Benjamin Kunz Mejri

**Name of the Vulnerable Software and Affected Versions** Anvsoft PDFMate PDF Converter Pro version 1.7.5.0 **Description** A critical issue has been found, leading to memory corruption. The attack can be launched remotely. **Recommendations** For Anvsoft PDFMate PDF Converter Pro version 1.7.5.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Air Transfer versions 1.0.14 through 1.2.1 **Description** A problematic issue has been found, affecting some unknown functionality, which leads to basic cross site scripting. The attack can be launched remotely. **Recommendations** For Air Transfer versions 1.0.14 through 1.2.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 7.5 SP2 **Description** The issue is related to multiple cross-site scripting (XSS) vulnerabilities in the media main.php component. These vulnerabilities can be exploited via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor`, and `CKEditorFuncNum` parameters. The vulnerability is associated with a lack of protection for the web page structure, allowing a remote attacker to conduct XSS attacks. **Recommendations** For DedeCMS version 7.5 SP2, consider disabling the media main.php component or restricting access to the vulnerable parameters `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor`, and `CKEditorFuncNum` until a patch is available. Additionally, avoid using the `CKEditor` and `CKEditorFuncNum` parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SugarCRM version 6.5.18 Description: The issue allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the `primary address state` or `alternate address state` input fields in the Support module. This enables the execution of malicious code on the victim's browser. Recommendations: For SugarCRM version 6.5.18, update to a version that includes a fix for this issue, as the current version allows for the execution of arbitrary web scripts or HTML via crafted payloads. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Download Manager version 6.37.11.1 **Description** The issue is related to a stack buffer overflow in the Export/Import function, allowing attackers to escalate local process privileges via a crafted ef2 file. **Recommendations** For Internet Download Manager version 6.37.11.1, consider disabling the Export/Import function as a temporary workaround until a patch is available. Restrict access to the ef2 file type to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sky File version 2.1.0 **Description** The issue allows attackers to access sensitive data and files via 'null' path commands due to a directory traversal vulnerability in the FTP server. **Recommendations** For Sky File version 2.1.0, consider restricting access to the FTP server until a patch is available. As a temporary workaround, avoid using 'null' path commands to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nong Ge File Explorer version 1.4 **Description** The issue is related to the authentication mechanism, allowing unauthenticated access to sensitive data. **Recommendations** For Nong Ge File Explorer version 1.4, update to a newer version that contains a fix for this issue, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SeedDMS Content Management System version 6.0.7 **Description** The issue is a persistent cross-site scripting (XSS) vulnerability. It is located in the AddEvent.php component and can be exploited via the `name` and `comment` parameters. **Recommendations** For SeedDMS Content Management System version 6.0.7, as a temporary workaround, consider restricting input for the `name` and `comment` parameters in the AddEvent.php component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Fork CMS Content Management System version 5.8.0 **Description** A cross-site scripting (XSS) issue was found in the `Displayname` field when using the `Add`, `Edit`, or `Register` functions. This allows attackers to execute arbitrary web scripts or HTML. **Recommendations** For Fork CMS Content Management System version 5.8.0, consider disabling the `Displayname` field in the `Add`, `Edit`, or `Register` functions until a patch is available. Restrict access to these functions to minimize the risk of exploitation. Avoid using the `Displayname` field in these functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: DedeCMS version 7.5 SP2 Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities found in the sys admin user edit.php component. These vulnerabilities can be exploited via the `filename`, `mid`, `userid`, and `templet` parameters. Recommendations: For DedeCMS version 7.5 SP2, consider disabling the sys admin user edit.php component or restricting access to it until a patch is available. Avoid using the `filename`, `mid`, `userid`, and `templet` parameters in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Internet Download Manager version 6.37.11.1 Description: A stack buffer overflow was discovered in the Search function, allowing attackers to escalate local process privileges. Recommendations: For Internet Download Manager version 6.37.11.1, consider disabling the Search function as a temporary workaround until a patch is available.

Name of the Vulnerable Software and Affected Versions: TAO Open Source Assessment Platform version 3.3.0 RC02 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the `rubric name` value, exploiting a cross-site scripting (XSS) vulnerability in the `content` parameter of the Rubric Block (Add) module. Recommendations: For TAO Open Source Assessment Platform version 3.3.0 RC02, consider disabling the Rubric Block (Add) module until a patch is available to prevent exploitation of the XSS vulnerability in the `content` parameter. Avoid using the `rubric name` value in the affected module to minimize the risk of arbitrary web script execution.

**Name of the Vulnerable Software and Affected Versions** Portable Ltd Playable version 9.18 **Description** The issue allows attackers to execute arbitrary web scripts or HTML via a crafted POST request, exploiting a code injection vulnerability in the `filename` parameter. **Recommendations** For Portable Ltd Playable version 9.18, consider restricting access to the vulnerable `filename` parameter to minimize the risk of exploitation until a patch is available. Avoid using the `filename` parameter in affected API endpoints until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: DedeCMS version 7.5 SP2 Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities found in the file manage view.php component. These vulnerabilities can be exploited via the `filename`, `mid`, `userid`, and `templet` parameters. Recommendations: For DedeCMS version 7.5 SP2, consider restricting access to the file manage view.php component until a patch is available. As a temporary workaround, avoid using the `filename`, `mid`, `userid`, and `templet` parameters in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Draytek VigorAP 1000C (affected versions not specified) **Description** The issue is related to a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the `username` input field. The vulnerability is associated with a lack of protection for the web page structure, which can be exploited by a remote attacker to conduct an XSS attack. **Recommendations** As a temporary workaround, consider disabling the RADIUS Setting - RADIUS Server Configuration module until a patch is available. Restrict access to the RADIUS Server Configuration to minimize the risk of exploitation. Avoid using the `username` input field in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DONG JOO CHO File Transfer iFamily version 2.1 **Description** The issue allows directory traversal related to the ./etc/ path. This means an attacker could potentially access files or directories outside the intended directory structure by manipulating the path. **Recommendations** For DONG JOO CHO File Transfer iFamily version 2.1, consider restricting access to sensitive directories and files to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the ability to traverse directories using the ./etc/ path.

**Name of the Vulnerable Software and Affected Versions** FortiGate FortiDB versions prior to 4.4.2 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in Java number format exception handling. Remote attackers can inject arbitrary web script or HTML via the `conversationContext` parameter to various API endpoints, including "admin/auditTrail.jsf", "mapolicymgmt/targetsMonitorView.jsf", "vascan/globalsummary.jsf", "vaerrorlog/vaErrorLog.jsf", "database/listTargetGroups.jsf", "sysconfig/listSystemInfo.jsf", "vascan/list.jsf", "network/router.jsf", "mapolicymgmt/editPolicyProfile.jsf", or "mapolicymgmt/maPolicyMasterList.jsf". **Recommendations** For FortiGate FortiDB versions prior to 4.4.2, update to version 4.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable API endpoints until a patch is applied. Avoid using the `conversationContext` parameter in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FortiWeb versions prior to 4.4.4 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `redir` or `mkey` parameter to "waf/pcre expression/validate". **Recommendations** For versions prior to 4.4.4, update to version 4.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the "waf/pcre expression/validate" endpoint to minimize the risk of exploitation. Avoid using the `redir` and `mkey` parameters in the affected endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: SonicWall Global Management System (GMS) version 8.1 Description: The issue concerns an XSS vulnerability. It is exploited via the `newName` and `Name` values of the "/sgms/TreeControl" module. Recommendations: For SonicWall Global Management System (GMS) version 8.1, consider restricting access to the `/sgms/TreeControl` module until a patch is available. As a temporary workaround, avoid using the `newName` and `Name` values in the affected module to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Icy Phoenix version 2.2.0.105 Description: The issue allows SQL injection via an unapprove request to "admin kb art.php" or the `order` parameter to "admin jr admin.php", related to "functions kb.php". Recommendations: For Icy Phoenix version 2.2.0.105, consider restricting access to the "admin kb art.php" and "admin jr admin.php" files until a patch is available, and avoid using the `order` parameter in the "admin jr admin.php" endpoint to minimize the risk of exploitation.