameter in a Save action to "index.php". **Recommendations** For vtiger CRM version 5.0.4, consider restricting access to the RSS module until a fix is available, and avoid using the `rssurl` parameter in Save actions to "index.php" to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Collabtive version 0.4.8 Description: The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/. This is related to the showproject action in managefile.php or the Messages feature. Recommendations: For Collabtive version 0.4.8, consider restricting file uploads to only allow non-executable file types and validate the MIME type of uploaded files to prevent exploitation. As a temporary workaround, restrict access to the files/ directory to minimize the risk of code execution.

Name of the Vulnerable Software and Affected Versions: Collabtive version 0.4.8 Description: A cross-site scripting (XSS) issue exists due to improper handling of user input in the project Name field when an administrator performs an editform action. This allows attackers to inject arbitrary web script or HTML. Recommendations: For Collabtive version 0.4.8, consider restricting access to the manageproject.php file until a proper fix is applied, and ensure that all user input is properly sanitized to prevent XSS attacks. As a temporary workaround, avoid using the project Name field in manageproject.php for any sensitive operations.

Name of the Vulnerable Software and Affected Versions: Collabtive version 0.4.8 Description: The issue allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to "admin.php". Recommendations: For Collabtive version 0.4.8, consider restricting access to the "admin.php" endpoint until a patch is available. As a temporary workaround, limit the ability to create new users, especially administrators, to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Collabtive version 0.4.8 Description: The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the authentication of administrators for various requests, including submitting or editing a new project, uploading files to a project, or attaching files to messages. It is noted that these issues can be leveraged with other vulnerabilities to create remote attack vectors that do not require authentication. Recommendations: For Collabtive version 0.4.8, as a temporary workaround, consider implementing strict validation and verification of requests to prevent unauthorized actions, such as submitting or editing projects, uploading files, or attaching files to messages, until a patch is available. Restrict access to sensitive project management and file upload functionalities to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sugar Community Edition versions prior to 5.2f **Description** The issue concerns an unrestricted file upload vulnerability in the Compose Email feature of the Emails module. This allows remote authenticated users to execute arbitrary code by uploading a file with a specific extension, such as .php, and then accessing it via a direct request to a modified filename under the cache/modules/Emails/ directory. **Recommendations** For versions prior to 5.2f, update to version 5.2f or later to resolve the issue. As a temporary workaround, consider restricting access to the cache/modules/Emails/ directory or disabling the file upload feature in the Compose Email functionality until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** WiKID wClient-PHP versions 3.0-2 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `PHP SELF` variable, which can lead to cross-site scripting (XSS) attacks. **Recommendations** For versions 3.0-2 and earlier, update to a version later than 3.0-2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mantis versions prior to 1.1.2 **Description** The issue allows remote authenticated administrators to execute arbitrary code via the `value` parameter in the adm config set.php file. **Recommendations** For versions prior to 1.1.2, update to version 1.1.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mantis versions prior to 1.1.2 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the `filter target` parameter in the return dynamic filters.php file. **Recommendations** For versions prior to 1.1.2, update to version 1.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the return dynamic filters.php file or avoiding the use of the `filter target` parameter until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Cacti versions 0.8.6 through 0.8.6j Cacti versions 0.8.7 through 0.8.7a **Description** A CRLF injection issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors when running on older PHP interpreters. **Recommendations** For Cacti versions 0.8.6 through 0.8.6j, update to version 0.8.6k or later. For Cacti versions 0.8.7 through 0.8.7a, update to version 0.8.7b or later.

**Name of the Vulnerable Software and Affected Versions** Cacti versions 0.8.6 through 0.8.6j Cacti versions 0.8.7 through 0.8.7a **Description** The issue allows remote attackers to obtain the full path via an invalid `local graph id` parameter and other unspecified vectors. **Recommendations** For Cacti versions 0.8.6 through 0.8.6j, update to version 0.8.6k or later. For Cacti versions 0.8.7 through 0.8.7a, update to version 0.8.7b or later.

Name of the Vulnerable Software and Affected Versions: Original Photo Gallery versions 0.11.2 and earlier Description: The issue allows remote attackers to execute arbitrary programs. This is achieved via the `exif prog` parameter, which is used in an `exec` function call. Recommendations: For Original Photo Gallery versions 0.11.2 and earlier, avoid using the `exif prog` parameter in the `exec` function call until a patch is available. As a temporary workaround, consider disabling the `inc/exif.inc.php` file to prevent exploitation.