Aryan Chehreghani

**Name of the Vulnerable Software and Affected Versions** WordPress Picture Gallery version 1.4.2 **Description** A stored cross-site scripting issue allows authenticated attackers to inject malicious scripts via the 'Edit Content URL' field within the Access Control settings. JavaScript payloads entered into the plugin options are stored in the database and executed when the functionality is triggered, which can lead to credential theft or session hijacking. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HTTPDebuggerPro version 9.11 **Description** The software contains an unquoted service path issue that may allow local attackers to execute arbitrary code with elevated system privileges. The issue stems from an unquoted binary path within the service configuration, potentially enabling attackers to inject malicious executables and gain elevated access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cmder Console Emulator version 1.3.18 **Description** The software is susceptible to a buffer overflow issue. An attacker can leverage this to cause a denial of service by supplying a specially crafted .cmd file. The crafted file contains repeated characters designed to overwhelm the application’s buffer, leading to a crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cyberfox Web Browser version 52.9.1 **Description** The Cyberfox Web Browser version 52.9.1 is subject to a denial of service condition. An attacker can cause the application to crash by providing an excessively large input—specifically, a 9,000,000 byte payload—to the search bar. This input overflows the search bar, leading to an application crash. **Recommendations** Update to a newer version of Cyberfox Web Browser that addresses this issue. As a temporary workaround, limit the amount of data that can be entered into the search bar.

**Name of the Vulnerable Software and Affected Versions** Telegram Desktop version 2.9.2 **Description** Telegram Desktop version 2.9.2 contains a denial of service issue that allows attackers to crash the application. This is achieved by sending an oversized message payload, specifically a 9 million byte buffer, which is pasted into the messaging interface. This action triggers an application crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TeamSpeak version 3.5.6 **Description** TeamSpeak 3.5.6 has a file permissions issue that allows local attackers to replace executable files with malicious binaries. An attacker can replace system executables, such as `ts3client win32.exe`, with custom files, potentially gaining SYSTEM or Administrator-level access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cain & Abel version 4.9.56 **Description** The software contains an unquoted service path, potentially allowing local attackers to execute arbitrary code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions. **Recommendations** Ensure the service path is enclosed in quotes to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DSL-124 ME version 1.00 **Description** An unauthenticated attacker can retrieve router settings by sending a specific POST request. This allows access to a complete backup file containing sensitive network credentials and system configurations. The vulnerable endpoint is a configuration endpoint accepting POST requests. **Recommendations** Apply a configuration change to restrict access to the configuration endpoint.

**Name of the Vulnerable Software and Affected Versions** Sophos Firewall versions prior to v18.5 MR3 (18.5.3) Sophos XG Firewall version 17.0.10 MR-10 **Description** An authentication bypass issue exists in the User Portal and Webadmin components of Sophos Firewall, potentially allowing a remote attacker to execute code. The vulnerability allows bypassing authentication, granting unauthorized access to the firewall management interface. Reports indicate a significant surge in exploitation attempts, with a 435% increase observed recently. The vulnerability has been exploited in attacks involving the Pigmy Goat malware, a Linux rootkit used by Chinese threat actors. This malware leverages the vulnerability (CVE-2022-1040) to gain backdoor access to Sophos XG firewalls. The malware utilizes techniques like `LD PRELOAD` hijacking to intercept and manipulate SSH connections, establishing a command and control channel. The `accept` function within the SSH daemon is targeted for code execution. The vulnerability has also been linked to other threat actors and malware families, including NoodleRAT, AcidRain, and AcidPour. The exploitation involves sending a crafted POST request to the `/userportal/Controller` **API Endpoint** with a specific `json` parameter (`{"x":"test"}`). The vulnerability affects systems running Linux. **Recommendations** Sophos Firewall versions prior to v18.5 MR3 (18.5.3) should be updated to a newer, secure version. Sophos XG Firewall version 17.0.10 MR-10 should be updated to a newer, secure version. As a temporary workaround, consider disabling the User Portal and Webadmin interfaces if they are not essential. Restrict access to the `/userportal/Controller` **API Endpoint** to minimize the risk of exploitation. Monitor network traffic for suspicious activity related to SSH connections and ICMP packets.

**Name of the Vulnerable Software and Affected Versions** SEOWON INTECH SLC-130 and SLR-120S devices (affected versions not specified) **Description** The issue allows for Remote Code Execution via the `ipAddr` parameter to the "system log.cgi" page. This enables an attacker to execute arbitrary code on the affected devices. **Recommendations** For SEOWON INTECH SLC-130 and SLR-120S devices, avoid using the `ipAddr` parameter in the "system log.cgi" page until a fix is available. As a temporary workaround, consider restricting access to the "system log.cgi" page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.