Ashutosh Barot

**Name of the Vulnerable Software and Affected Versions** Rapid7 InsightVM (affected versions not specified) **Description** The issue arises from insufficient session expiration when an administrator makes a security-relevant edit to an existing, logged-on user. For instance, if a user's password is changed by an administrator due to a credential leak, the user account's current session remains valid after the password change. This could allow an attacker who initially compromised the credential to stay logged in and cause further damage. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rapid7 InsightVM (affected versions not specified) **Description** The issue allows an attacker to expose information by utilizing the Inspect Element browser feature when a user's session has ended due to inactivity. This enables the attacker to remove the login panel and view the details available in the last webpage visited by the previous user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rapid7 Nexpose versions prior to 6.6.114 **Description** The issue allows an attacker to expose information when a user's session has ended due to inactivity. By using the inspect element browser feature, an attacker can remove the login panel and view the details available in the last webpage visited by the previous user. **Recommendations** For versions prior to 6.6.114, update to version 6.6.114 or later to resolve the issue. As a temporary workaround, consider implementing a shorter session timeout to minimize the window of opportunity for an attacker to exploit the issue. Additionally, restrict access to the inspect element browser feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Quick Heal Total Security versions prior to 19.0 **Description** The issue concerns the transmission of quarantine and sysinfo files via clear text. This means that sensitive information could be intercepted and read by unauthorized parties. **Recommendations** For versions prior to 19.0, update to version 19.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the quarantine and sysinfo files until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Quick Heal Total Security versions prior to 19.0 **Description** The issue allows attackers with local admin rights to modify sensitive anti-virus settings via a brute-force attack on the settings password. This can be exploited by attackers to compromise the security of the system. **Recommendations** For versions prior to 19.0, update to version 19.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings password to prevent brute-force attacks until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Quick Heal Total Security versions prior to 19.0 **Description** The issue allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the `password`. This can be exploited by attackers to gain unauthorized access to sensitive files. **Recommendations** For versions prior to 19.0, update to version 19.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the File Vault or implementing additional security measures to prevent brute-force attacks on the `password`.

**Name of the Vulnerable Software and Affected Versions** NiceHash Miner versions prior to 2.0.3.0 **Description** A missing rate limit in the process of adding a wallet via email address allows remote attackers to submit a large number of email addresses, potentially identifying valid ones. This issue can be exploited in conjunction with a username enumeration technique to enumerate a large number of valid users' email addresses. **Recommendations** For versions prior to 2.0.3.0, update to version 2.0.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the wallet addition feature via email address to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NiceHash Miner versions prior to 2.0.3.0 **Description** A Username Enumeration via Error Message issue was discovered because an "EMAIL DOES NOT EXIST" error message occurs whenever a submitted email address is incorrect, but there is a different error message for invalid credentials with a correct email address. **Recommendations** For versions prior to 2.0.3.0, update to version 2.0.3.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NiceHash Miner versions prior to 2.0.3.0 **Description** An issue allows an adversary to gain access to a miner's information, including recent payments, unclaimed balance, old balance, projected payout, and mining statistics such as profitability and efficiency, by exploiting missing authorization. A valid email address is required to retrieve this information. **Recommendations** For versions prior to 2.0.3.0, update to version 2.0.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until the update is applied.

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions 4.7.x prior to 4.7.6.1/4.7.7 **Description** The issue allows an attacker to perform harmful database operations by deceiving a user into clicking on a crafted URL, potentially leading to actions such as deleting records or dropping/truncating tables. **Recommendations** For phpMyAdmin versions 4.7.x prior to 4.7.6.1/4.7.7, update to version 4.7.6.1 or 4.7.7, or later, to resolve the issue. As a temporary workaround, consider restricting access to sensitive database operations until the update can be applied.