Bluescat

**Name of the Vulnerable Software and Affected Versions:** Jinher OA version 1.0 **Description:** A problematic issue exists in Jinher OA version 1.0 related to an unknown functionality within the file `/c6/Jhsoft.Web.message/ToolBar/DelTemp.aspx`. This issue allows for XML External Entity (XXE) reference manipulation, potentially enabling remote attacks. The exploit for this issue has been publicly disclosed. **Recommendations:** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DI-500WF version 17.04.10A1T Description: A critical issue affects the `sprintf` function of the `ip position.asp` file in the `jhttpd` component. Manipulation of the `ip` argument leads to a stack-based buffer overflow. This issue can be exploited remotely. An exploit has been publicly disclosed and may be utilized. Recommendations: For D-Link DI-500WF version 17.04.10A1T, as a temporary workaround, consider restricting access to the `ip position.asp` file or disabling the `jhttpd` component until a patch is available. Avoid using the `ip` argument in the affected `ip position.asp` file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.