Carl Livitt

**Name of the Vulnerable Software and Affected Versions** Imperva Web Application Firewall (WAF) versions prior to 2021-12-23 **Description** The issue allows remote unauthenticated attackers to use `Content-Encoding: gzip` to evade security controls and send malicious HTTP POST requests to web servers behind the WAF. **Recommendations** For versions prior to 2021-12-23, update to a version released after 2021-12-23 to resolve the issue. As a temporary workaround, consider restricting the use of `Content-Encoding: gzip` in HTTP requests until a patch is available.

**Name of the Vulnerable Software and Affected Versions** AsteriDex versions 3.0 and earlier **Description** The issue allows remote attackers to inject arbitrary shell commands via the `IN` and `OUT` parameters in the callboth.php file. **Recommendations** For AsteriDex versions 3.0 and earlier, consider restricting access to the callboth.php file until a patch is available. As a temporary workaround, avoid using the `IN` and `OUT` parameters in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SalesLogix version 6.1 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL statements via the `id` parameter in a view operation. **Recommendations** For SalesLogix version 6.1, avoid using the `id` parameter in view operations until a fix is available. As a temporary workaround, consider restricting access to the view operation to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SalesLogix version 6.1 **Description** The issue allows remote attackers to execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack. Additionally, it could allow attackers to obtain the database password via a GetConnection request to TCP port 1707. **Recommendations** For SalesLogix version 6.1, consider implementing authentication verification for sensitive operations to prevent unauthorized access. As a temporary workaround, restrict access to TCP port 1707 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SalesLogix version 6.1 **Description** A directory traversal issue allows remote attackers to upload arbitrary files by including a .. (dot dot) in a "ProcessQueueFile" request. **Recommendations** For SalesLogix version 6.1, consider restricting access to the ProcessQueueFile request to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SalesLogix version 6.1 **Description** The issue allows remote authenticated users to potentially create arbitrary files and execute code. This is achieved by using client-specified pathnames for writing certain files, specifically through the `vMME.AttachmentPath` or `vMME.LibraryPath` variables. **Recommendations** For SalesLogix version 6.1, consider restricting access to the `vMME.AttachmentPath` and `vMME.LibraryPath` variables to minimize the risk of exploitation. Additionally, limit the ability of remote authenticated users to write files to specific directories. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SalesLogix version 6.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, via an invalid HTTP request. This might also lead to the leakage of sensitive information in the `ErrorLogMsg` cookie. **Recommendations** For SalesLogix version 6.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SalesLogix version 6.1 **Description** The issue allows remote attackers to bypass authentication. This is achieved by modifying the `slxweb` cookie to set `user=Admin`, `teams=ADMIN!`, and `usertype=Administrator`. **Recommendations** For SalesLogix version 6.1, as a temporary workaround, consider restricting access to the authentication mechanism until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** plptools package (affected versions not specified) **Description** The issue concerns a format string vulnerability in the mpmain.c file for plpnfsd. This vulnerability allows remote attackers to execute arbitrary code through the functions (1) debuglog, (2) errorlog, and (3) infolog. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.