Igor Souza

**Name of the Vulnerable Software and Affected Versions** Serv-U version 15.4 **Description** A vulnerability has been identified that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. **Recommendations** For Serv-U version 15.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XFCE version 4.16 **Description** The issue allows attackers to execute arbitrary code because `xdg-open` can execute a `.desktop` file on an attacker-controlled FTP server. This is related to errors in security settings in the exo application library of the XFCE desktop environment. Exploitation of the issue may allow a remote attacker to execute arbitrary code using a specially crafted `.desktop` file. **Recommendations** For XFCE version 4.16, to prevent executing possibly malicious `.desktop` files from online sources, consider updating to a version where this issue has been addressed, which includes changes to prevent the execution of `.desktop` files from sources like `ftp://` or `http://`. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver Application Server Java (HTTP Service) versions 7.10 through 7.50 **Description** The issue arises from insufficient validation of logon groups in URLs, leading to a content spoofing issue when directory listing is enabled. **Recommendations** For versions 7.10 through 7.50, consider disabling directory listing to minimize the risk of exploitation. As a temporary workaround, restrict access to the HTTP Service until a patch is available.