Tien Phan

Name of the Vulnerable Software and Affected Versions: WRC-2533GST2 (affected versions not specified) WRC-1167GST2 (affected versions not specified) Description: The issue is related to the unrestricted upload of files with dangerous types. If a specially crafted file is uploaded by a remote authenticated attacker, arbitrary code may be executed on the product. Recommendations: For WRC-2533GST2, restrict access to file upload functionality to minimize the risk of exploitation. For WRC-1167GST2, consider disabling file upload functionality until a fix is available. As a temporary workaround, consider validating and sanitizing all uploaded files to prevent the execution of arbitrary code.

**Nome do Software Vulnerável e Versões Afetadas** Nenhum software ou versão específica é mencionado nas descrições fornecidas. **Descrição** Um atacante autenticado pode utilizar esta falha para realizar um escalonamento de privilégios e obter acesso root. Isso permite que o atacante eleve seus privilégios e acesse áreas sensíveis do sistema. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta falha.

**Name of the Vulnerable Software and Affected Versions** MISP versions prior to 2.4.69 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via cross-site scripting in certain view elements. This affects the index filter tool in the file app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp. **Recommendations** For versions prior to 2.4.69, update to version 2.4.69 or later to resolve the issue. As a temporary workaround, consider restricting access to the index filter tool and the organisation landing page until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Microsoft Skype (affected versions not specified) **Description** The issue concerns multiple untrusted search path vulnerabilities in Microsoft Skype, allowing local users to execute arbitrary code and conduct DLL hijacking attacks. This can be achieved via a Trojan horse that utilizes certain DLL files, specifically `msi.dll`, `dpapi.dll`, or `cryptui.dll`, located in the current working directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.