Erpaciocco

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Outlook (affected versions not specified) **Description** A flaw exists in Microsoft Office Outlook that could allow an unauthorized attacker to perform spoofing over a network, potentially exposing sensitive information. This issue allows attackers to affect the system through spoofing techniques. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** eXtplorer version 2.1.14 **Description** eXtplorer version 2.1.14 contains an authentication bypass that allows attackers to log in without a password by manipulating the login request. Successful exploitation enables attackers to upload malicious PHP files and execute remote commands on the vulnerable file management system. The vulnerability is exploitable via manipulation of the login process. The affected API endpoint is the login function. The vulnerable parameter is the login request. **Recommendations** Apply a fix for eXtplorer version 2.1.14 to address the authentication bypass.

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word (affected versions not specified) **Description** The issue is related to a lack of protection for sensitive data in Microsoft Word, which can be exploited to disclose protected information. This allows an attacker to obtain sensitive information and potentially affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EVE-NG version 2.0.3-112 Community **Description** The issue is related to an arbitrary file upload vulnerability in the `apiImportLabs` function within `api labs.php`. This vulnerability allows attackers to execute arbitrary code by uploading a crafted UNL file. **Recommendations** For EVE-NG version 2.0.3-112 Community, consider disabling the `apiImportLabs` function in `api labs.php` as a temporary workaround to prevent exploitation until a patch is available. Restrict access to the `api labs.php` file to minimize the risk of arbitrary code execution. Avoid using the `apiImportLabs` function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Axios Italia Axios RE versions 1.7.0 through 7.0.0 **Description** The issue affects the Error Message Handler component, leading to information disclosure, specifically ASP.NET. The manipulation can be initiated remotely. **Recommendations** For versions 1.7.0 through 7.0.0, consider restricting access to the Error Message Handler component to minimize the risk of exploitation. As a temporary workaround, avoid using the Error Message Handler until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Axios Italia Axios RE versions 1.7.0 through 7.0.0 **Description** A critical issue was found in the Connection Handler component, specifically affecting the REDefault.aspx file. The manipulation of the `DBIDX` argument leads to privilege escalation. This issue can be exploited remotely. **Recommendations** For versions 1.7.0 through 7.0.0, consider restricting access to the Connection Handler component to minimize the risk of exploitation. As a temporary workaround, avoid using the `DBIDX` argument in the affected component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.