Blue0X1

**Name of the Vulnerable Software and Affected Versions** Deskflow versions prior to 1.20.0 Deskflow versions prior to 1.26.0.134 **Description** The Deskflow daemon runs with SYSTEM privileges and exposes an Inter-Process Communication (IPC) named pipe with the `WorldAccessOption` enabled. This configuration allows any local unprivileged user to execute arbitrary commands as SYSTEM because the daemon processes privileged commands without authentication. **Recommendations** Update to a version later than 1.20.0. Update to a version later than 1.26.0.134.

**Name of the Vulnerable Software and Affected Versions** GuppY CMS version 6.00.10 **Description** The issue allows remote attackers to execute arbitrary code by uploading a php file, due to an Unrestricted File Upload. **Recommendations** For GuppY CMS version 6.00.10, update to a version that fixes the Unrestricted File Upload issue to prevent remote attackers from executing arbitrary code.