Agix

**Name of the Vulnerable Software and Affected Versions** Tenable Appliance versions 3.5 through 4.4.0 Tenable Appliance versions prior to 3.5 **Description** The issue is related to a flaw in the simpleupload.py script in the Web UI, which allows a remote attacker to inject arbitrary commands by manipulating the `tns appliance session user` parameter. This can enable the attacker to execute commands remotely. **Recommendations** For Tenable Appliance versions 3.5 through 4.4.0, consider disabling the simpleupload.py script in the Web UI until a patch is available. For Tenable Appliance versions prior to 3.5, restrict access to the Web UI to minimize the risk of exploitation. As a temporary workaround, avoid using the `tns appliance session user` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Magento CE and EE versions prior to 2.0.6 **Description** The issue allows remote attackers to conduct PHP object injection attacks, enabling them to execute arbitrary PHP code. This is achieved by sending crafted serialized shopping cart data. **Recommendations** For versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue.