Elhussain Fathy

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.29 **Description** Cacti is a performance and fault management framework. A flaw exists in the SNMP device configuration functionality due to insufficient input validation. An authenticated Cacti user can provide crafted SNMP community strings containing control characters, which are stored and used in backend SNMP operations. In environments where downstream SNMP tooling interprets these characters as command boundaries, this can lead to unintended command execution with the privileges of the Cacti process. **Recommendations** Update to Cacti version 1.2.29 or later.

Name of the Vulnerable Software and Affected Versions: SolarWinds Platform (affected versions not specified) Description: The issue is related to a race condition vulnerability affecting the web console of the SolarWinds Platform. It involves synchronization errors when using a shared resource. The vulnerability can be exploited by a remote attacker to perform a brute force attack. The vulnerable endpoint is "/Orion/Login.aspx". Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.