Guy Hayou

**Name of the Vulnerable Software and Affected Versions** Enterprise Web Applications (affected versions not specified) **Description** The software contains a Server-Side Request Forgery (SSRF) flaw. This issue allows an attacker to potentially make requests on behalf of the server, potentially accessing internal resources or performing actions with the server's privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. (affected versions not specified) **Description** The software is susceptible to unrestricted file uploads of dangerous types. This allows for the potential execution of malicious code or compromise of system integrity through the upload and processing of crafted files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. (affected versions not specified) **Description** This issue involves improper neutralization of input during web page generation, potentially leading to Cross-Site Scripting (XSS). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. **Description** The issue involves Multiple XSS (CWE-79), which is a type of security vulnerability that allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or control. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. **Description** The issue is related to improper neutralization of special elements used in an SQL command, also known as SQL Injection. This allows an attacker to inject malicious SQL code, potentially leading to unauthorized access or modification of sensitive data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tecnick TCExam (affected versions not specified) **Description** The issue is related to Cross-site Scripting (XSS) due to improper neutralization of input during web page generation. This can lead to the execution of malicious scripts on the client-side. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tecnick TCExam (affected versions not specified) **Description** The issue is related to improper neutralization of special elements used in an SQL command, also known as SQL Injection. This occurs because special elements in an SQL command are not properly neutralized, allowing for potential exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VaeMendis (affected versions not specified) **Description** The issue is related to improper neutralization of input during web page generation, which can lead to cross-site scripting. This allows attackers to inject malicious scripts into web pages. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VaeMendis (affected versions not specified) **Description** The issue is related to Cross-Site Request Forgery (CSRF), which is a type of attack that tricks a user into performing unintended actions on a web application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VaeMendis (affected versions not specified) **Description** The issue concerns exposure of sensitive information to unauthorized actors, classified as CWE-200. This occurs when sensitive information is improperly exposed to individuals who should not have access to it. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 7Twenty (affected versions not specified) **Description** The issue is related to improper neutralization of input during web page generation, which can lead to cross-site scripting. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vantiva - MediaAccess DGA2232 version 19.4 **Description** The issue is related to improper neutralization of input during web page generation, which can lead to cross-site scripting. **Recommendations** For version 19.4, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Soundminer (affected versions not specified) **Description** The issue is related to improper limitation of a pathname to a restricted directory, also known as 'Path Traversal'. This is a type of security weakness that can allow an attacker to access files or directories that are outside the intended directory tree. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 7Twenty BOT (affected versions not specified) **Description** The issue is related to improper neutralization of input during web page generation, which can lead to cross-site scripting. This allows attackers to inject malicious scripts into web pages. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.