Code16

**Name of the Vulnerable Software and Affected Versions** Hex Rays Ida Pro version 6.6 **Description** A memory corruption issue allows attackers to cause a Denial of Service (DoS) via a crafted file. This issue is related to Data from Faulting Address controls subsequent Write Address starting at `msvcrt!memcpy+0x0000000000000056`. **Recommendations** For Hex Rays Ida Pro version 6.6, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Nagios XI version 5.7.2 Description: The issue allows an authenticated user to inject additional commands into a normal webapp query, resulting in a remote code execution (RCE) vulnerability. Recommendations: For Nagios XI version 5.7.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NagiosXI version 5.6.11 **Description** The issue allows an authenticated nagiosadmin user to inject additional commands into a request, potentially leading to remote code execution. The vendor disputes the actionability of the vulnerability due to omitted technical details, which may be disclosed at a later time through a subscription service. **Recommendations** For NagiosXI version 5.6.11, consider restricting access to authenticated users and limiting the ability to inject commands into requests as a temporary mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ActivePresenter version 6.1.6 Description: The issue is a memory corruption vulnerability that may result in a denial of service (DoS) or arbitrary code execution. Recommendations: For ActivePresenter version 6.1.6, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Support Incident Tracker (aka SiT! or SiTracker) version 3.67 p2 **Description** The issue allows post-authentication SQL injection via several parameters, including `typeid` or `site` in "site edit.php", `search title` in "search incidents advanced.php", or `criteriafield` in "report qbe.php". **Recommendations** For version 3.67 p2, consider disabling access to the vulnerable parameters `typeid`, `site`, `search title`, and `criteriafield` in the respective PHP files until a patch is available. Restrict access to the "site edit.php", "search incidents advanced.php", and "report qbe.php" endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zen Load Balancer version 3.10.1 **Description** The issue allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in certain parameters. Specifically, the parameters `cert issuer`, `cert division`, `cert organization`, `cert locality`, `cert state`, `cert country`, or `cert email` in the `index.cgi` are vulnerable. **Recommendations** For Zen Load Balancer version 3.10.1, consider restricting access to the `index.cgi` until a patch is available, and avoid using shell metacharacters in the `cert issuer`, `cert division`, `cert organization`, `cert locality`, `cert state`, `cert country`, or `cert email` parameters to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zen Load Balancer version 3.10.1 **Description** The issue allows remote authenticated administrators to conduct absolute path traversal attacks. This can be demonstrated by sending a request to the "index.cgi" endpoint with a `filelog` parameter set to `/etc/shadow`, allowing access to sensitive files. **Recommendations** For Zen Load Balancer version 3.10.1, consider restricting access to the `index.cgi` endpoint or limiting the `filelog` parameter to prevent path traversal attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Nagios XI version 5.6.11 **Description** The issue allows for cross-site scripting (XSS) attacks via the `theme` parameter in the "account/main.php" endpoint. This means an attacker could potentially inject malicious scripts into the website, affecting users who access the page. **Recommendations** For Nagios XI version 5.6.11, as a temporary workaround, consider restricting access to the "account/main.php" endpoint until a patch is available. Avoid using the `theme` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nagios XI version 5.6.11 **Description** The issue allows for XSS via the `password` parameter in the includes/components/ldap ad integration/ endpoint. **Recommendations** For Nagios XI version 5.6.11, avoid using the `password` parameter in the includes/components/ldap ad integration/ endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Artica Proxy version 4.26 **Description** The issue allows remote command execution for an authenticated user via shell metacharacters in the `hostname` field. This can be exploited by including shell metacharacters in the "Modify the hostname" field. **Recommendations** For Artica Proxy version 4.26, consider restricting access to the "Modify the hostname" field to prevent the inclusion of shell metacharacters until a patch is available. As a temporary workaround, validate and sanitize user input in the "Modify the hostname" field to prevent command execution.

**Name of the Vulnerable Software and Affected Versions** Nagios XI version 5.6.11 **Description** The issue allows for XSS via the `username` parameter in the includes/components/ldap ad integration/ endpoint. **Recommendations** For Nagios XI version 5.6.11, avoid using the `username` parameter in the affected endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the includes/components/ldap ad integration/ endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Centreon version 19.10 **Description** The issue allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the `server ip` field in JSON data in an "api/internal.php?object=centreon configuration remote" request. **Recommendations** For Centreon version 19.10, as a temporary workaround, consider restricting access to the "api/internal.php?object=centreon configuration remote" endpoint until a patch is available. Avoid using the `server ip` field in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dolibarr version 11.0 **Description** The issue allows for XSS attacks through the `joinfiles`, `topic`, or `code` parameter, or the HTTP Referer header. **Recommendations** For Dolibarr version 11.0, consider restricting access to the vulnerable parameters `joinfiles`, `topic`, and `code` to minimize the risk of exploitation. Additionally, restrict the use of the HTTP Referer header until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nagios XI version 5.6.9 **Description** The issue allows an authenticated user to execute arbitrary OS commands via shell metacharacters in the `id` parameter to "schedulereport.php", in the context of the web-server user account. **Recommendations** For Nagios XI version 5.6.9, avoid using the `id` parameter in the "schedulereport.php" endpoint until the issue is resolved. Consider restricting access to the schedulereport.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nagios XI version 5.6.9 **Description** The issue exists due to a cross-site scripting (XSS) flaw. This flaw can be exploited via the `nocscreenapi.php` `host`, `hostgroup`, or `servicegroup` parameter, or the `schedulereport.php` `hour` or `frequency` parameter. Any authenticated user can potentially attack the admin user. **Recommendations** For Nagios XI version 5.6.9, consider restricting access to the `nocscreenapi.php` and `schedulereport.php` scripts until a patch is available. As a temporary workaround, avoid using the `host`, `hostgroup`, `servicegroup`, `hour`, or `frequency` parameters in the affected scripts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LiquiFire OS version 4.8.0 **Description** The issue allows for Server-Side Request Forgery (SSRF) via the `call%3Durl` substring followed by a URL in square brackets. This can potentially be exploited by manipulating the URL to access internal resources or services. **Recommendations** For LiquiFire OS version 4.8.0, as a temporary workaround, consider restricting access to the `call%3Durl` substring to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Free Photo Viewer version 1.3 **Description** The issue allows remote attackers to execute arbitrary code via a crafted BMP and/or TIFF file that triggers a malformed SEH. **Recommendations** For Free Photo Viewer version 1.3, consider avoiding the use of crafted BMP and/or TIFF files until a patch is available. As a temporary workaround, restrict the opening of potentially malicious image files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Eximious Logo Designer version 3.82 **Description** The issue is related to a User Mode Write AV starting at ExiVectorRender!StrokeText Blend+0x00000000000003a7. **Recommendations** For Eximious Logo Designer version 3.82, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Eximious Logo Designer version 3.82 **Description** The issue is related to Heap Corruption, specifically starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a78. **Recommendations** For Eximious Logo Designer version 3.82, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Eximious Logo Designer version 3.82 **Description** The issue concerns a User Mode Write AV in Eximious Logo Designer, specifically starting at the `ExiCustomPathLib!ExiCustomPathLib::CGradientColorsProfile::BuildGradientColorsTable+0x0000000000000053` location. This indicates a problem with the `BuildGradientColorsTable` function within the `CGradientColorsProfile` class of the `ExiCustomPathLib` library. **Recommendations** For Eximious Logo Designer version 3.82, as a temporary workaround, consider disabling the `BuildGradientColorsTable` function until a patch is available. Restrict access to the `ExiCustomPathLib` library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.