George Tsimpidas

**Name of the Vulnerable Software and Affected Versions** Liman version 0.7 **Description** The software contains a cross-site request forgery issue that allows attackers to manipulate user account settings without proper request validation. Attackers can create malicious HTML forms to change user passwords or modify account information by deceiving logged-in users into submitting unauthorized requests. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rockstar Games Launcher version 1.0.37.349 **Description** A privilege escalation issue allows authenticated users to modify the service executable due to weak permissions. An attacker can replace the 'RockstarService.exe' file with a malicious binary to create a new administrator user and obtain elevated system access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Battle.Net version 1.27.1.12428 Description: The issue arises from a weak set of permissions granted to the `Authenticated Users Group`, which allows an authenticated user to modify the existing executable file with a binary of their choice, effectively elevating privileges. This is due to the group being granted the `(F) Flag` aka `Full Control`. Recommendations: For Battle.Net version 1.27.1.12428, consider restricting the permissions granted to the `Authenticated Users Group` to prevent elevation of privileges, specifically removing the `(F) Flag` aka `Full Control` to mitigate the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Guild Wars 2 launcher version 106916 Description: The issue arises from improper permissions set on the Guild Wars 2 directory and its contents, allowing any authenticated user to modify files, including the Gw2-64.exe executable. This is due to the 'F' flag (Full Control) being set for the 'Everyone' group, making the directory and its files world-writable. Recommendations: For Guild Wars 2 launcher version 106916, consider restricting the permissions on the Guild Wars 2 directory and its contents to prevent unauthorized modifications, specifically removing the 'F' flag (Full Control) for the 'Everyone' group.

**Name of the Vulnerable Software and Affected Versions** Mara CMS version 7.5 **Description** The issue allows cross-site scripting (XSS) in contact.php via the `theme` or `pagetheme` parameters. This means an attacker could potentially inject malicious scripts into the website, affecting users who visit the compromised page. **Recommendations** For Mara CMS version 7.5, as a temporary workaround, consider restricting access to the contact.php page or disabling the `theme` and `pagetheme` parameters until a patch is available. Avoid using the `theme` and `pagetheme` parameters in the affected contact.php page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.