Guest

**Name of the Vulnerable Software and Affected Versions** Compuware iStrobe Web version 20.13 **Description** The software contains a pre-authentication remote code execution issue. Unauthenticated attackers can upload malicious JSP files through a path traversal flaw in the file upload form. Exploitation involves sending POST requests to the uploaded JSP endpoint, utilizing the `fileName` parameter to upload a web shell and execute arbitrary commands. **Recommendations** Apply updates to address the path traversal issue in the file upload form. Restrict access to the file upload functionality. Monitor network traffic for suspicious POST requests targeting the JSP endpoint.

**Name of the Vulnerable Software and Affected Versions** Novell Client versions 4.91 SP5 Novell Client 2 versions SP2, SP3 **Description** The issue is related to an integer overflow in kernel drivers, specifically NWFS.SYS and NCPL.SYS, which might allow local users to gain privileges. This can be achieved via a crafted 0x1439EB IOCTL call. **Recommendations** For Novell Client version 4.91 SP5, consider restricting access to the NWFS.SYS kernel driver until a patch is available. For Novell Client 2 versions SP2 and SP3, consider disabling the NCPL.SYS kernel driver as a temporary workaround to minimize the risk of exploitation.