Filippo Cavallarin

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14.6 Security Update versions prior to 2019-004 High Sierra Security Update versions prior to 2019-004 Sierra **Description** The issue allows an attacker to bypass Gatekeeper by extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker-controlled. This is achieved through files mounted through a network share. **Recommendations** For macOS versions prior to 10.14.6, update to macOS Mojave 10.14.6. For Security Update versions prior to 2019-004 High Sierra, apply Security Update 2019-004 High Sierra. For Security Update versions prior to 2019-004 Sierra, apply Security Update 2019-004 Sierra.

**Name of the Vulnerable Software and Affected Versions** PostfixAdmin version 2.3.4 **Description** The issue concerns multiple XSS vulnerabilities. **Recommendations** For PostfixAdmin version 2.3.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.1 **Description** The issue involves the `HelpViewer` component and allows remote attackers to inject arbitrary web script or HTML by bypassing the Same Origin Policy for quarantined HTML documents, which is a cross-site scripting (XSS) issue. **Recommendations** For macOS versions prior to 10.13.1, update to version 10.13.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `HelpViewer` component until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Postfix Admin versions prior to 2.3.5 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via the `pw` parameter to the `pacrypt` function when `mysql encrypt` is configured, or through unspecified vectors used in backup files generated by `backup.php`. **Recommendations** For versions prior to 2.3.5, update to version 2.3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `pacrypt` function and limiting the generation of backup files by `backup.php` until the update is applied. Avoid using the `pw` parameter in the `pacrypt` function when `mysql encrypt` is configured, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OSClass versions prior to 2.3.6 **Description** The issue allows remote attackers to read and write arbitrary files via a .. (dot dot) in the `type` parameter in combine.php. This can be leveraged to upload arbitrary files. **Recommendations** For versions prior to 2.3.6, update to version 2.3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the combine.php file to minimize the risk of exploitation. Avoid using the `type` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Mibew Messenger versions 1.6.4 and earlier **Description** The issue allows remote attackers to hijack the authentication of operators for requests that insert cross-site scripting (XSS) sequences. This can be achieved via the `address` or `threadid` parameters to "operator/ban.php", or the `geolinkparams`, `title`, or `chattitle` parameters to "operator/settings.php". **Recommendations** For Mibew Messenger versions 1.6.4 and earlier, consider disabling access to the "operator/ban.php" and "operator/settings.php" endpoints until a patch is available. Restrict the use of the `address`, `threadid`, `geolinkparams`, `title`, and `chattitle` parameters in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.