Sinn3R

**Nome do software vulnerável e versões afetadas** Servidores Distinct Intranet versões 3.10 e anteriores **Descrição** A vulnerabilidade permite que invasores remotos leiam ou gravem arquivos arbitrários por meio de um .. (ponto-ponto) nos comandos (1) get ou (2) put. Isso se deve a várias vulnerabilidades de traversal de diretório no servidor TFTP. **Recomendações** Para as versões 3.10 e anteriores do Distinct Intranet Servers, considere restringir o acesso ao servidor TFTP até que uma correção esteja disponível. Como solução temporária, evite usar os comandos get e put com sequências .. (ponto ponto) para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version **Description** The issue exists due to insufficient input validation in the Media Center component of the Windows operating system. This allows a remote attacker to execute arbitrary code with the help of a specially crafted MCL file. **Recommendations** For Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ManageEngine Desktop Central versions prior to 9 build 91093 **Description** The issue is related to the FileUploadServlet class in ManageEngine Desktop Central, which lacks restrictions on file uploads. This can be exploited by a remote, unauthenticated attacker to upload and execute arbitrary files in the context of SYSTEM by injecting a null byte at the end of the ConnectionId parameter value. **Recommendations** For ManageEngine Desktop Central versions prior to 9 build 91093, update to build 91093 or later to resolve the issue. As a temporary workaround, consider restricting access to the FileUploadServlet class until a patch is applied. Avoid using the `ConnectionId` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 Microsoft Office 2003 SP3 Microsoft Office 2007 SP3 Microsoft Office 2010 SP1 and SP2 Microsoft Office Compatibility Pack SP3 Microsoft Lync 2010, 2010 Attendee, 2013, and Basic 2013 **Description** A remote code execution issue exists in the way affected Microsoft components handle specially crafted TIFF files. This could allow remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document. The issue has been exploited in the wild. An attacker who successfully exploits this issue could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full administrative rights. **Recommendations** For Microsoft Windows Vista SP2, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2008 SP2, update to a newer version that contains a fix for this issue. For Microsoft Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2, update to a newer version that contains a fix for this issue. For Microsoft Office Compatibility Pack SP3, update to a newer version that contains a fix for this issue. For Microsoft Lync 2010, 2010 Attendee, 2013, and Basic 2013, update to a newer version that contains a fix for this issue. As a temporary workaround, consider avoiding the use of TIFF files from untrusted sources until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ASUS Net4Switch version 1.0.0020 ipswcom.dll ActiveX component version 1.0.0.1 **Description** The issue is related to a buffer overflow in the CxDbgPrint function within the ipswcom.dll ActiveX component. This allows remote attackers to execute arbitrary code by providing a long parameter to the `Alert` method. **Recommendations** For ASUS Net4Switch version 1.0.0020, consider disabling the `Alert` method in the ipswcom.dll ActiveX component until a patch is available. For ipswcom.dll ActiveX component version 1.0.0.1, restrict access to the CxDbgPrint function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle Fusion Middleware versions 2.0.1.0 through 2.0.1.3 **Description** The issue affects confidentiality, integrity, and availability. It is related to the handling of null bytes in the `evaluation` parameter used in a filename, potentially allowing attackers to create a file with an executable extension and execute arbitrary JSP code via unknown vectors. **Recommendations** For versions 2.0.1.0 through 2.0.1.3, consider restricting access to the `voice-servlet` component until a patch is available. As a temporary workaround, avoid using the `evaluation` parameter in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.