Ertuğrul Kuzgun

Name of the Vulnerable Software and Affected Versions: Reel Sektör Hazine ve Risk Yönetimi Yazılımı versions through 1.0.0.4 Description: Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability exists in Reel Sektör Hazine ve Risk Yönetimi Yazılımı, allowing SQL Injection. This is identified as CAPEC - 7 - Blind SQL Injection. Recommendations: Versions prior to 1.0.0.4 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Next4Biz CRM & BPM Software Business Process Management (BPM) versions 6.6.4.4 through 6.6.4.4 **Description** The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. **Recommendations** For versions 6.6.4.4, update to version 6.6.4.5 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Next4Biz CRM & BPM Software Business Process Management (BPM) versions 6.6.4.4 through 6.6.4.4 Description: The issue is related to improper control of generation of code, also known as 'Code Injection', which allows remote code inclusion. This can potentially lead to unauthorized access and execution of malicious code. Recommendations: For versions 6.6.4.4, update to version 6.6.4.5 or later to resolve the issue.