Dong-Jie Chen

**Name of the Vulnerable Software and Affected Versions** eAI Technologies ERP versions prior to F2 **Description** The software is susceptible to a DLL hijacking issue. Authenticated local attackers can exploit this by placing a crafted DLL file in the same directory as the program, which allows for arbitrary code execution. **Recommendations** Restrict access to the software and monitor for suspicious DLL files.

**Name of the Vulnerable Software and Affected Versions** Property Management System from ChanGate (affected versions not specified) **Description** The Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) (affected versions not specified) **Description** The email search interface of HGiga iSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this issue for Command Injection attacks. This enables the execution of arbitrary system commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) (affected versions not specified) **Description** The account management interface of HGiga iSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this issue to download arbitrary system files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga iSherlock versions (affected versions not specified) MailSherlock versions (affected versions not specified) SpamSherock versions (affected versions not specified) AuditSherlock versions (affected versions not specified) **Description** The system configuration interface of HGiga iSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this issue for Command Injection attacks, enabling execution of arbitrary system commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) (affected versions not specified) **Description** The system configuration interface of HGiga iSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this issue and download arbitrary system files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ArmorX Spam (affected versions not specified) **Description** The issue is related to insufficient validation for user input within a special function, allowing an unauthenticated remote attacker to inject arbitrary SQL commands and access, modify, or delete the database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MailSherlock (affected versions not specified) **Description** The issue is related to insufficient filtering for user input in the MailSherlock query function for connection logs. This allows an authenticated remote attacker with administrator privileges to inject and execute arbitrary system commands, potentially leading to disruption of service or performance of arbitrary system operations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga MailSherlock (affected versions not specified) **Description** The issue is related to insufficient filtering for user input in a specific function of HGiga MailSherlock. This allows an unauthenticated remote attacker to inject JavaScript, leading to a reflected XSS attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga MailSherlock (affected versions not specified) **Description** The issue is related to insufficient access control, allowing an unauthenticated remote user to access partial content of another user's mail. This can be achieved by modifying the `user ID` and `mail ID` within the URL. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MailSherlock (affected versions not specified) **Description** The issue is related to the lack of protection against SQL query structure exploitation in the email audit record platform. This can be exploited by a remote attacker to execute arbitrary SQL queries. An authenticated remote attacker with administrator privileges can inject SQL commands to read, modify, and delete the database due to insufficient validation of user input in the mail query function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga PowerStation (affected versions not specified) **Description** The issue is related to a lack of authentication for a critical function due to insufficient protection of service data, which can allow a remote attacker to gain unauthorized access to protected information, execute arbitrary code, or cause a denial of service. An unauthenticated remote attacker can exploit this to obtain the administrator's credential, which can then be used to login to PowerStation or Secure Shell to achieve remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OAKlouds Portal (affected versions not specified) **Description** The issue is related to insufficient validation for user input in the Meeting Room of the OAKlouds Portal website. This allows a remote attacker with general user privileges to perform SQL-injection attacks, which can result in accessing, modifying, or deleting the database, performing system operations, and disrupting the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.