Eren Türkay

**Name of the Vulnerable Software and Affected Versions** D-Link DCS-2121 camera version 1.04 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `Password` field, related to a semicolon injection. This occurs in the `recorder test.cgi` file. **Recommendations** For version 1.04, consider restricting access to the `recorder test.cgi` file until a patch is available. As a temporary workaround, avoid using shell metacharacters in the `Password` field to minimize the risk of exploitation.

[Content removed]

**Name of the Vulnerable Software and Affected Versions** Atlassian JIRA versions 3.12 through 4.1 **Description** The issue allows remote authenticated administrators to execute arbitrary code by modifying certain paths and then uploading a file. This has been exploited in the wild. **Recommendations** For versions 3.12 through 4.1, update to a version that contains a fix for this issue to prevent arbitrary code execution. As a temporary workaround, consider restricting file uploads and modifying the attachment, index, and backup paths to minimize the risk of exploitation.