Gionathan Reale

**Name of the Vulnerable Software and Affected Versions** Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 **Description** The issue allows for tweb/ft.php?u= attacks, which can lead to XSS attacks. **Recommendations** For Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14, as a temporary workaround, consider restricting access to the tweb/ft.php endpoint until a patch is available. Avoid using the `u` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GAT-Ship Web Module versions prior to 1.40 **Description** The issue allows authenticated attackers to upload any file type to the server via the "Documents" area, which is related to the "uploadDocFile.aspx" endpoint. **Recommendations** For versions prior to 1.40, update to version 1.40 or later to resolve the issue. As a temporary workaround, consider restricting access to the "uploadDocFile.aspx" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Uniqkey Password Manager version 1.14 **Description** A security issue was found where the login credentials and URL are sent in cleartext within a pop-up window. This pop-up appears when a user enters new credentials for a site not registered in the product, and it remains on any page the user visits until a decision is made. The code of this pop-up, identified by `id="uniqkey-password-popup"` and related to `password-popup/popup.html`, can be accessed by remote servers, potentially allowing malicious servers to obtain the sensitive information. **Recommendations** For Uniqkey Password Manager version 1.14, consider disabling the password saving feature temporarily until a fix is available to prevent the exposure of login credentials. Restrict access to the `password-popup/popup.html` module to minimize the risk of exploitation. Avoid using the affected pop-up window, identified by `id="uniqkey-password-popup"`, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Uniqkey Password Manager version 1.14 **Description** An issue was discovered in Uniqkey Password Manager where the code of a pop-up window can be read and manipulated by remote servers. This pop-up window appears when entering new credentials to an unregistered site, asking the user to save these credentials. The window remains on any page the user visits until a decision is made. A malicious web server can manipulate the pop-up, causing it not to appear and preventing users from securing their credentials. This issue is related to the elements `id="uniqkey-password-popup"` and `password-popup/popup.html`. **Recommendations** For Uniqkey Password Manager version 1.14, as a temporary workaround, consider disabling the pop-up window related to `id="uniqkey-password-popup"` and `password-popup/popup.html` until a patch is available. Restrict access to the `password-popup/popup.html` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Free MP3 CD Ripper version 2.6 **Description** The issue is a stack-based buffer overflow that occurs when converting a file, allowing remote attackers to execute arbitrary code via a crafted .mp3 file. This can be exploited with user assistance. **Recommendations** For Free MP3 CD Ripper version 2.6, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Free MP3 CD Ripper version 2.6 **Description** The issue is a stack-based buffer overflow that occurs when converting a file, allowing remote attackers to execute arbitrary code via a crafted .wma file. This can be exploited when a user assists the attack, such as by opening a malicious file. **Recommendations** For Free MP3 CD Ripper version 2.6, avoid converting .wma files from untrusted sources until a patch is available. As a temporary workaround, consider disabling the file conversion feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) **Description** The issue makes it easier for attackers to estimate whether a Word document contains a token, due to limited variation in size, metadata, and timestamp. **Recommendations** For Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01), at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PilusCart version 1.4.1 **Description** The issue allows for a CSRF attack via the "index.php?module=users&action=newUser" endpoint, potentially leading to the addition of a new user with administrator privileges. **Recommendations** For PilusCart version 1.4.1, as a temporary workaround, consider restricting access to the "index.php?module=users&action=newUser" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vembu StoreGrid version 4.4.x **Description** The issue concerns Vembu StoreGrid, where there is XSS in several PHP files, including interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php. **Recommendations** For Vembu StoreGrid version 4.4.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vembu StoreGrid version 4.4.x **Description** The issue concerns the server web interface of Vembu StoreGrid, where the front page leaks the private IP address. This leak occurs due to incorrect processing of an index.php trailing slash, which discloses the private IP address in the `ipaddress` hidden form value of the HTML source code. **Recommendations** For Vembu StoreGrid version 4.4.x, consider modifying the index.php page to correctly process trailing slashes and remove the disclosure of the private IP address in the `ipaddress` hidden form value. As a temporary workaround, restrict access to the server web interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WaveMaker Studio version 6.6 **Description** The issue in WaveMaker Studio arises from the mishandling of the `studioService.download` method, specifically with the `inUrl` parameter. This mishandling leads to the disclosure of local files and enables Server-Side Request Forgery (SSRF) attacks. SSRF occurs when an attacker can manipulate a server into making requests to internal or external resources, potentially leading to unauthorized access or information disclosure. **Recommendations** For WaveMaker Studio version 6.6, as a temporary workaround, consider restricting access to the `studioService.download` method, especially for the `inUrl` parameter, until a patch is available. Additionally, avoid using the `inUrl` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HAProxy package before 0.59 16 for pfSense **Description** The issue is related to Cross-Site Scripting (XSS) via the `desc` (also known as Description) or `table actionsaclN` parameter. This is connected to the files `haproxy listeners.php` and `haproxy listeners edit.php`. **Recommendations** For HAProxy package before 0.59 16 for pfSense, update to version 0.59 16 or later to resolve the issue. As a temporary workaround, consider restricting access to the `haproxy listeners.php` and `haproxy listeners edit.php` files to minimize the risk of exploitation. Avoid using the `desc` and `table actionsaclN` parameters in the affected API endpoints until the issue is resolved.