Exodus Intelligence

**Name of the Vulnerable Software and Affected Versions** WatchGuard Fireware OS versions 11.11 through 11.12.4+541730 WatchGuard Fireware OS versions 12.0 through 12.11.4 WatchGuard Fireware OS versions 12.5 through 12.5.13 WatchGuard Fireware OS versions 2025.1 through 2025.1.2 **Description** A remote, unauthenticated attacker could potentially retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface due to an XPath Injection issue. This impacts Firebox systems with at least one authentication hotspot configured. The vulnerability involves the exploitation of XPath queries to access configuration data. The vulnerable component is the authentication or management web interface. **Recommendations** WatchGuard Fireware OS version 11.11 through 11.12.4+541730 should be updated. WatchGuard Fireware OS version 12.0 through 12.11.4 should be updated. WatchGuard Fireware OS version 12.5 through 12.5.13 should be updated. WatchGuard Fireware OS version 2025.1 through 2025.1.2 should be updated.

**Name of the Vulnerable Software and Affected Versions** Nagios XI versions prior to 2024R1.2 **Description** Nagios XI versions prior to 2024R1.2 have a command injection issue in the Docker Wizard. A lack of proper input validation allows a user with administrator privileges to inject shell metacharacters. This can lead to arbitrary command execution with the privileges of the Nagios XI web application user. The vulnerable component is the Docker Wizard, where user-supplied input is not sufficiently validated before being used in backend command invocations. **Recommendations** Update Nagios XI to version 2024R1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Nagios XI versions prior to 2024R1.2 **Description** The software contains a flaw due to insufficient validation of inbound NRDP (Nagios Remote Data Processor) request parameters. This allows crafted input to reach command execution paths, potentially enabling an attacker to execute arbitrary commands on the underlying host in the context of the web/Nagios service. The issue affects the NRDP server plugins. **Recommendations** Update to version 2024R1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Nagios XI versions prior to 2024R1.2 **Description** Nagios XI versions prior to 2024R1.2 have a privilege escalation issue related to how NagVis configuration data (specifically, `nagvis.conf`) is handled. An authenticated user may be able to gain higher-level access on the Nagios XI system by manipulating NagVis configuration data or exploiting inadequately validated configuration settings. **Recommendations** Update to version 2024R1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Webroot SecureAnywhere - Web Shield versions prior to 2.1.2.3 **Description** The issue is related to an Improper Check for Unusual or Exceptional Conditions vulnerability in the wrURL.Dll modules of Webroot SecureAnywhere - Web Shield, allowing Functionality Misuse. This vulnerability affects the Web Shield component on various platforms, including Windows, ARM, 64 bit, and 32 bit. **Recommendations** For versions prior to 2.1.2.3, update to version 2.1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the wrURL.Dll modules until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Webroot SecureAnywhere - Web Shield versions prior to 2.1.2.3 **Description** The issue is related to a 'Type Confusion' vulnerability in the wrUrl.Dll modules of Webroot SecureAnywhere - Web Shield, allowing functionality misuse. This vulnerability affects Webroot SecureAnywhere - Web Shield on various Windows systems, including ARM, 64-bit, and 32-bit architectures. **Recommendations** For versions prior to 2.1.2.3, update to version 2.1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the wrUrl.Dll modules until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Webroot SecureAnywhere - Web Shield versions prior to 2.1.2.3 **Description** The issue is related to a Type Confusion vulnerability in the wrUrl.Dll modules of Webroot SecureAnywhere - Web Shield, allowing functionality misuse. This vulnerability affects Webroot SecureAnywhere - Web Shield on Windows for ARM, 64-bit, and 32-bit systems. **Recommendations** For versions prior to 2.1.2.3, update to version 2.1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the wrUrl.Dll modules until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Softaculous Webuzo (affected versions not specified) **Description** The issue allows remote, anonymous attackers to exploit an authentication bypass vulnerability through the password reset functionality, potentially gaining full server access as the root user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Softaculous Webuzo (affected versions not specified) **Description** The issue is related to a command injection in the password reset functionality. A remote, authenticated attacker can exploit this to gain code execution on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Softaculous Webuzo (affected versions not specified) **Description** The issue is related to a command injection vulnerability in the FTP management functionality. This allows a remote, authenticated attacker to exploit the vulnerability and gain code execution on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Motorola MR2600 (affected versions not specified) **Description** An authentication bypass issue exists in the web component, allowing an attacker to access protected URLs and retrieve sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Motorola MR2600 (affected versions not specified) **Description** A command injection vulnerability exists in the `SaveStaticRouteIPv4Params` parameter. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however, it can be bypassed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Symantec Data Loss Prevention versions 14.0.2 and earlier **Description** A buffer overflow issue exists, allowing a remote, unauthenticated attacker to exploit it by enticing a user to open a crafted document, which can lead to code execution. **Recommendations** For Symantec Data Loss Prevention versions 14.0.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Motorola MR2600 (affected versions not specified) **Description** An arbitrary firmware upload issue exists, allowing an attacker to achieve code execution on the device. Although authentication is required, it can be bypassed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Motorola MR2600 (affected versions not specified) **Description** A command injection vulnerability exists in the `SaveStaticRouteIPv6Params` parameter. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however, it can be bypassed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Merge Healthcare eFilm Workstation (affected versions not specified) **Description** A buffer overflow exists in the license server of IBM Merge Healthcare eFilm Workstation. This issue can be exploited by a remote, unauthenticated attacker to achieve remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Symantec Messaging Gateway versions 9.5 and before **Description** A buffer overflow issue exists, allowing a remote, anonymous attacker to achieve remote code execution as root. **Recommendations** For Symantec Messaging Gateway versions 9.5 and before, update to a version that fixes this issue to prevent remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Merge Healthcare eFilm Workstation (affected versions not specified) **Description** An improper privilege management issue exists, allowing a local, authenticated attacker to escalate privileges to SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Merge Healthcare eFilm Workstation (affected versions not specified) **Description** A stack-based buffer overflow exists in the license server of IBM Merge Healthcare eFilm Workstation. This issue can be exploited by a remote, unauthenticated attacker to achieve remote code execution with SYSTEM privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Symantec Deployment Solution version 7.9 **Description** A buffer overflow vulnerability exists when parsing `UpdateComputer` tokens. A remote, anonymous attacker can exploit this issue to achieve remote code execution as SYSTEM. **Recommendations** For Symantec Deployment Solution version 7.9, update to a version that includes a fix for the buffer overflow vulnerability in the `UpdateComputer` token parsing mechanism. As a temporary workaround, consider restricting access to the `UpdateComputer` token parsing functionality until a patch is available.