Cyku

**Name of the Vulnerable Software and Affected Versions** aEnrich Technology a+HRD (affected versions not specified) **Description** The issue concerns a lack of proper restrictions on a specific parameter in the front-end retrieval of system configuration values. This allows attackers to modify the parameter and access certain sensitive system configuration values. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** a+HRD (affected versions not specified) **Description** The issue concerns the functionality for downloading files using youtube-dl.exe in a+HRD, which does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kaifa Technology WebITR (affected versions not specified) **Description** The file uploading function in Kaifa Technology WebITR does not restrict the upload of files with dangerous types. A remote attacker with regular user privileges can exploit this issue to upload arbitrary files, allowing them to perform arbitrary commands or disrupt the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kaifa Technology WebITR (affected versions not specified) **Description** The issue is related to the use of a hard-coded encryption key in the WebITR online attendance system. This allows an unauthenticated remote attacker to generate a valid token parameter and exploit the vulnerability to access the system with an arbitrary user account, including the administrator's account. The attacker can then execute the login account's permissions and obtain relevant information. The vulnerability can be exploited to elevate privileges to the level of an administrator. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kaifa Technology WebITR (affected versions not specified) **Description** The issue is related to insufficient validation for user input within a special function in Kaifa Technology WebITR, an online attendance system. This allows a remote attacker with regular user privilege to inject arbitrary SQL commands to read the database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kaifa Technology WebITR (affected versions not specified) **Description** The issue concerns Kaifa Technology WebITR, an online attendance system. A remote attacker with regular user privileges can obtain partial sensitive system information from an error message. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Galaxy Software Services Vitals ESP versions 3.0.8 through 6.2.0 **Description** The issue is related to the use of a hard-coded encryption key in Galaxy Software Services Vitals ESP. An unauthenticated remote attacker can generate a valid `token` parameter and exploit this to access the system, operate processes, and access data. **Recommendations** For versions 3.0.8 through 6.2.0, consider disabling the use of the hard-coded encryption key as a temporary workaround until a patch is available. Restrict access to sensitive processes and data to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HGiga iSherlock versions 4.5 before iSherlock-user-4.5-174 HGiga iSherlock versions 5.5 before iSherlock-user-5.5-174 **Description** The issue is related to an Improper Neutralization of Special Elements used in an OS Command, also known as 'OS Command Injection'. This allows OS Command Injection in HGiga iSherlock. **Recommendations** For HGiga iSherlock versions 4.5 before iSherlock-user-4.5-174, update to a version after iSherlock-user-4.5-174. For HGiga iSherlock versions 5.5 before iSherlock-user-5.5-174, update to a version after iSherlock-user-5.5-174.