Balazs Hambalko

**Name of the Vulnerable Software and Affected Versions** Files.com Fat Client version 3.3.6 **Description** The issue allows authentication bypass because the client continues to have access after a logout and a removal of a login profile. **Recommendations** For Files.com Fat Client version 3.3.6, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gigamon GigaVUE version 5.5.01.11 **Description** An issue was discovered in the upload functionality, allowing an authenticated user to change the filename value in the POST method to achieve directory traversal via a ../ sequence. This could potentially allow an attacker to obtain a complete directory listing of the machine. **Recommendations** For Gigamon GigaVUE version 5.5.01.11, consider restricting access to the upload functionality until a patch is available. As a temporary workaround, avoid using the filename value in the POST method to prevent directory traversal attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gigamon GigaVUE version 5.5.01.11 **Description** An issue was discovered in the upload functionality, allowing an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory, it could yield remote code execution via the `filename` parameter. **Recommendations** For Gigamon GigaVUE version 5.5.01.11, consider restricting access to the upload functionality to prevent arbitrary file uploads until a patch is available. As a temporary workaround, avoid using the `filename` parameter in the upload functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.