Ken

**Name of the Vulnerable Software and Affected Versions** Hyland OnBase versions prior to 18.0.0.33 and versions 19.x through 19.8.9.1000 **Description** An issue exists where directory traversal is possible, allowing writing to files. This is demonstrated through the `FileName` parameter. **Recommendations** For versions prior to 18.0.0.33, update to version 18.0.0.33 or later. For versions 19.x through 19.8.9.1000, update to a version later than 19.8.9.1000. As a temporary workaround, consider restricting access to the `FileName` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Hyland OnBase versions prior to 16.0.2.84 Hyland OnBase versions prior to 17.0.2.110 Hyland OnBase versions prior to 18.0.0.38 Hyland OnBase versions prior to 19.8.16.1001 Hyland OnBase versions prior to 20.3.10.1001 **Description** An issue exists in the software, allowing directory traversal for reading files. This is demonstrated by the `FileName` parameter. **Recommendations** For versions prior to 16.0.2.84, update to version 16.0.2.84 or later. For versions prior to 17.0.2.110, update to version 17.0.2.110 or later. For versions prior to 18.0.0.38, update to version 18.0.0.38 or later. For versions prior to 19.8.16.1001, update to version 19.8.16.1001 or later. For versions prior to 20.3.10.1001, update to version 20.3.10.1001 or later.

**Name of the Vulnerable Software and Affected Versions** Hyland OnBase versions 16.0.2.83 and below Hyland OnBase versions 17.0.2.109 and below Hyland OnBase versions 18.0.0.37 and below Hyland OnBase versions 19.8.16.1000 and below Hyland OnBase versions 20.3.10.1000 and below **Description** The issue allows SQL injection, as demonstrated by functions such as `TestConnection LocalOrLinkedServer`, `CreateFilterFriendlyView`, or `AddWorkViewLinkedServer`. This indicates a potential risk where an attacker could inject malicious SQL code to manipulate database queries. **Recommendations** For Hyland OnBase versions 16.0.2.83 and below, consider disabling the `TestConnection LocalOrLinkedServer`, `CreateFilterFriendlyView`, and `AddWorkViewLinkedServer` functions until a patch is available. For Hyland OnBase versions 17.0.2.109 and below, consider disabling the `TestConnection LocalOrLinkedServer`, `CreateFilterFriendlyView`, and `AddWorkViewLinkedServer` functions until a patch is available. For Hyland OnBase versions 18.0.0.37 and below, consider disabling the `TestConnection LocalOrLinkedServer`, `CreateFilterFriendlyView`, and `AddWorkViewLinkedServer` functions until a patch is available. For Hyland OnBase versions 19.8.16.1000 and below, consider disabling the `TestConnection LocalOrLinkedServer`, `CreateFilterFriendlyView`, and `AddWorkViewLinkedServer` functions until a patch is available. For Hyland OnBase versions 20.3.10.1000 and below, consider disabling the `TestConnection LocalOrLinkedServer`, `CreateFilterFriendlyView`, and `AddWorkViewLinkedServer` functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 12.0 Firefox ESR versions 10.x before 10.0.5 Thunderbird versions 5.0 through 12.0 Thunderbird ESR versions 10.x before 10.0.5 SeaMonkey versions prior to 2.10 **Description** The issue is related to the glBufferData function in the WebGL implementation, which does not properly mitigate a flaw in an NVIDIA driver. This allows remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions 4.x through 12.0, update to a version after 12.0. For Firefox ESR versions 10.x before 10.0.5, update to version 10.0.5 or later. For Thunderbird versions 5.0 through 12.0, update to a version after 12.0. For Thunderbird ESR versions 10.x before 10.0.5, update to version 10.0.5 or later. For SeaMonkey versions prior to 2.10, update to version 2.10 or later.

**Name of the Vulnerable Software and Affected Versions** Simple PHP Blog (affected versions not specified) **Description** The issue allows remote attackers to delete arbitrary files via the `comment` parameter in the "comment delete cgi.php" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.