0Xnayel

**Name of the Vulnerable Software and Affected Versions** Prasathmani TinyFileManager versions prior to 2.7 **Description** A path traversal issue exists in the POST Parameter Handler component within the '/filemanager.php' file. Remote attackers can manipulate the `file[]` argument to access files and directories outside the intended folder. **Recommendations** Update to a version newer than 2.6. As a temporary workaround, restrict access to the '/filemanager.php' file or avoid using the `file[]` parameter until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** prasathmani TinyFileManager versions prior to 2.7 **Description** An issue in the File Upload Handler component allows for server-side request forgery, a flaw where an attacker can induce the server to make requests to an unintended location. This occurs through the manipulation of the `uploadurl` argument within the '/filemanager.php?p= ajax=true&type=upload' endpoint. The attack can be initiated remotely. **Recommendations** Update to a version newer than 2.6. As a temporary workaround, restrict access to the '/filemanager.php?p= ajax=true&type=upload' endpoint or avoid using the `uploadurl` parameter until a patch is applied.

Name of the Vulnerable Software and Affected Versions provectus kafka-ui versions up to 0.7.2 Description A code injection issue exists in the `validateAccess` function within the Endpoint component, specifically in the file `/api/smartfilters/testexecutions`. This can be triggered remotely. The exploit is publicly available. Recommendations Update to a version newer than 0.7.2.

**Name of the Vulnerable Software and Affected Versions** projectsend versions prior to r1946 **Description** A flaw exists in projectsend up to revision r1945. This impacts an unknown function within the `includes/Classes/Auth.php` file. Manipulating the `ldap email` argument can cause an observable discrepancy in the response. The attack can be executed remotely and is associated with a high level of complexity. The exploit has been published. The vendor was contacted regarding this issue but did not respond. **Recommendations** Update projectsend to version r1946 or later.

**Name of the Vulnerable Software and Affected Versions** projectsend versions prior to r1945 **Description** A flaw exists in projectsend that allows for path traversal. This issue affects the `realpath` function within the `/import-orphans.php` file of the Delete Handler component. Manipulating the `files[]` argument can lead to unauthorized access. Remote exploitation is possible, and an exploit is publicly available. The vendor was notified but did not respond. **Recommendations** Update projectsend to a version later than r1945. As a temporary workaround, restrict access to the `/import-orphans.php` file.

**Name of the Vulnerable Software and Affected Versions** SiYuan versions prior to 3.5.4 **Description** SiYuan is a personal knowledge management system with a stored Cross-Site Scripting (XSS) issue. An attacker can inject arbitrary HTML attributes into the `icon` attribute of a block through the `/api/attr/setBlockAttrs` API endpoint. The payload is rendered unsanitized in the dynamic icon feature, leading to stored XSS and potentially remote code execution (RCE) in the desktop environment. This bypasses a previous fix for issue #15970. The vulnerable parameter is `icon`. **Recommendations** Update to version 3.5.4 or later.

**Name of the Vulnerable Software and Affected Versions** pankajindevops scale (affected versions not specified) **Description** A vulnerability was found in pankajindevops scale, allowing for cross-site scripting. The manipulation of the `goal` argument leads to this issue. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product uses continuous delivery with rolling releases, and therefore, no version details of affected nor updated releases are available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.