Kacper Szurek

**Name of the Vulnerable Software and Affected Versions** Microweber CMS versions 2.0.1 through 2.0.2 **Description** The issue is related to stored Cross Site Scripting (XSS) via the profile picture file upload functionality. This allows an attacker to inject malicious scripts into the website, potentially affecting user sessions and data. **Recommendations** For Microweber CMS versions 2.0.1 through 2.0.2, update to version 2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the profile picture file upload functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** RealFaviconGenerator Favicon Plugin versions up to 1.2.12 **Description** A problematic vulnerability has been found in the RealFaviconGenerator Favicon Plugin, affecting the `install new favicon` function of the file `admin/class-favicon-by-realfavicongenerator-admin.php`. This leads to cross-site request forgery and can be initiated remotely. **Recommendations** For RealFaviconGenerator Favicon Plugin versions up to 1.2.12, upgrade to version 1.2.13 to address this issue. As a temporary workaround, consider disabling the `install new favicon` function until the patch is applied. Restrict access to the `admin/class-favicon-by-realfavicongenerator-admin.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Viscosity version 1.6.7 **Description** A critical issue affects an unknown part of the component DLL Handler, leading to an untrusted search path. The manipulation can be initiated remotely. The issue has been disclosed publicly. **Recommendations** For Viscosity version 1.6.7, upgrade to version 1.6.8 to address this issue.

**Name of the Vulnerable Software and Affected Versions** IVPN Client version 2.6.6120.33863 **Description** A critical issue has been found in the IVPN Client, affecting an unknown functionality. The manipulation of the argument `--up cmd` leads to improper privilege management. This issue can be exploited locally. **Recommendations** For IVPN Client version 2.6.6120.33863, upgrade to version 2.6.2 to address this issue.

**Name of the Vulnerable Software and Affected Versions** ShadeYouVPN.com Client version 2.0.1.11 **Description** A problematic issue was found, leading to improper privilege management. Local access is required to approach this attack. The issue has been disclosed to the public. **Recommendations** For ShadeYouVPN.com Client version 2.0.1.11, upgrade to version 2.0.1.12 to address this issue.

Name of the Vulnerable Software and Affected Versions: ReadyNAS Surveillance versions 1.4.3-15-x86 and earlier ReadyNAS Surveillance versions 1.1.4-5-ARM and earlier Description: The issue affects certain NETGEAR devices, specifically due to a CSRF problem. Recommendations: For ReadyNAS Surveillance versions 1.4.3-15-x86 and earlier, update to a version later than 1.4.3-15-x86 to resolve the issue. For ReadyNAS Surveillance versions 1.1.4-5-ARM and earlier, update to a version later than 1.1.4-5-ARM to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP Marketplace plugin version 2.4.0 **Description** The issue allows remote authenticated users to create arbitrary users and gain admin privileges. This is achieved through the `ajaxinit` function in `wpmarketplace/libs/cart.php` by sending a request to "wpmp pp ajax call" with an execution target of `wp insert user`. **Recommendations** For WP Marketplace plugin version 2.4.0, consider disabling the `ajaxinit` function in `wpmarketplace/libs/cart.php` as a temporary workaround until a patch is available. Restrict access to the "wpmp pp ajax call" endpoint to minimize the risk of exploitation. Avoid using the `wp insert user` execution target in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WP Marketplace plugin versions prior to 2.4.1 **Description** The issue allows remote authenticated users to download arbitrary files. This is achieved by exploiting a directory traversal vulnerability in the `ajaxinit` function, specifically by using a .. (dot dot) in the `file` parameter. **Recommendations** For WP Marketplace plugin versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `ajaxinit` function in the cart.php file to minimize the risk of exploitation. Avoid using the `file` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GitList versions <= 0.6 **Description** The issue arises from incorrectly sanitized input being passed to a system function in the `searchTree` function, allowing execution of arbitrary code as the PHP user. This can be exploited by sending a POST request using the search form. **Recommendations** For GitList versions <= 0.6, update to version 0.7 or later to resolve the issue. As a temporary workaround, consider disabling the `searchTree` function until a patch is available. Restrict access to the search form to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: GitStack versions prior to 2.3.10 Description: An issue was discovered where user-controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the "rest/user/" endpoint using the `username` and `password` fields. Recommendations: For versions prior to 2.3.10, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the "rest/user/" endpoint to minimize the risk of exploitation. Avoid using the `username` and `password` fields in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** QNAP (affected versions not specified) **Description** The issue allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information without requiring any privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wordpress Duplicator plugin versions prior to 0.5.10 **Description** The issue allows remote authenticated users to create and download backup files, potentially leading to unauthorized access to sensitive data. **Recommendations** For versions prior to 0.5.10, update the Duplicator plugin to version 0.5.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine Desktop Central versions before 100092 **Description** The issue allows remote attackers to execute arbitrary code. This is achieved through vectors involving the upload of help desk videos. **Recommendations** For versions before 100092, update to build 100092 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions 1.2.19 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `return` parameter in the `manage custom field edit page.php` file. **Recommendations** For MantisBT versions 1.2.19 and earlier, update to a version later than 1.2.19 to resolve the issue. As a temporary workaround, consider restricting access to the `manage custom field edit page.php` file to minimize the risk of exploitation. Avoid using the `return` parameter in the affected page until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FreiChat version 9.6 **Description** The issue concerns a SQL injection vulnerability in the get messages function. This vulnerability allows remote attackers to execute arbitrary SQL commands via the `time` parameter to the "server/freichat.php" endpoint. **Recommendations** For FreiChat version 9.6, consider restricting access to the `get messages` function in server/plugins/chatroom/chatroom.php until a patch is available. Avoid using the `time` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Codoforum version 2.5.1 **Description** The issue concerns the sanitize function, which does not properly filter directory traversal sequences. This allows remote attackers to read arbitrary files by including a .. (dot dot) in the `path` parameter to "index.php". **Recommendations** For Codoforum version 2.5.1, consider restricting access to the sanitize function until a patch is available, or apply any available configuration changes that can mitigate directory traversal attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WonderPlugin Audio Player plugin version 2.0 and earlier **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the `item[name]` or `item[customcss]` parameter in a "wonderplugin audio save item" action to "/wp-admin/admin-ajax.php" or the `itemid` parameter in the "wonderplugin audio show item" or "wonderplugin audio edit item" page to "/wp-admin/admin.php". **Recommendations** For WonderPlugin Audio Player plugin version 2.0 and earlier, update to version 2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `wp ajax save item` function in wonderpluginaudio.php until a patch is available. Avoid using the `item[name]` and `item[customcss]` parameters in the affected API endpoint and the `itemid` parameter in the vulnerable pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WonderPlugin Audio Player plugin versions prior to 2.1 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands via the `item[id]` parameter in a `wonderplugin audio save item` action to `/wp-admin/admin-ajax.php` or remote administrators to execute arbitrary SQL commands via the `itemid` parameter in the `wonderplugin audio show item`, `wonderplugin audio show items`, or `wonderplugin audio edit item` page to `/wp-admin/admin.php`. **Recommendations** For WonderPlugin Audio Player plugin versions prior to 2.1, update to version 2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `/wp-admin/admin-ajax.php` and `/wp-admin/admin.php` API endpoints until the update is applied. Avoid using the `item[id]` and `itemid` parameters in the affected actions and pages until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MiniBB versions 3.1 before 20141127 **Description** The issue allows remote attackers to conduct SQL injection attacks. This is due to an incorrect regular expression used in the bb func unsub.php file. The vulnerability can be exploited via the `code` parameter in an unsubscribe action to "index.php". **Recommendations** For MiniBB version 3.1 before 20141127, update to a version released after 20141127 to resolve the issue. As a temporary workaround, consider restricting access to the "index.php" endpoint for unsubscribe actions until a patch is available. Avoid using the `code` parameter in the unsubscribe action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cart66 Lite plugin versions prior to 1.5.2 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `id` parameter in a `shortcode products table` action to the "/wp-admin/admin-ajax.php" API endpoint. **Recommendations** For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `shortcodeProductsTable` function in models/Cart66Ajax.php until a patch is available. Avoid using the `id` parameter in the affected API endpoint until the issue is resolved.