Ewerson Guimaraes

**Name of the Vulnerable Software and Affected Versions** Up.Time Monitoring Station versions 7.4.0 (build 13) through 7.5.0 (build 16) **Description** An issue in post2file.php allows an attacker to upload arbitrary files, including .php files that can execute arbitrary OS commands. **Recommendations** For versions 7.4.0 (build 13) through 7.5.0 (build 16), consider restricting access to the post2file.php script until a fix is available. As a temporary workaround, disabling the execution of uploaded files can help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Technicolor Router TD5130 version 2.05.C29GV **Description** The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the `failrefer` parameter. This can be exploited by including a malicious URL in the `failrefer` parameter, potentially leading to phishing attacks. **Recommendations** For Technicolor Router TD5130 version 2.05.C29GV, as a temporary workaround, consider restricting access to the `failrefer` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Informix Dynamic Server (IDS) versions 11.50 before 11.50.xC9W2 IBM Informix Dynamic Server (IDS) versions 11.70 before 11.70.xC5 **Description** A stack-based buffer overflow issue allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement. **Recommendations** For IBM Informix Dynamic Server (IDS) versions 11.50 before 11.50.xC9W2, update to version 11.50.xC9W2 or later. For IBM Informix Dynamic Server (IDS) versions 11.70 before 11.70.xC5, update to version 11.70.xC5 or later.