Anna Katarina Quinn

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. **Description** An unauthenticated HTTP GET request to the "/client.php" endpoint will disclose the default administrator user credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. **Description** An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the "/config.php" endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NetFax Server (affected versions not specified) **Description** An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the "/test.php" endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.