Giulio Comi

**Name of the Vulnerable Software and Affected Versions** HTTPie versions prior to 1.0.3 **Description** The issue allows an attacker to perform an Open Redirect, enabling them to write an arbitrary file with a supplied filename and content to the current directory. This is achieved by redirecting a request from HTTP to a crafted URL pointing to a server under the attacker's control. **Recommendations** For versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Avaya Aura Orchestration Designer versions prior to 7.2.1 **Description** A CSRF issue in the Runtime Config component could allow an attacker to modify administrative settings, including adding, changing, or removing them. **Recommendations** For versions prior to 7.2.1, update to version 7.2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** RSA Archer versions 6.1.x through 6.3.x prior to 6.3.0.7 RSA Archer versions 6.4.x prior to 6.4.0.1 **Description** The issue allows a malicious user to potentially execute SQL commands on the back-end database to read certain data due to a SQL injection vulnerability in the WorkPoint component. **Recommendations** For RSA Archer versions 6.1.x through 6.3.x prior to 6.3.0.7, upgrade the embedded WorkPoint component to version 4.10.16. For RSA Archer versions 6.4.x prior to 6.4.0.1, upgrade the embedded WorkPoint component to version 4.10.16.

**Name of the Vulnerable Software and Affected Versions** D-Link DSL-3782 version V100R001B012 **Description** A flaw in the authentication mechanism of the Login Panel allows unauthenticated attackers to perform arbitrary modification to passwords and configurations while an administrator is logged into the web panel. This issue is related to deficiencies in the authentication procedure, which can be exploited by a remote attacker to bypass authentication and gain access to confidential information using a specially crafted request. **Recommendations** For D-Link DSL-3782 version V100R001B012, as a temporary workaround, consider restricting access to the Login Panel until a patch is available. Additionally, limit the use of the web panel to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Voting System version 1.0 **Description** A flaw in the profile section allows an unauthenticated user to set an arbitrary password for other accounts. **Recommendations** For Online Voting System version 1.0, as a temporary workaround, consider disabling the profile section until a patch is available. Restrict access to the profile management functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.