Dahmani Toumi

**Name of the Vulnerable Software and Affected Versions** WebinarIgnition versions prior to 4.08.253 **Description** WebinarIgnition contains an issue where improper neutralization of special elements used in an SQL command allows for Blind SQL Injection. Blind SQL Injection is a technique where an attacker asks the database true or false questions and determines the answer based on the application's response. **Recommendations** Update to version 4.08.253 or later.

**Name of the Vulnerable Software and Affected Versions** Mitel MiCollab versions through 9.8 SP2 (9.8.2.12) **Description** A vulnerability exists in the NuPoint Unified Messaging (NPM) component that could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations. **Recommendations** Update to a version later than 9.8 SP2 (9.8.2.12).