Ahmed Sherif

**Name of the Vulnerable Software and Affected Versions** MobaXterm version 24.2 **Description** An issue in MobaXterm allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI, which spawns an Administrative cmd (conhost.exe). This enables the attacker to run any code they want. **Recommendations** For MobaXterm version 24.2, as a temporary workaround, consider disabling the remove function of the MobaXterm MSI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Accela Civic Platform Citizen Access portal (affected versions not specified) **Description** The issue allows remote authenticated users to execute arbitrary code by modifying the ` EventArgument` and `filename` parameters. This is possible because the Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.