Jaggar Henry

**Name of the Vulnerable Software and Affected Versions** Checkmk NagVis component (affected versions not specified) **Description** The NagVis component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Checkmk (affected versions not specified) **Description** The issue concerns the "NagVis" component within Checkmk, which is susceptible to remote code execution. An authenticated attacker with administrative level privileges can upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** Attackers with a valid `username` and `password` can exploit a python code injection vulnerability during the natural login flow. This issue allows for the injection of malicious python code, potentially leading to unauthorized access or control. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open WebUI version 0.1.105 **Description** The issue allows attackers to craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page. This enables attackers to inject malicious scripts. **Recommendations** For Open WebUI version 0.1.105, patch immediately and validate user input to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** The issue allows attacker-controlled files to be uploaded to arbitrary locations on the web server's filesystem by exploiting a path traversal vulnerability. This enables potential unauthorized access and modification of sensitive data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Journyx (affected versions not specified) **Description** The issue arises from the generation of password reset tokens using an insecure source of randomness. This allows attackers who are aware of the username of the Journyx installation user to brute-force the password reset, ultimately changing the administrator password. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Journyx (affected versions not specified) **Description** The issue allows attackers to craft a malicious link that, when clicked, will execute arbitrary JavaScript in the context of the Journyx web application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** soap cgi.pyc (affected versions not specified) **Description** The issue allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources by including references to external entities in the XML body of SOAP requests to the "soap cgi.pyc" API handler. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VICIdial versions prior to 2.14-917a VICIdial version 2.14-917a **Description** An unauthenticated attacker can exploit a time-based SQL injection flaw in VICIdial to retrieve database records. The software, by default, stores credentials in plaintext within the database. An authenticated attacker with agent access can execute arbitrary shell commands as the root user. This root access can be chained with the SQL injection issue to further compromise the system. The vulnerability resides in the `VERM AJAX functions.php` script due to a lack of protection against SQL injection attacks. **Recommendations** VICIdial versions prior to 2.14-917a: Update to version 2.14-917a or later. VICIdial version 2.14-917a: Apply any available updates or patches to address the remote code execution issue.

**Name of the Vulnerable Software and Affected Versions** VICIdial (affected versions not specified) **Description** An authenticated attacker with agent access can execute arbitrary shell commands as the root user. This issue can be chained with another issue to execute arbitrary shell commands without authentication. The vulnerability relates to a lack of protection for the SQL query structure within the VERM AJAX functions.php script. Exploitation may allow a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artica Proxy (affected versions not specified) **Description** The issue allows services running and bound to the loopback interface on the Artica Proxy to be accessible through the proxy service. Specifically, the `tailon` service, which runs as the root user and listens on TCP port 7050, can be used to view the contents of any file on the Artica Proxy. Security issues related to exposing this network service are documented on gvalkov's `tailon` GitHub repository. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artica-Proxy (affected versions not specified) **Description** The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. A researcher has uncovered a severe flaw in the popular Artica Proxy appliance, leaving over 100,000 installations globally at risk. The bug could allow unauthenticated attackers to execute malicious code on affected servers. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Artica Proxy administrative web application version 4.50 **Description** The Artica Proxy administrative web application deserializes arbitrary PHP objects supplied by unauthenticated users, enabling code execution as the "www-data" user. The application attempts to prevent local file inclusion, but these protections can be bypassed, allowing arbitrary file requests supplied by unauthenticated users to be returned according to the privileges of the "www-data" user. **Recommendations** For version 4.50, consider disabling the deserialization of PHP objects until a patch is available. Restrict access to the administrative web application to minimize the risk of exploitation. Avoid using the application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** reconFTW versions prior to 2.7.1.1 **Description** A vulnerability has been identified in reconFTW where inadequate validation of retrieved subdomains may lead to a Remote Code Execution (RCE) attack. An attacker can exploit this vulnerability by crafting a malicious Content Security Policy (CSP) entry on its own domain. Successful exploitation can lead to the execution of arbitrary code within the context of the application, potentially compromising the system. **Recommendations** For versions prior to 2.7.1.1, upgrade to version 2.7.1.1 to address the issue. As a temporary workaround, consider restricting the use of the subdomain scanning feature until the upgrade is applied. Avoid using the tool for automated recon on untrusted domains until the issue is resolved.