Adhkr

**Name of the Vulnerable Software and Affected Versions** Vitogate 300 (affected versions not specified) **Description** An OS command injection issue exists in the Vitogate 300. A malicious user can exploit this to compromise affected installations. The issue is present in the `/cgi-bin/vitogate.cgi` API endpoint when the `form` JSON parameter is set to `form-0-2`. The vulnerability occurs because input is not properly sanitized before being used in a format string passed to the `popen()` function at offset 0x21c24. This allows an authenticated attacker to inject arbitrary OS commands and achieve code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CData API Server (affected versions not specified) **Description** CData API Server installations are susceptible to information disclosure. Remote attackers who have authentication can exploit this issue. The flaw resides in the configuration of MySQL connections, where the product allows the MySQL server to request local files from the MySQL client. This can lead to the disclosure of sensitive information within the context of NETWORK SERVICE. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.