Benjamin K.M

**Name of the Vulnerable Software and Affected Versions** TELESTAR Bobs Rock Radio version (affected versions not specified) Dabman D10 version (affected versions not specified) Dabman i30 Stereo version (affected versions not specified) Imperial i110 version (affected versions not specified) Imperial i150 version (affected versions not specified) Imperial i200 version (affected versions not specified) Imperial i200-cd version (affected versions not specified) Imperial i400 version (affected versions not specified) Imperial i450 version (affected versions not specified) Imperial i500-bt version (affected versions not specified) Imperial i600 TN81HH96-g102h-g102 version (affected versions not specified) **Description** The issue is related to insufficient access control for various commands. The affected commands include `/set dname`, `/mylogo`, `/LocalPlay`, `/irdevice.xml`, `/Sendkey`, `/setvol`, `/hotkeylist`, `/init`, `/playlogo.jpg`, `/stop`, `/exit`, `/back`, and `/playinfo`. **Recommendations** For TELESTAR Bobs Rock Radio, restrict access to the `/set dname`, `/mylogo`, `/LocalPlay`, `/irdevice.xml`, `/Sendkey`, `/setvol`, `/hotkeylist`, `/init`, `/playlogo.jpg`, `/stop`, `/exit`, `/back`, and `/playinfo` commands until a fix is available. For Dabman D10, restrict access to the `/set dname`, `/mylogo`, `/LocalPlay`, `/irdevice.xml`, `/Sendkey`, `/setvol`, `/hotkeylist`, `/init`, `/playlogo.jpg`, `/stop`, `/exit`, `/back`, and `/playinfo` commands until a fix is available. For Dabman i30 Stereo, restrict access to the `/set dname`, `/mylogo`, `/LocalPlay`, `/irdevice.xml`, `/Sendkey`, `/setvol`, `/hotkeylist`, `/init`, `/playlogo.jpg`, `/stop`, `/exit`, `/back`, and `/playinfo` commands until a fix is available. For Imperial i110, restrict access to the `/set dname`, `/mylogo`, `/LocalPlay`, `/irdevice.xml`, `/Sendkey`, `/setvol`, `/hotkeylist`, `/init`, `/playlogo.jpg`, `/stop`, `/exit`, `/back`, and `/playinfo` commands until a fix is available. For Imperial i150, restrict access to the `/set dname`, `/mylogo`, `/LocalPlay`, `/irdevice.xml`, `/Sendkey`, `/setvol`, `/hotkeylist`, `/init`, `/playlogo.jpg`, `/stop`, `/exit`, `/back`, and `/playinfo` commands until a fix is available. For Imperial i200, restrict access to the `/set dname`, `/mylogo`, `/LocalPlay`, `/irdevice.xml`, `/Sendkey`, `/setvol`, `/hotkeylist`, `/init`, `/playlogo.jpg`, `/stop`, `/exit`, `/back`, and `/playinfo` commands until a fix is available. For Imperial i200-cd, restrict access to the `/set dname`, `/mylogo`, `/LocalPlay`, `/irdevice.xml`, `/Sendkey`, `/setvol`, `/hotkeylist`, `/init`, `/playlogo.jpg`, `/stop`, `/exit`, `/back`, and `/playinfo` commands until a fix is available. For Imperial i400, restrict access to the `/set dname`, `/mylogo`, `/LocalPlay`, `/irdevice.xml`, `/Sendkey`, `/setvol`, `/hotkeylist`, `/init`, `/playlogo.jpg`, `/stop`, `/exit`, `/back`, and `/playinfo` commands until a fix is available. For Imperial i450, restrict access to the `/set dname`, `/mylogo`, `/LocalPlay`, `/irdevice.xml`, `/Sendkey`, `/setvol`, `/hotkeylist`, `/init`, `/playlogo.jpg`, `/stop`, `/exit`, `/back`, and `/playinfo` commands until a fix is available. For Imperial i500-bt, restrict access to the `/set dname`, `/mylogo`, `/LocalPlay`, `/irdevice.xml`, `/Sendkey`, `/setvol`, `/hotkeylist`, `/init`, `/playlogo.jpg`, `/stop`, `/exit`, `/back`, and `/playinfo` commands until a fix is available. For Imperial i600 TN81HH96-g102h-g102, restrict access to the `/set dname`, `/mylogo`, `/LocalPlay`, `/irdevice.xml`, `/Sendkey`, `/setvol`, `/hotkeylist`, `/init`, `/playlogo.jpg`, `/stop`, `/exit`, `/back`, and `/playinfo` commands until a fix is available.

**Name of the Vulnerable Software and Affected Versions** TELESTAR Bobs Rock Radio version (affected versions not specified) Dabman D10 version (affected versions not specified) Dabman i30 Stereo version (affected versions not specified) Imperial i110 version (affected versions not specified) Imperial i150 version (affected versions not specified) Imperial i200 version (affected versions not specified) Imperial i200-cd version (affected versions not specified) Imperial i400 version (affected versions not specified) Imperial i450 version (affected versions not specified) Imperial i500-bt version (affected versions not specified) Imperial i600 TN81HH96-g102h-g102 version (affected versions not specified) **Description** The issue is related to an undocumented TELNET service within the BusyBox subsystem, which can lead to root access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Barracuda Message Archiver version 2018 **Description** The issue concerns an XSS vulnerability in the error msg exception-handling value for the `ldap user` parameter to the `cgi-mod/ldap load entry.cgi` module. The injection point of the issue is the Add Update module. **Recommendations** For Barracuda Message Archiver version 2018, consider restricting access to the `cgi-mod/ldap load entry.cgi` module until a fix is available, and avoid using the `ldap user` parameter in this module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PhotoRange Photo Vault version 1.2 **Description** The issue allows remote attackers to bypass intended GET restrictions via a brute-force approach. This is because the password is appended to the URI for authorization. For example, attackers can use "GET /login.html passwd1" and "GET /login.html passwd2" and so on to bypass restrictions. **Recommendations** For PhotoRange Photo Vault version 1.2, consider modifying the authorization mechanism to prevent passwords from being appended to the URI, thereby preventing brute-force attacks. As a temporary workaround, restrict access to the login endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Advanced Electron Forum version 1.0.9 **Description** A persistent XSS issue is located in the `FTP Link` element of the `Private Message` module. The editor of the private message module allows inserting links without sanitizing the content, enabling remote attackers to inject malicious script code payloads as a private message. The injection point is the editor `FTP Link` element and the execution point occurs in the message body context on arrival. The request method to inject is POST with restricted user privileges. **Recommendations** For Advanced Electron Forum version 1.0.9, consider disabling the `FTP Link` element in the `Private Message` module until a patch is available to prevent the injection of malicious script code payloads. Restrict access to the private message module to minimize the risk of exploitation. Avoid using the `FTP Link` element in the private message editor until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Weblication CMS Core & Grid version 12.6.24 **Description** A cross-site scripting (XSS) issue was found in the Weblication CMS Core & Grid. The vulnerability is located in the `wFilemanager.php` and `index.php` files of the `/grid5/scripts/` modules. The injection point is the Project `Title`, and the execution point is the `Inhaltsprojekte` output listing section. Remote attackers with privileged user accounts can inject malicious script code to compromise user session credentials or manipulate the web-application module output context. The injection is done through the POST request method. **Recommendations** For Weblication CMS Core & Grid version 12.6.24, consider disabling the `wFilemanager.php` and `index.php` files in the `/grid5/scripts/` modules as a temporary workaround until a patch is available. Restrict access to the `Inhaltsprojekte` output listing section to minimize the risk of exploitation. Avoid using the `Title` field in the Project section until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions through v0.9.8.12 Description: The issue concerns an XSS vulnerability. It can be exploited via the `id` parameter to the `phpini editor` module or the `email address` parameter to the `mail add-new` module in the `index.php` file. Recommendations: For versions through v0.9.8.12, avoid using the `id` parameter in the `phpini editor` module and the `email address` parameter in the `mail add-new` module until a fix is available. As a temporary workaround, consider restricting access to these modules to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kentico versions 9.0 through 11.0 **Description** The issue is related to a stack-based buffer overflow that can occur via the `SqlName`, `SqlPswd`, `Database`, `UserName`, or `Password` field in a SilentInstall XML document. However, the vendor disputes this issue, stating that neither a buffer overflow nor a crash can be reproduced, and that reading XML documents is implemented exclusively with managed code within the Microsoft .NET Framework. **Recommendations** For Kentico versions 9.0 through 11.0, consider restricting access to the SilentInstall XML document to minimize the risk of exploitation, as a temporary workaround, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices **Description** The issue is related to a Cross-Site Scripting (XSS) problem. It affects the CFS Custom Category and Cloud AV DB Exclusion Settings screens. **Recommendations** For SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices, consider disabling access to the CFS Custom Category and Cloud AV DB Exclusion Settings screens until a fix is available. Restrict user input in these areas to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices **Description** The issue is related to a Cross-Site Scripting (XSS) vulnerability, which occurs via the Configure SSO screens. This allows for potential malicious script execution. **Recommendations** For SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices, consider disabling access to the Configure SSO screens as a temporary workaround until a fix is available. Restricting user input in these screens can also help minimize the risk of exploitation.