John Page

**Name of the Vulnerable Software and Affected Versions:** Mako Server versions 2.5 and 2.6 **Description:** An OS command injection vulnerability exists within the tutorial interface. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua `os.execute()` code to the `/examples/save.lsp` endpoint. This code is then persisted on disk and triggered via a subsequent GET request to `/examples/manage.lsp`, allowing remote command execution on the underlying operating system, impacting both Windows and Unix-based deployments. **Recommendations:** Mako Server version 2.5: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mako Server version 2.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM i versions 7.3, 7.4, and 7.5 **Description** The issue allows an authenticated attacker to bypass Navigator for i interface restrictions by sending a specially crafted request, enabling them to remotely perform operations that the user is not allowed to perform when using Navigator for i. **Recommendations** For IBM i versions 7.3, 7.4, and 7.5, consider restricting access to the Navigator for i interface until a patch is available. As a temporary workaround, consider disabling the interface or limiting its functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM i Access Client Solutions versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 **Description** The issue is related to incorrect session management in IBM i Access Client Solutions, which can allow an attacker to intercept a user's session and disclose protected NT LAN Manager (NTLM) hash information. If NTLM is enabled, the Windows operating system will attempt to authenticate using the current user's session, potentially allowing a hostile server to capture the NTLM hash information and obtain the user's credentials. This is achieved by modifying UNC capable paths within the ACS configuration files to point to a hostile server. **Recommendations** For IBM i Access Client Solutions versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4, consider disabling NTLM authentication or restricting access to UNC capable paths within the ACS configuration files to minimize the risk of exploitation. As a temporary workaround, avoid using NTLM authentication until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Contacts (affected versions not specified) **Description** The issue is related to insufficient input validation in the Windows Contacts component of Windows operating systems. This can be exploited by an attacker to execute arbitrary code using a specially crafted malicious file. The estimated number of potentially affected devices worldwide is not available. There have been real-world incidents where this issue was exploited. Technical details about exploitation include the use of a specially created malicious file to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WinGate version 9.4.1.5998 **Description** The issue allows local users to gain privileges by replacing an executable file with a Trojan horse due to insecure permissions for the installation directory. **Recommendations** For version 9.4.1.5998, consider restricting access to the installation directory to prevent local users from replacing executable files until a patch is available. As a temporary workaround, ensure that the directory permissions are set to prevent unauthorized modifications. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Avaya IP Office versions 9.x through 11.0.4.3 **Description** A sensitive information disclosure vulnerability was discovered in the web interface component of Avaya IP Office, potentially allowing a local user to gain unauthorized access to the component. This issue may lead to password disclosure. **Recommendations** For versions 9.x through 11.0.4.3, consider restricting access to the web interface component until a patch is available. As a temporary workaround, disabling the web interface component may help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CarbonFTP version 1.4 **Description** The issue concerns the use of insecure proprietary password encryption in CarbonFTP. Specifically, the software uses a hard-coded weak encryption key for local FTP server passwords, which is embedded directly in the binary. This poses a significant risk to the security of passwords stored by the application. **Recommendations** For CarbonFTP version 1.4, consider disabling the use of the proprietary password encryption mechanism until a secure alternative is implemented. Restrict access to the local FTP server to minimize the risk of exploitation. Avoid using the hard-coded encryption key for any sensitive data storage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Security 2019 version 15 **Description** The issue allows an attacker to execute arbitrary code, potentially gaining elevated privileges and tampering with protected services by preventing them from starting. This can be achieved by disabling the services. It is noted that an attacker must already have administrator privileges on the target machine to exploit this issue. **Recommendations** For Trend Micro Security 2019 version 15, consider restricting access to protected services to minimize the risk of exploitation until a fix is available. As a temporary workaround, avoid disabling or modifying protected services to prevent potential tampering. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Security versions 15 through 160 **Description** A Persistent Arbitrary Code Execution issue exists in the Trend Micro Security consumer family of products, potentially allowing an attacker to create a malicious program to escalate privileges and attain persistence on a vulnerable system. **Recommendations** For versions 15 through 160, update to a version that contains a fix for this issue to prevent potential exploitation. As a temporary workaround, consider restricting access to sensitive system components to minimize the risk of privilege escalation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below **Description** The issue allows an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. **Recommendations** For versions 1.62.0.1218 and below, update to a version above 1.62.0.1218 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MAPLE WBT SNMP Administrator version 2.0.195.15 **Description** The issue is related to an Unauthenticated Remote Buffer Overflow in SnmpAdm.exe. This can be triggered via a long string to the CE Remote feature listening on Port 987. **Recommendations** For MAPLE WBT SNMP Administrator version 2.0.195.15, as a temporary workaround, consider disabling the CE Remote feature listening on Port 987 until a patch is available. Restrict access to the SnmpAdm.exe to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hosting Controller HC10 version 10.14 **Description** The issue allows for an Invalid Pointer Write Denial of Service (DoS) in the HC.Server service. **Recommendations** For Hosting Controller HC10 version 10.14, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints (affected versions not specified) **Description** The issue is related to improper process resource handling in the system scanning component. This could allow a local attacker to disable the scanning functionality, enabling executable files to be launched without being analyzed for threats. An attacker could exploit this by gaining local access to a system running Microsoft Windows and executing a malicious file, preventing the scanning services from functioning properly and leaving the system unprotected from further intrusion. **Recommendations** For Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints, consider restricting local access to systems to minimize the risk of exploitation until a fix is available. As a temporary workaround, consider disabling the scanning component temporarily until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ServersCheck Monitoring Software versions prior to 14.3.4 **Description** The issue allows local users to cause a denial of service, resulting in menu functionality loss. This is achieved by creating an LNK file that points to a second LNK file associated with a Start menu. The root cause is a Directory Traversal bug via the `id` parameter in the `sensor details.html` file, enabling the creation of empty files in arbitrary directories. **Recommendations** For versions prior to 14.3.4, update to version 14.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `sensor details.html` file to minimize the risk of exploitation. Avoid using the `id` parameter in the `sensor details.html` file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** NoMachine versions prior to 5.3.27 NoMachine versions 6.x prior to 6.3.6 **Description** The issue allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file. This can be executed when the .nxs file and the DLL are in the current working directory. The directory could be on a local filesystem or a network share. **Recommendations** For NoMachine versions prior to 5.3.27, update to version 5.3.27 or later. For NoMachine versions 6.x prior to 6.3.6, update to version 6.3.6 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft SQL Server Management Studio (affected versions not specified) **Description** The issue is related to XML External Entity (XXE) errors, which can allow a remote attacker to disclose protected information using a specially crafted file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft SQL Server Management Studio (affected versions not specified) **Description** The issue is related to errors in XML link restrictions on external objects (XXE) in Microsoft SQL Server Management Studio. Exploitation of this issue may allow a remote attacker to disclose protected information using a specially crafted file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server Management Studio (affected versions not specified) Description: The issue is related to insufficient restriction of XML external entity (XXE) references in Microsoft SQL Server Management Studio. This could allow a remote attacker to disclose protected information by using a specially crafted XML file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Argus Surveillance DVR version 4.0.0.0 **Description** The issue allows unauthenticated directory traversal, resulting in file disclosure. This is achieved by using a ..%2F in the `RESULTPAGE` parameter of the "WEBACCOUNT.CGI" endpoint. **Recommendations** For Argus Surveillance DVR version 4.0.0.0, avoid using the `RESULTPAGE` parameter in the WEBACCOUNT.CGI endpoint until the issue is resolved. Consider restricting access to the WEBACCOUNT.CGI endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link Central WiFiManager CWM-100 version 1.03 r0098 **Description** The issue is related to the FTP service, which allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in a Server-Side Request Forgery (SSRF) attack. This can also lead to network port scanning and potentially enable a man-in-the-middle attack. The vulnerability is associated with incorrect security requirements of the FTP Server component. **Recommendations** For D-Link Central WiFiManager CWM-100 version 1.03 r0098, consider disabling the FTP service until a patch is available to prevent exploitation. Restrict access to port 8000 to minimize the risk of SSRF attacks.