Dio Lin

**Name of the Vulnerable Software and Affected Versions** CAYIN Technology CMS (affected versions not specified) **Description** The issue concerns a lack of proper access control in the CAYIN Technology CMS, which allows unauthenticated remote attackers to download arbitrary CGI files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CAYIN Technology CMS (affected versions not specified) **Description** The issue concerns the specific CGI of the CAYIN Technology CMS, which fails to properly validate user input. This allows a remote attacker with administrator privileges to inject OS commands into a specific parameter and execute them on the remote server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wade Graphic Design FANTSY (affected versions not specified) **Description** The issue is related to an insufficient authorization check, allowing an unauthenticated remote user to exploit it by modifying URL parameters. This can lead to the user gaining administrator privileges, enabling them to perform arbitrary system operations or disrupt the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wade Graphic Design FANTSY (affected versions not specified) **Description** The issue is related to insufficient filtering for file type in the file update function. An authenticated remote attacker with general user privilege can exploit this to upload a PHP file containing a webshell, allowing for arbitrary system operation or service disruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga MailSherlock (affected versions not specified) **Description** The issue allows remote attackers to inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege. This can be done by manipulating the URL parameter, which is vulnerable to SQL injection attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga MailSherlock (affected versions not specified) **Description** The issue allows attackers to inject and launch SQL commands through a URL parameter, potentially leading to SQL Injection attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga MailSherlock (affected versions not specified) **Description** The issue is related to improper validation of specific parameters, allowing attackers to launch command inject attacks remotely and execute arbitrary commands on the system. This can be exploited to gain unauthorized access and control over the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga MailSherlock (affected versions not specified) **Description** The issue is related to a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga MailSherlock (affected versions not specified) **Description** The issue concerns a weak authentication flaw in HGiga MailSherlock, where attackers can grant privileges remotely due to a default password generation mechanism. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga MailSherlock (affected versions not specified) **Description** The issue concerns the function that views the source code in HGiga MailSherlock, which fails to validate specific characters. This flaw allows remote attackers to download arbitrary system files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga MailSherlock (affected versions not specified) **Description** The issue concerns a lack of proper validation for specific URL parameters, allowing attackers to inject JavaScript syntax and execute XSS attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga MailSherlock (affected versions not specified) **Description** The issue concerns the lack of validation for user parameters on multiple login pages, allowing attackers to inject JavaScript syntax for cross-site scripting (XSS) attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Atop Technology industrial 3G/4G gateway (affected versions not specified) **Description** The issue is related to a Command Injection vulnerability. It occurs due to insufficient input validation in the device's web management interface, allowing attackers to inject specific code and execute system commands without privilege. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.